OK ok I know. Don’t do that on a production machine. but my PC was acting very slow and defrag was taking forever. So I went to the illegal side and download two pieces of software. ran the nod 32 patch and the perfectdisk. After the reboot, I went to the weird side. the pc allowed internet access but many functions stopped working.
I found out that rpc stopped working.
And yes the next 8 hours were horrible. So this is what I found out.
I first look at what the service is.
http://www.theeldergeek.com/remote_procedure_call_(rpc).htm
I had forgotten what rpc did but with sp2 its has become a critical com service
http://support.microsoft.com/?kbid=838428 rpc error but is for error 1058
http://answers.yahoo.com/question/index;_ylt=AhjdsnKd1bemgQSzlwHEeisjzKIX?qid=20061019151409AA8mAky
this was interesting that it was some spyware but I ran Ewido and i tried webroot but it would not work. I also ran nod32 nothing there. This was definitely the wrong answer to what was happening.
http://www.wilderssecurity.com/archive/index.php/t-36480.html
this site did not help with the links at the bottom
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21313102.html
this was interesting a reinstall after various look.
Microsoft Windows XP and Microsoft Windows 2000
Verify the ClientProtocols key exists under the HKEY_Local_Machine\Software\Microsoft\Rpc key and that the ClientProtocols key contains at least the following 5 default values:
• ncacn_http REG_SZ rpcrt4.dll
• ncacn_ip_tcp REG_SZ rpcrt4.dll
• ncacn_nb_tcp REG_SZ rpcrt4.dll
• ncacn_np REG_SZ rpcrt4.dll
• ncacn_ip_udp REG_SZ rpcrt4.dll
I added the entry that was not there but it’s still did not work.
It has been 8 hrs now doing searches and that’s enough for today.
A fresh look after two days and a day off work.
I decided to reinstall. I got my sp2 and I could not remember if i had to repair/not repair. Keep in mind that I do not have upgrade cd but a full blown sp2.
Mistake 1: doing a repair. thats what microsoft recommends and windows went into the loop
“Failed to install product catalog.”
it recommends deleting the catroot files. I first took out my wininternal cd and change it. It did not work. I read other web pages. I found that by pressing + . I get a command prompt and run various command prompt program
during the windows xp repair ceratin service were not working.
http://www.updatexp.com/support-files/cryptographic-service-error.pdf
I checked the dberr.txt and found that the cryptsvc service. I then noticed that the whole thing was because the rpc service problem might still be happening. I look at the dll in use for rpc, rpcss.dll. The upgrade showed the actual file. I checked the svchost file. Luckily I type the search incorrectly. I noticed the svchost file was not correct. So I start to figure how to copy the file. I read the cryptsvc file again. I redid my search. I found a file named svchost (no extension). I did a full search on svchost. The actual file was there also. So I had two files svchost and svchosts.exe. Microsoft had setup the rpc service with the incorrect entry in the services ” svchost -k rpcss.dll” while the cryptology service has it as “svchost.exe -k cryptsvc.dll”
So I renamed the file svchost to svchost.bad. Reboot my machine everything started working.
I finished the re-install. I should have seen this all and avoided the reinstall.
After starting again, my XP2 reinstall continued with more problems. Windows XP security stuff was all messed up. I noticed my ATI All-in-wonder catalyst program not working. This is the error I saw.
http://support.ati.com/ics/support/default.asp?deptID=894.
There were other items that were not working also. All relates to WMI issue. This is how I fixed it.
http://windowsxp.mvps.org/repairwmi.htm to fix wmi. I did the comprehensive rebuild method.
http://support.microsoft.com/kb/818464 to fix the security. this is four windows 2003 but it works also for windows XP.
There are svchost spyware but my reading indicates that this is something new.