RPC Service caused an error

Status
Not open for further replies.
P

pablofg

Posts: 11   +0
Hi there,

I hope you can help me with this one, because I don't know what to do....

Since I last booted my computer, a new error showed up at the logon Windows, saying that RRservice caused and error "Memory Can't be "Read".
After loading I noticed that many programs didn't start and I found many services where not started and couldn't be started.

I changed the RPC Service to "local user" instead of "local service" and now many more services load.

However I can't start IE(freezes), Outlook, my fingerprint detector and some other services that I need to use keep saying that "authentication package is unknown".

I don't know what the reason can be as I lately installed / deinstalled different programs & clean utilities.

By the way, Mozilla works perfect.

Attached Hijackthis.txt.

Thanks in advance.
 
Hi there,

Thanks for quick answer. I didn't know there was a spanish version.

I have done all the steps suggested and found some traces of Vundo, and Rogue.Antivirus2008 (please see attached logs), but after removal, nothing changed. I attach the logs.

When trying to start services like workstation or Rasman, I get "authentication package is unknown". Many programs don't work and I believe that's because of services that depend on workstation or RAS or maybe some other services, can't be started.

For instance, when trying to remove programs windows installer hangs. I have to manualy start the Windows Installer service and then it works.

When I start msinfo32 and click on any branch on the left it shows nothing on the right.....

Any clues??
 
It's very difficult for me to read the logs, but I don't think you're out of the woods yet.

Download Combofix
Lots of info on its use h e r e
Direct download h e r e

Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log

Save this log file to be attached to a new reply

Also do another scan with HJT (scan and log file) and attach this to a new reply as well

Whilst waiting for my reply, you may want to re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove) I would do this ;)
 
Wonderfull news!
We are getting much closer.... Combofix, did a very good Job and now I can use explorer, outlook, etc.

I was checking at google and some other boards :eek: and to my surprise when i searched for my problems, most of them were talking about the symtomps of a removed trojan.vundo, so I believe that all my problems might have come from there or from cleaning tools that didn't remove everything properly.

I updated the definition files and run again Malwarebytes and nothing bad.

I still have several problems, like for instance, I can't use anymore Word as my editor in Outlook 2003. It says:

One or more activex controls could not be displayed because either:

1. your current security settings prohibit running activex
controls on this page, or
2. you have blocked a publisher of one of the controls.

on addition to that, the windows install service still needs to be started manually everytime I want to install something....

May this come from Combofix??

Any clue how to fix those problems??

Thanks in advance.
 
Hmm, why I have never been told about this site? The Admin looks to be good there too ;) (actually howmany Admins are there)
 
Hi again,

The windows installer tip worked very well and I can now un/install without any problem.

However, the irritating Outlook-word thing still doesn't work. After reseting, I still get the exact same error.

Any other tip anyone??

Thanks a lot.
 
Sorry for the missunderstanding. I meant after IE reseting.

I did the whole thing twice (it reset windows size, homepage,etc) and still the same.....
 
You may need to repair Office
Outlook is part of Office, whilst Outlook Express is part of Internet Explorer
 
pablofg said:
I still have several problems, like for instance, I can't use anymore Word as my editor in Outlook 2003. It says:

One or more activex controls could not be displayed because either:

1. your current security settings prohibit running activex
controls on this page, or
2. you have blocked a publisher of one of the controls.
Click to expand...

Do you want to save any data in mail? (hopefully not)

How To Remove your profile:

Control Panel-> Additional Options-> View 32-bit Control Panel Items-> Mail-> button Show Profiles…

Rename MSMAPI32.DLL to MSMAPI32.OLD

to find this file:

Start-->Run--> %CommonProgramFiles%\System\MSMAPI\1033

Then restart

Open Outlook, and set it up again
Test
 
Hi there,

I did it, (in my case was %CommonProgramFiles%System\MSMAPI\3082 and then some kind of installer started, replaced the missing file and everything is still the same.

I had the feeling that it has something to do with Outlook don't having granted the permits needed to access word or activeX or to start some services needed.
 
Nope, still the same error......

As I said, I believe that probably there is some permissions issue here.....but no clue how to fix it....

I uplgraded malwarebytes and to my surprise new vento definition were downloaded, but after scan, it didn't detect anything

Maybe combofix deactivated the virus but not completely.

Any idea about the permissions issue??
 
So I need to fully re-confirm the exact issue again
Also a picture tells a thousand words ;)
Outlook Word attachments will not automatically open in Word?
It just sounds like a security level in Outlook, or possibly even some rule defined
 
So the issue is that there are still some things that are not OK after combofix.

For instance, I need to have Word as the default Outlook editor, but when I try to reply any mail or create a new one, I get the following error message and it switches automatically to outlook's internal editor. (sorry it's in spanish, but the exact text in english was posted before). http://rapidshare.com/files/203744636/outlook_error.TIF.html

I believe it has something to do with outlook not having rights to start word or not having rights to start a service or some activeX code....

Any ideas anyone??

Thanks again kimsland.
 
Hi jobeard,

the issue is the following:

When I press reply on ANY email in Outlook 2003 (with or without attaches in it), it normally starts Word (but inside outlook) as the standard editor and you can start writting.
It has been working for me like this for ages but after the fixing it doesn't work. It doesn't matter if the email has an attach of any kind, it's the same for emails with ot without attach.

Hi there!

I managed to fix it!! (with * ehem* some help of course)

First, I checked all my services at http://www.blackviper.com/WinXP/servicecfg.htm and found some inconsistencies in the following ones:

SSDP Discovery Service
Indexing Service
Remote Access Connection Manager
DCOM Server Process Launcher (this one was stuck)

After that and following jobeard suggestion, I tried to open a word file inside an email-attach and I got this error: "This document could not be registered. It will not be possible to create links from other documents to this document."

To repair it, I found on Internet that you have to:

1. Choose Start > Run, enter Dcomcnfg and hit OK.

2. Find the entry for Word under Computers > My Computer > DCOM Config.

This entry might say “Microsoft Word Document”, “Word Document”, “Document”, or might just be the GUID for Winword.exe - in my case, it was the GUID {00020906-0000-0000-C000-000000000046}

3. Right-click on this entry and choose Properties.

4. Click on the Security tab

5. Under Access Permissions, if you currently have Customized access permissions, and you still need them, click on the “Edit” button, write down all the custom ones you have set. So you can reset them after the next step.

6. Now under Access Permissions, click “Use Default” and then the Apply Button. This will clear all the access permissions.

7. Now click “Customize” and the Edit button. Re-enter all the customized entries you wrote down in step #5 above.

However I just SET ALL to Default and worked for me.

Not sure what did what, but now everything is OK.

Thanks everyone for your help.

Pablo.
 
Yes, he was pointing at the right direction ;)

I believe all my problems came from a badly removed or unkown version from trojan.vundo.

The rest of issues after combofix probably came from DCOM service being stuck and unconfigured.

Thanks again everyone! :wave:
 
WOW! How you found the DCOM Setup is just wonder :wave: :grinthumb

IMO, thus saga shoutingly makes the point of the extreme complication of windows and the whole registry system and then it adds DCOM on top of that.

My my; and just think how stupid the Internet folks are to use just a mime type to specify which extension maps to the specific application :wink:
(for fun see this ref)
 
Status
Not open for further replies.

Similar threads

A
AT&T wireless service outage is impacting many US customers
Replies
8
Views
232
Mark Fuller
M
Daniel Sims
Over-the-air TV might soon receive interactive functionality similar to streaming
Replies
10
Views
120
HofyPC
H
Shawn Knight
HP rolls out monthly subscription service for "hassle-free" printing
Replies
22
Views
290
OortCloud
O

Latest posts

Back