RPC not working.

[Chris A. Boehm]

Rpc not working is just the beginning.
Cryptographic services not running.
Cannot start or stop services in services.msc msconfig, or even in the registry.
Cut and paste does not work,
Drag and drop does not work.
When windows are minimized they show up ABOVE the task bar.
Cannot send E-Mail
Cannot update windows.
In the task manager under processes no user names show up.
in the task manager under users -- it is blank.
Cannot log into safe mode as admin.
I started having this problem after my provider contacted me telling me I could not e-mail anymore do to my computer spamming.  I did their fixes, including installing and running MCafee.  Everything seemed to work fine, I could email again -- then I lost EXPLORER,  and the task bar.  I have those back now but would like to have control of my computer again.

Please Help.

I am running Windows XP Home w/ SP2.

[CharleyO]

***

I suggest that McAfee did not cure the problem. From what you have written, it is most likely that your computer was infested with at least one spambot.

Before McAfee, did you have any other av programs? How many av programs do you have now on your computer?

Please download HijackThis from the link below, run the program but do not make any fixes, and then post the log results using the "copy & paste" method. It will probably take more than one post to be able to get the complete log posted. OR, you can post it as an attachment to your post by clicking on "Additional Options..." below left of the posting box. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


***

[Chris A. Boehm]

Norton for a long time, then go rid of it so speed up my computer.
Then added.
Ccleaner
Ad- Aware
SpyBot Search and destroy.
Advanced Windows care pro

I can get the report from Hijack this but I cannot copy and paste.
is there something in particular that would help you diagnose this without copying and pasting?

Chris

[Lisandro]

Do you use avast?

Uninstall Norton:
1) Remove NAV through Add/Remove programs from Control Panel. Boot.
2) Use Norton Removal Tool for Windows 2000/XP/Vista. Boot.
3) Install avast! (or repair the installation) and boot.

Uninstall McAfee:
This article provides the steps to remove SecurityCenter from your computer.
http://ts.mcafeehelp.com/faq3.asp?docid=71525
Also for direct download: http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe
and http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe (2007)

If you need, you can find many free versions of these registry cleaners here:
http://www.snapfiles.com/Freeware/system/fwregtools.html

Sometimes, McAfee won't be completely removed if, before, you do not uninstall Avast, including the use of its "Uninstall Application" if necessary (www.avast.com/eng/faq-install-uninstall-avast.html).

[Chris A. Boehm]

Okay, I made sure McAfee was gone.
downloaded and ran Avast. -- Great virus checker.  Found some that all the others missed.  Unfortunately I knew about the ones it found, I already had them under control, but was impressed anyway.
Also downloaded and ran System Explorer 1.4

The only thing that I found here of any relevance was a secondary logon was starting, not started, but starting.  At this point I disabled it.  No change.

BTW something else that happens that may help someone troubleshoot this.  Sometimes at login, the computer does not recognize my password, other times it does.  When it does not, I have to manually shut down the computer.  When I push the power button, I get a message that others are logged onto the system.  No one else is logged in.

My thinking is that If I am actually not getting logged in properly, I do not have admin rights and cannot make changes to my services.

Remember -- Even in safe mode, I can not log in as admin.

[Lisandro]

I do not have admin rights

Is there any other user account with admin rights?

[Chris A. Boehm]

No other when I go into control panel user account.
Guest is disabled.
Asp.net is limited.

[CharleyO]

***

Chris -

Are you able to do a boot-time scan with avast?


***

[Chris A. Boehm]

Yes I did boot time scan from avast.
I can run most of my programs.
Again not all work correctly. I can receive e-mail, cannot send mail.
I use Corel Draw a lot.  I can run it and open files, but cannot move any of the drawings with the mouse,
printer does not work, scanner does not work, cut and paste does not work, drag and drop does not work.
One of the worst annoyances is the minimized windows go above the task bar.  Any windows open cover them. Makes switching programs a pain in the rear.
Chris

[Lisandro]

Please follow the common suggestions to be sure you're clean and post back the results.

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[REDACTED]

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:49:28 PM, on 5/6/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
C:\Users\Oldschool\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Oldschool\Downloads\HijackThis.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll
O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - C:\PROGRA~2\Spyware Terminator\STInternetGuard.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 9] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Oldschool\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Oldschool\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://apps.driversupport.com
O15 - Trusted Zone: http://www.iwon.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) - https://esisprod.k12.hi.us:7777/forms/jinitiator/jinit.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35d9a104-b2f9-4d3e-b6f6-04579361cb5b}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{35d9a104-b2f9-4d3e-b6f6-04579361cb5b}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 9 (AdvancedSystemCareService9) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iFunSoft Updater (iFunSoftUpdaterSvc) - iFunSoft - C:\Program Files (x86)\iFunSoft\iFunSoft Updater\iFunSoftUpdater.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: PTUML290 Connection Manager Service (ptumlcmsvc) - Unknown owner - C:\Windows\system32\ptumlcmsvc64.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: SuperBoost Software Updater (sgbupt) - SuperBoost Software - C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SMService - IObit - C:\Program Files (x86)\IObit\Classic Start\SMService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group, LLC - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11630 bytes

[Eddy]

djar, if you want help with something please start your own thread in the correct forum and provide details.
Also do not copy/paste the content of a log file file but attach it to your post.