Disable NetBios?

When I run tasklist ERROR: The RPC server is unavailable.

I wonder if RPC has been disabled on your PC…

Open the services console, scroll down until you find two entries for RPC. The first entry (Remote Procedure Call RPC), by default, should be started and running.

Whilst it’s quite possible to stop this service, problems similar to the one described above, may occur.

For now, start the service and try running tasklist /SVC

Did you check Process Explorer?

Toggie

Process Expl does not show anything at all for 2236!

Under Services Console, the first RPC was set to automatic and running, the second was set to manual. I “started” it, reran tasklist /svc, and still got the RPC error.

I found this out for one of the process 2236 entries:

Search results for: 192.168.1.97:1049

OrgName:    Internet Assigned Numbers Authority 
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   192.168.0.0 - 192.168.255.255 
CIDR:       192.168.0.0/16 
NetName:    IANA-CBLK1
NetHandle:  NET-192-168-0-0-1
Parent:     NET-192-0-0-0-0
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information.
Comment:    
RegDate:    1994-03-15
Updated:    2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number 
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number 
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org

# ARIN WHOIS database, last updated 2007-05-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

And this is the second 2236:

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 127.0.0.0 - 127.255.255.255
CIDR: 127.0.0.0/8
NetName: LOOPBACK
NetHandle: NET-127-0-0-0-1
Parent:
NetType: IANA Special Use
Comment: Please see RFC 3330 for additional information.
RegDate:
Updated: 2002-10-14

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

ARIN WHOIS database, last updated 2007-05-01 19:10

Enter ? for additional hints on searching ARIN’s WHOIS database.

I wonder if this is something to do with BellSouth NATting addresses?

The other service to check is DCOM. Use services again and make sure DCOM Server Process Launcher is running.

NetRange: 192.168.0.0 - 192.168.255.255

This range of addresses are known as a Reserved or Private address space. They are only used on private LAN’s, and are invalid Internet addresses.

I imagine your router is acting as a DHCP (Dynamic Host Configuration Protocol) server and is allocating an IP address from the 192.168… range.

NetRange: 127.0.0.0 - 127.255.255.255

Another Reserved address range. The address 127.0.0.1 referrers to ‘localhost’ or the PC you are currently using. It’s also used by many applications, as a way of performing diagnostics. you can read more about it here: Loopback - Wikipedia

This missing process may be something or may be nothing, it would just be nice to know…

Here are my “services” view, top half and bottom half:


http://img163.imageshack.us/img163/9901/servicesbottomak5.th.png


http://img163.imageshack.us/img163/3467/servicestopde1.th.png

You have been so helpful, I feel much more secure! And I love your new display pic!

Your services look fine.

I wonder if DCOM was disabled when you ran wwdc? Run the program again and make sure it’s enabled.

Once enabled try tasklist.

You have been so helpful, I feel much more secure! And I love your new display pic!

Thank you :slight_smile: We’re getting there.

Yes, DCOM was disabled by wwdc. I did that after researching and finding out that worms/trojans like to use port 135 to get access. All is actually running well now. For now, I have Comodo set to where I approve/deny every request in/out. My Lord, there are alot of cookies out there! And they come in flavors, too. LOL

If I deny something, and then have an issue, I just change the setting to accept it. I.E., my utility company will not let me log on if I do not accept the cookie. I think my main problem began when I was using Yahoo! Messenger with SweetIM & Smiley Central. Those two are the hardest thing I have EVER tried to remove. Hell, MBR viruses are not as much headache.

or now, I have Comodo set to where I approve/deny every request in/out.

You will continue to receive a great many prompts, unless you create specific rules for each of your applications. I have my Alert Frequency set to Very High, but I also have a great many application rules, so I hardly ever see a prompt.

I haven’t used Yahoo in years, I guess it’s changed a bit :slight_smile:

So are you content to leave it there, or do you wish to pursue this strange process?

Toggie

I’ve been just letting the prompts come in to get an idea of just what is coming into my computer. I started “allowing for session”, and now the ones don’t seem to do any harm I’ve been “remember to allow”. I had no idea how much was coming in, and now at least I’m getting an idea of what is harmful and what is probably not.

I am still not sure about the strange process, so I guess we’ll figure out what to do next.

Bear with me, I’ve worked a double yesterday and again today, so I am on and off here sporadically until Sunday.

No worries, just let me know when your ready to go :slight_smile:

Part of this was in another thread:

That didn’t work as far as setting the bootable drives, but I can access all my files in the other drive. I think my C: drive (first) is buggy, it runs really slow. So I am fully running on F:. Also, I installed Sandboxie and run my browser exclusively from there. I just have to manually retrieve downloads, but that is worth the added security.
After doing a fresh install on this drive and reinstalling my BellSouth software, if I disable NetBIOS (137,138,139) I cannot get my browser to connect. Not sure what I did different on the install. But I am at least virus/spyware free!
I also replaced AVG Anti-Spyware with PC Tools Spyware Doctor, since the trial ran out and I found myself unemployed until next week. LOL
Just wanted to let you know my status, since you were SO much help to me. You really made me more aware of security, and I will always thank you. Saved My Life