Joemt
asked on
SBS2003 - only 16 services running - cann not start any other services - errors
Client server sbs2003 when I boot the server I find only 16 services running. I see the event logs but cannot view anything. sharepoint
Any ideas on how to get these services running again? How to troubleshoot?
running servicces:
Dcom server
eset service
event log
Java quick starter
Monitoring sw
MSSql$sbsmonitoring
mssql$sharepoint
nod32 kernal service
ntlm security provider
Plug and play
qbcfmonitor service
quickbooksDB23
SBcore service
Sharepoint timer service
sql server browser
uninterruptible power supply
Any ideas on how to get these services running again? How to troubleshoot?
running servicces:
Dcom server
eset service
event log
Java quick starter
Monitoring sw
MSSql$sbsmonitoring
mssql$sharepoint
nod32 kernal service
ntlm security provider
Plug and play
qbcfmonitor service
quickbooksDB23
SBcore service
Sharepoint timer service
sql server browser
uninterruptible power supply
Lionel MM
It may be a user that has been mistakenly deleted, a user used to start these services although most should be using either SYSTEM or service specific users to run with. But I would check the users and make sure they all still exist and are still functioning with the proper permissions. Are you trying to view these with an Administrator account? Is there any indication that the system may have been hit with virus or malware? Worst case you may have to do a repair re-install of SBS.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am logged in as the administrator...I can access a jump drive and the backup drive (USB) if sbs2003 is booted to safe mode. But will not save or copy files.
I can see the event logs - In System things were fine and then
System Log: SAM event Id 12294 errors start streaming on 10-5. I can't get the details to open so I can only see the event's list.
Application log is missing all the log enteries until two days (7th) after the SAM errors started. I found that odd.
The microsoft safty utility would not run on the SBS2003.
Anyone have a suggestionas to the next step? This server is down in my office and I can't even get the quickbooks file for the customer off the hard drive.
I can see the event logs - In System things were fine and then
System Log: SAM event Id 12294 errors start streaming on 10-5. I can't get the details to open so I can only see the event's list.
Application log is missing all the log enteries until two days (7th) after the SAM errors started. I found that odd.
The microsoft safty utility would not run on the SBS2003.
Anyone have a suggestionas to the next step? This server is down in my office and I can't even get the quickbooks file for the customer off the hard drive.
ASKER
I believe this server is infected with the PhysicalDrive0_User_dat virus (rootkit?)
Does anyone know of a SW utility that will remove this on a RAID 10 sbs2003 server? Or can it be removed manually?
Thank you
Does anyone know of a SW utility that will remove this on a RAID 10 sbs2003 server? Or can it be removed manually?
Thank you
Yes, try what was in my post.
ASKER
Ok so once again I ran:
Rouge Killer - cleaned
TDSSkiller - Found nothing (except it listed sbscr.exe) Legit file
Microsoft program
- Tweek fails to run.
The server runs quicker...butI still have only 16 services running and I cannot start the rest.
Any ideas on how to get those services back up and running?
Rouge Killer - cleaned
TDSSkiller - Found nothing (except it listed sbscr.exe) Legit file
Microsoft program
- Tweek fails to run.
The server runs quicker...butI still have only 16 services running and I cannot start the rest.
Any ideas on how to get those services back up and running?
What error does the Tweaking.com All-In-One give you?
It uses Sysinternals PSExec to run as the system account and should run just fine.
It uses Sysinternals PSExec to run as the system account and should run just fine.
ASKER
Tweek error message:
Failed to load control lvbuttons_H From. Your version of may beoutdated. Make sure youare using the version of the control that was provided with your application.
That is the message I get.
SO I downloaded both the portable and standard tweek downloads. I did both 3 times on my laptop to jump drives. On extract never got the same amount of files. most of the time the exe was missing. I tried the direct location download and that seemed to work. Running now. I've had no problems downloading and running any other utility.
Now I have even less services running.
Anyone?
Failed to load control lvbuttons_H From. Your version of may beoutdated. Make sure youare using the version of the control that was provided with your application.
That is the message I get.
SO I downloaded both the portable and standard tweek downloads. I did both 3 times on my laptop to jump drives. On extract never got the same amount of files. most of the time the exe was missing. I tried the direct location download and that seemed to work. Running now. I've had no problems downloading and running any other utility.
Now I have even less services running.
Anyone?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ran the windows defender - offline - quick scan = nothing full scan found the following:
1, Monitoring tool\win32\spector
2, hack tool: win32\keydump
Deleted both. Now I'm back to tweek and currently checking system file check.
Ok...finished WD,
Ran the tweek file system check after reboot I could see a usb drive listed in "computer".
If I run the tweek repair (registry)...I loose being able to see a usb drive in computers. So I restore the last tweek registry point and I have the ability once again to see my jump drive listed up computers.
Running out of ideas.....still connot copy and paste. Only 11 services running.
1, Monitoring tool\win32\spector
2, hack tool: win32\keydump
Deleted both. Now I'm back to tweek and currently checking system file check.
Ok...finished WD,
Ran the tweek file system check after reboot I could see a usb drive listed in "computer".
If I run the tweek repair (registry)...I loose being able to see a usb drive in computers. So I restore the last tweek registry point and I have the ability once again to see my jump drive listed up computers.
Running out of ideas.....still connot copy and paste. Only 11 services running.