Win 2003 won't load services neither lets me config the admin tools @ control panel

S

Starriol

Limp Gawd
Joined
Jan 3, 2006
Messages
191
Well, this is shocking :eek: . I discovered this by accident, because a scanner wasn't working.
The problem is that the scanner services don't work. How did I find out? Cause I can't enter to ANY service:
- Users and machines in active directory and all the administrative tools under the control panel (performance, services, license, etc etc etc. I translated these from spanish so be patient with the lousy translations guys :D !)
- Radmin and VNC don't work on this PC either... they work as services.
On VNC I get an "the key is not valid" when trying to connect, when I try to change it, I get an error that I interpret as a service that was not loaded.

Anyway, I don't know if this problem of not being able to configure the admin tools is the same that is causing some services not to load correctly, but I believe they are; they started at the same time.

Any ideas? I'm clueless :confused: !!!!
 
Ok, I'm seeing that when this happens (which is all the time, except when I JUST restarted the PC), I can't alter folder's permissions. That is, users permissions.

And also, both Hard disks show 0 MBs free & 0 used which is obviously impossible.

Please help me out, I'm, totally blown off balance with this problem :confused:
 
Obvious question: Have you done a virus scan?

While on the machine, can you run regedit from the command prompt? How about task manager?

Some viruses out there will completely disable access to the registry, task manager, etc (not sure about the services such as services.msc but it seems a logical extension). You might try a full virus scan in safe mode and take a look here for a tool that might help. It's helped me a few times. It's basically a VB script that inserts a change in the registry to turn back on access to those controls. You should be able to view it before running to check out the code.
 
Tried that script running windows 2003 in normal mode. It said registry edition has been DISABLED, so I figured it wasn't helping in this case, so I executed again, enabled them, restarted and nothing, same problem, after 4 minutes of running I can't enter to administrative tools.

So I ran microsoft malicious software removal tool, Spybot, Agitum Taurus Scan, the cleaner and found no trojans...
Some ppl suggested that it could be because of them... any ideas what could be making this happen? I even ran Hijack this.

Anyway, this is the log from Hijackthis just in case you can spot something weird:

Logfile of HijackThis v1.99.1
Scan saved at 01:26:45 p.m., on 25/09/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Administrador\Escritorio\Windows-KB890830-V1.20.exe
d:\300cb9d80e450f1cca\mrtstub.exe
D:\WINDOWS\system32\MRT.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Archivos de programa\WinRAR\WinRAR.exe
D:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.125\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Tau Monitor] D:\ARCHIV~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AWMON] "D:\Archivos de programa\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: No-IP DUC.lnk = D:\Archivos de programa\No-IP\DUC20.exe
O4 - Global Startup: Iniciar servicios de entrega.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ces
O17 - HKLM\Software\..\Telephony: DomainName = ces
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DF7B869-612E-475A-B812-7BFF93243047}: NameServer = 192.168.0.151
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ces
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - D:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Dds Scheduler Deamon (DdsSched) - RICOH Company Ltd. - D:\Archivos de programa\RDS\ddsschednt.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Archivos de programa\No-IP\DUC20.exe
O23 - Service: Ridoc Server Information Service (RsiSvc) - RICOH Company Ltd. - D:\Archivos de programa\RDS\RsiSvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - D:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: ScanRouterDriverV2 - Ricoh Co.,Ltd. - D:\Archivos de programa\RDS\srscandr.exe
O23 - Service: SOption - RICOH Company Ltd. - D:\Archivos de programa\RDS\SOption.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



I would really appreciate your help since this is happening to a critical server.

PS: the server is behind a D-link Dl-604 router and the server itself has no firewall.

Could this be part of the problem? I mean, I think the d-link should be enough to protect it...
 
Ok, let's see...I get this errors repeated like 10 times a minute, after a certain date. This are translated from spanish, so they might be some discrepances:

Error number 1058: Windows can't acces the file gpt.ini para GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ces. The file must be present in <\\ces\sysvol\ces\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The system can't file the specified file. ). The group directive process has been terminated.

Error number: 1030. Windows can't consult the list of the group directory objets. Check previous event log messeges .... etc

These 2 errors are everywhere from last month till today, several times per hour and sometimes 10 times a minute.

I'm searching info on this right now, any ideas appreciated.
 
OK guys, after installing Genie Backup Manager Server 6.0 on my own PC with Windows 2003, I discovered totally by chance that, after restarting, I started getting the same problems on my own PC.

After that, I eliminated that software from the server which was the reason of these posts and all works fine now.

I haven't checked yet if the problem is with all realeases of GBM 6.0 server, just this subversion (I mean, the numbers after 6... 6.12 for example) or perhaps (most probable) the source of my copy; it wans't from any trust worthy site.

I learned an important lesson... never install untested software on a critical server.
 
You must log in or register to reply here.
Back
Top