I have a Win2000 SP4 Exchange server and a few days ago , started to give this message "failed to initialize properly 0xc0000142" and the name of the service, CMD.EXE, AntStatsServ.exe , etc.
All this in the logon screen , and when i enter its the same...almost all services donīt start.
Sometimes the server dont show this errors, and it ran ok..not perfect but ok.
I ran a file virus and found IRC.MOCBOT and i remove it in safe mode, deleting the file only.
This is the Hijack log :
Logfile of HijackThis v1.99.1
Scan saved at 17:49:43, on 14-09-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
???????????????????????????????
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\PROGRA~1\Dell\OPENMA~1\oldiags\vendor\pcdoctor\bin\diagorb.exe
C:\PROGRA~1\Dell\OPENMA~1\oldiags\vendor\pcdoctor\bin\PCDRWDIA.EXE
C:\PROGRA~1\Dell\OPENMA~1\oldiags\vendor\pcdoctor\modules\PcDrCdDrive.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127982943687
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vintage.dns
O17 - HKLM\System\CCS\Services\Tcpip\..\{00732108-7040-45A6-98C7-5022D68F02AF}: Domain = vintage.dns
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE922CA-593A-4C8C-9251-8768B2B75254}: NameServer = 192.168.10.3,192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5014155-BAE9-4348-AB13-6FF77AC41EE3}: NameServer = 192.168.10.3,192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE46D9C5-81BC-44D1-8BF2-F0B833C0E2F3}: NameServer = 192.168.10.3,192.168.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vintage.dns
O17 - HKLM\System\CS1\Services\Tcpip\..\{00732108-7040-45A6-98C7-5022D68F02AF}: Domain = vintage.dns
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vintage.dns
O17 - HKLM\System\CS2\Services\Tcpip\..\{00732108-7040-45A6-98C7-5022D68F02AF}: Domain = vintage.dns
O23 - Service: Commtouch Anti-Spam Protection (AntiSpamSvc) - Commtouch - C:\Program Files\Commtouch\Gateway\Bin\AntiSpamSvc.exe
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Naming Service (BackupExecNamingService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benser.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Commtouch Anti-Spam Settings (CTCHSettings) - Commtouch - C:\Program Files\Commtouch\Gateway\Bin\SettingsSvc.exe
O23 - Service: Commtouch Anti-Spam Scheduler (CTSched) - Commtouch - C:\Program Files\Commtouch\Gateway\Bin\CTSched.exe
O23 - Service: Dell OpenManage Server Agent Event Monitor (dcevt32) - Dell Inc. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
O23 - Service: Dell OpenManage Server Agent (dcstor32) - Dell Inc. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: ExecView Communication Module (ECM) (ECM Service) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\ECM\ECM.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Secure Port Server (Server Administrator) - Unknown owner - %SystemDrive%\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe (file missing)
O23 - Service: Star Engine (StarEngineService_07) - Unknown owner - C:\Program Files\Sybari Software\Antigen for Exchange\Engines\x86\SpamCure\bin\StarEngine7.exe" "C:\Program Files\Sybari Software\Antigen for Exchange\Engines\x86\SpamCure\custom\Configuration.xml (file missing)
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
Can someone help me out plz??
Regards
Sign In
Create Account
