Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with Windows 2003 server ie6 and iis hang on start


  • Please log in to reply

#1
guiltyparty

guiltyparty

    New Member

  • Member
  • Pip
  • 6 posts
Several problems with this server;

w3wp.exe is using 50%+ of cpu all the time. This starts after IIS is accessed.
internet explorer 6 starts, but only to a blank page. If you type in an internet address it hangs up and never loads the page. It then uses 50% of cpu. Firefox does not have this issue.

We removed several instances of malware yesterday, but I bet there are more :whistling:

Here is the log:


Logfile of HijackThis v1.99.1
Scan saved at 1:22:49 PM, on 6/3/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
C:\WINDOWS\system32\serverappliance\appmgr.exe
C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\RDS.EXE
C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
C:\Program Files\CA\BrightStor ARCserve Backup\casmrtbk.exe
C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caloggerd.exe
C:\WINDOWS\system32\serverappliance\elementmgr.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\serverappliance\srvcsurg.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Mediasvr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\BrightStor ARCserve Backup\asalert.exe
C:\Program Files\CA\BrightStor ARCserve Backup\LDBServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caauthd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\LQServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\drwwebj.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\drwwebj.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\ADMINI~1.FAX\LOCALS~1\Temp\1\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hodges Badge Company
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ShutdownEventCheck] %systemroot%\system32\dumprep 0 -s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\drwwebj.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\system32\firewall.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1179887560124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1179887553625
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = faxserver.hodgesbadge.com
O17 - HKLM\Software\..\Telephony: DomainName = faxserver.hodgesbadge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{32D6B770-1E9B-46C6-8B16-B0CAC6DFF1F7}: NameServer = 192.168.2.143,192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{D00B55C5-9CE8-4F1B-9428-B4DA77AB9F34}: NameServer = 192.168.2.143,192.168.1.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = faxserver.hodgesbadge.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{32D6B770-1E9B-46C6-8B16-B0CAC6DFF1F7}: NameServer = 192.168.2.143,192.168.1.100
O20 - AppInit_DLLs: C:\WINDOWS\system32\ienwinw.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: CA BrightStor Database Engine (CASDBEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
O23 - Service: CA BrightStor Discovery Service (CASDiscoverySvc) - CA - C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
O23 - Service: CA BrightStor Job Engine (CASJobEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
O23 - Service: CA BrightStor Message Engine (CASMsgEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
O23 - Service: CA BrightStor Service Controller (CASSvcControlSvr) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
O23 - Service: CA BrightStor Tape Engine (CASTapeEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
O23 - Service: CA BrightStor Domain Server (CASUnivDomainSvr) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
O23 - Service: CA Remote Procedure Call Server (CATIRPC) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP