Unable to launch Spybot or IE on our Small Business SERVER
One of our workstations was infected with various malware, including the braviax.exe process, etc. Got that cleaned up after numerous safe-mode configurations that actually allowed Spybot to run. Once it had cleaned once, all was well.
Trouble is, now the SERVER's exhibiting almost exactly the same symptoms, with the exception of the braviax.exe process. I can't launch Spybot or Internet Explorer and I can't boot in safemode as this is a live box.
Below is my HiJackThis log. Is there anything I can do?
Code:Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:26:45, on 23/07/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\termsrv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\system32\cba\pds.exe C:\WINNT\System32\llssrv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe C:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe C:\WINNT\system32\ntfrs.exe C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\locator.exe C:\WINNT\system32\r_server.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\wins.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\System32\dns.exe C:\WINNT\system32\ams_ii\hndlrsvc.exe C:\WINNT\system32\MsgSys.EXE C:\WINNT\system32\ams_ii\iao.exe C:\WINNT\system32\cba\xfr.exe C:\WINNT\System32\ismserv.exe C:\WINNT\System32\modemshr.exe C:\WINNT\System32\msdtc.exe D:\Program Files\Exchsrvr\bin\exmgmt.exe D:\Program Files\Exchsrvr\bin\mad.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe c:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe D:\Program Files\Exchsrvr\bin\store.exe D:\Program Files\Exchsrvr\bin\emsmta.exe C:\Program Files\McAfee\GroupShield Exchange\i386\AVExch32.exe C:\Program Files\McAfee\GroupShield Exchange\i386\odcmd.exe C:\WINNT\Explorer.EXE C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINNT\system32\atiptaxx.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\PFU\ScanSnap\PfuSsSct.exe C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe C:\Program Files\WinRoute Pro\wrctrl.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe C:\Program Files\PC DVR-4-Net\PC DVR-4-Net\PC DVR-4-Net.exe C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\rdpclip.exe C:\WINNT\Explorer.EXE C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\PFU\ScanSnap\PfuSsSct.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\WinRoute Pro\wrctrl.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: CardMinder Viewer.lnk = C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PC DVR-4-Net.lnk = C:\Program Files\PC DVR-4-Net\PC DVR-4-Net\PC DVR-4-Net.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164051388031 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CBAC-AIRCON.local O17 - HKLM\System\CCS\Services\Tcpip\..\{AB5431E8-87F9-44DC-B2DF-81627BE530AC}: NameServer = 192.168.15.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CBAC-AIRCON.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CBAC-AIRCON.local O23 - Service: Network Associates Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe O23 - Service: McAfee GroupShield Exchange (AVExch32Service) - Network Associates, Inc. - C:\Program Files\McAfee\GroupShield Exchange\i386\AVExch32.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe O23 - Service: Backup Exec Naming Service (BackupExecNamingService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benser.exe O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe O23 - Service: Systems Management Data Manager (dcstor32) - Unknown owner - C:\Temp\DSET\dataeng\bin\dcstor32.exe (file missing) O23 - Service: ExecView Communication Module (ECM) (ECM Service) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\ECM\ECM.exe O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing) O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINNT\system32\ams_ii\iao.exe O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.exe O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe -- End of file - 11580 bytes
Reply With Quote
