# Server cannot connect to internet



## najib (Jan 6, 2013)

Hi All,

I have one dell server which is Dell PowerEdge 6950. The problem is this server cannot access to the internet connection. For your information, this server installed with Windows Server 2003 Enterprise Edition R2 SP2. Below are the steps have been performed but still fail:

1. Scan C drive. Right click > Properties > Tools > Check Now .
2. Run sfc /scannow. But this step is not completed properly because its prompt to insert a Windows Server 2003 Enterprise Edition R2 SP2 CD even Im using the same edition.
3. Disable one by one system startup application in msconfig.
4. Connect back to back from server to my own laptop.
5. Run dell diagnosis test through Dell Utility Tools. No hardware failure or error found.
6. Uninstall Anti-Virus
7. Using safe mode with networking. When in this mode, the server workings fine. But in normal mode, still has problem.
8. Run anti malware and hijack this. Below are the results

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:37:38 PM, on 1/4/2013
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\PROGRA~1\CSCOpx\bin\dmgtd.exe
C:\PROGRA~1\CSCOpx\bin\crmlog.exe
C:\PROGRA~1\CSCOpx\bin\crmrsh.exe
C:\PROGRA~1\CSCOpx\bin\crmtftp.exe
C:\PROGRA~1\INTERN~2\Server\bin\CWB_ipmStopper.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
C:\Program Files\HITACHI\DynamicLinkManager\bin\dlmmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HDS\Backup and Recovery\Base\cvd.exe
C:\Program Files\HDVM\HBaseAgent\agent\bin\hbsa_service.exe
C:\Program Files\Hitachi\HNTRLib2\bin\hntr2srv.exe
C:\Program Files\Hitachi\HNTRLib2\bin\hntr2mon.exe
C:\PROGRA~1\INTERN~2\Server\bin\CWB_ipmNameServ.exe
C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
C:\PROGRA~1\INTERN~2\vbroker\bin\osagent.exe
C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exe
C:\PROGRA~1\INTERN~2\jre\bin\javaw.exe
C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
C:\Program Files\WatchGuard\wsm10.2\postgresql\bin\pg_ctl.exe
C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
C:\Program Files\WatchGuard\wsm10.2\postgresql\bin\postgres.exe
C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\WatchGuard\wsm10.2\postgresql\bin\postgres.exe
C:\Program Files\WatchGuard\wsm10.2\postgresql\bin\postgres.exe
C:\Program Files\WatchGuard\wsm10.2\postgresql\bin\postgres.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\WatchGuard\wsm10.2\apache\bin\apache.exe
C:\Program Files\HDS\Backup and Recovery\Base\evmgrc.exe
C:\Program Files\WatchGuard\wsm10.2\apache\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CSCOpx\lib\vbroker\bin\osagent.exe
C:\WINDOWS\officeagent.exe
C:\PROGRA~1\CSCOpx\bin\perl.exe
C:\WINDOWS\system32\sysmnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://mail.jupk.gov.my/owa
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.134.73.5:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.134.73.5:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.134.73.5:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {4F3DCE50-E8E7-40AC-AB8D-99F87F1F89BD} (Trend Micro OfficeScan Management Console) - https://avs1:4343/officescan/console/html/root/AtxConsole.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1231297902552
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1290743867654
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://10.134.73.5:4343/officescan/console/html/root/AtxPie.cab
O16 - DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - http://kom1:1741/plugin/j2re-1_4_2_10-windows-i586-p_withvbj.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jupk.gov.my
O17 - HKLM\Software\..\Telephony: DomainName = jupk.gov.my
O17 - HKLM\System\CCS\Services\Tcpip\..\{79DA221E-5D42-4071-B409-A7FC41D785E0}: NameServer = 10.134.73.2,10.134.73.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AD2AC8F-7724-42B6-8785-5D1AA6A16E4B}: NameServer = 10.134.73.2,10.134.73.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jupk.gov.my
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CiscoWorks ANI database engine (ANIDbEngine) - iAnywhere Solutions, Inc. - C:\PROGRA~1\CSCOpx\objects\db\win32\dbsrv9.exe
O23 - Service: CiscoWorks Web Server (Apache) - Unknown owner - C:\PROGRA~1\CSCOpx\MDC\Apache\Apache.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: CWCS Cmf database engine (CmfDbEngine) - iAnywhere Solutions, Inc. - C:\PROGRA~1\CSCOpx\objects\db\win32\dbsrv9.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: CiscoWorks Daemon Manager (CRMDmgtd) - Cisco Systems - C:\PROGRA~1\CSCOpx\bin\dmgtd.exe
O23 - Service: CWCS syslog service (crmlog) - Cisco Systems - C:\PROGRA~1\CSCOpx\bin\crmlog.exe
O23 - Service: CWCS rsh/rcp service (crmrsh) - Cisco Systems - C:\PROGRA~1\CSCOpx\bin\crmrsh.exe
O23 - Service: CWCS tftp service (crmtftp) - Cisco Systems - C:\PROGRA~1\CSCOpx\bin\crmtftp.exe
O23 - Service: IPM Stopper (CWB_IPM_STOPPER) - Unknown owner - C:\PROGRA~1\INTERN~2\Server\bin\CWB_ipmStopper.exe
O23 - Service: DSM SA Event Manager (dcevt32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
O23 - Service: DSM SA Data Manager (dcstor32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
O23 - Service: DLMManager - Hitachi, Ltd. - C:\Program Files\HITACHI\DynamicLinkManager\bin\dlmmgr.exe
O23 - Service: DFM dfmEpm database engine (EPMDbEngine) - iAnywhere Solutions, Inc. - C:\PROGRA~1\CSCOpx\objects\db\win32\dbsrv9.exe
O23 - Service: DFM dfmFh database engine (FHDbEngine) - iAnywhere Solutions, Inc. - C:\PROGRA~1\CSCOpx\objects\db\win32\dbsrv9.exe
O23 - Service: Galaxy Communications Service (Instance001) (GxCVD(Instance001)) - CommVault Systems - C:\Program Files\HDS\Backup and Recovery\Base\cvd.exe
O23 - Service: Galaxy Client Event Manager (Instance001) (GxEvMgrC(Instance001)) - CommVault Systems - C:\Program Files\HDS\Backup and Recovery\Base\evmgrc.exe
O23 - Service: HBsA Service - Unknown owner - C:\Program Files\HDVM\HBaseAgent\agent\bin\hbsa_service.exe
O23 - Service: Hitachi Network Objectplaza Trace Monitor 2 (Hntr2Service) - Hitachi,Ltd. - C:\Program Files\Hitachi\HNTRLib2\bin\hntr2srv.exe
O23 - Service: DFM dfmInv database engine (INVDbEngine) - iAnywhere Solutions, Inc. - C:\PROGRA~1\CSCOpx\objects\db\win32\dbsrv9.exe
O23 - Service: IPM Aging Server (IpmAgingServer) - Unknown owner - C:\PROGRA~1\INTERN~2\Server\bin\CWB_ipmAgingServ.exe
O23 - Service: IPM DB Server (IpmDbEngine) - Unknown owner - C:\PROGRA~1\INTERN~2\Server\bin\CWB_ipmDbServ.exe
O23 - Service: IPM Naming Server (IpmOrb) - Unknown owner - C:\PROGRA~1\INTERN~2\Server\bin\CWB_ipmNameServ.exe
O23 - Service: IPM PM Server (IpmServer) - Unknown owner - C:\PROGRA~1\INTERN~2\Server\bin\CWB_ipmPmServ.exe
O23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
O23 - Service: DSM SA Shared Services (omsad) - Dell Inc. - C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
O23 - Service: ONC/RPC Portmapper (oncportmap) - Unknown owner - C:\Program Files\QLogic Corporation\SANsurfer\portmap.exe
O23 - Service: PostgreSQL-8.2 - PostgreSQL Global Development Group - C:/Program Files/WatchGuard/wsm10.2/postgresql/bin/pg_ctl.exe
O23 - Service: QLogic Management Suite Java Agent (QLManagementAgentJava) - Unknown owner - C:\PROGRA~1\QLOGIC~1\SANSUR~1\qlremote.exe
O23 - Service: CiscoWorks VisiBroker Smart Agent (RmeOrb) - Unknown owner - C:\PROGRA~1\CSCOpx\lib\vbroker\bin\osagent.exe
O23 - Service: DSM SA Connection Service (Server Administrator) - Unknown owner - C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
O23 - Service: CiscoWorks Tomcat Servlet Engine (Tomcat) - Alexandria Software Consulting - C:\PROGRA~1\CSCOpx\MDC\Tomcat\bin\tomcat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WatchGuard Log Collector (wlcollector_service) - WatchGuard Technologies, Inc. - C:\Program Files\WatchGuard\wsm10.2\wlcollector\bin\wlcollector.exe
O23 - Service: WatchGuard Log Server (wlogserver_service) - Apache Software Foundation - C:\Program Files\WatchGuard\wsm10.2\wlogserver\..\apache\bin\apache.exe
O23 - Service: WatchGuard Report Server (wrserver_service) - Apache Software Foundation - C:\Program Files\WatchGuard\wsm10.2\wrserver\..\apache\bin\apache.exe
O23 - Service: Office Service (W_OfficeService) - Unknown owner - C:\WINDOWS\OfficeService.exe

--
End of file - 11709 bytes

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.09.29.05

Windows Server 2003 Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: KOM1 [administrator]

1/4/2013 3:48:52 PM
mbam-log-2013-01-04 (15-48-52).txt

Scan type: Full scan (C:\|D:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323375
Time elapsed: 17 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Can anyone give me the solutions for this problem? Really appreciate it! Thanks!


----------



## peterh40 (Apr 15, 2007)

What does IPCONFIG /ALL tell you from the command line. In particular check IP, Mask, Gateway and DNS addresses.


----------



## najib (Jan 6, 2013)

Hi peter,

Thanks for your advise. But after i have checked all ipconfig, subnet mask, what steps to perform after that?


----------



## srhoades (May 15, 2003)

Can you ping the gateway? Are you getting an address DHCP or are you assigning it statically? Can you post the IPCONFI /all for us to see?


----------



## najib (Jan 6, 2013)

I can't ping gateway. Only can ping server's ip address. I'm assigning it statically.


----------



## najib (Jan 6, 2013)

Below ipconfig /all info

Windows IP configuration

Ethernet adapter Local Area Connection 6:
Media state........................................ : Media disconnected

Ethernet adapter Local Area Connection 5:

Connection-specific DNS suffix . :
IP Address............................. : xx.xxx.xx.x
Subnet mask...........................: 255.xxx.xxx.xxx
Default gateway.......................: xx.xxx.xx.xx


----------



## srhoades (May 15, 2003)

How are we supposed to help you if you mask your IP? The information you posted is useless to us.


----------



## peterh40 (Apr 15, 2007)

If you cannot ping the gateway that your static IP address assignment is wrong. You can check routing using the trace route command called 'tracert' and provide it with a IP or internet address to see where it is failing.


----------

