Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Momentary Freeze...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Momentary Freeze...

Unread postby candsnetworking » November 7th, 2007, 11:23 am

Hello,

I have a HP Proliant ML350 that will momentarily freeze up for about 15-20 seconds and then come back to life. We're not getting any events in the event viewer nor is it triggering any WMI event tags. It's one of our DCs and GCs.

Attached is our HiJackThis logfile.

I hope this is the right forum. I'm a newbie to this post, but am a 20 year industry professional.

Thanks.

Sky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:10 AM, on 11/7/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWallES\afterinstall\tomcat.exe
C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\WINDOWS\system32\cpqrcmc.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWallES\firebird\bin\fbguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\PROGRA~1\SONICW~1\MLFREP~1.EXE
C:\Program Files\SonicWallES\MlfAsgSmtp.exe
C:\PROGRA~1\SONICW~1\MLFTHU~1.EXE
C:\PROGRA~1\SONICW~1\MLFMON~1.EXE
C:\PROGRA~1\SONICW~1\MLFRSM~1.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\SonicWallES\pmta\bin\pmtawatch.exe
C:\Program Files\SonicWallES\pmta\bin\pmtad.exe
C:\PROGRA~1\POWERC~1\pcns.exe
C:\Program Files\jvm\bin\java.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINDOWS\system32\sysdown.exe
C:\Program Files\SonicWallES\PluginDefault\av_kas\bin\40226\kavss.exe
C:\Program Files\SonicWallES\PluginDefault\av_kas\bin\40226\kavss.exe
C:\Program Files\SonicWallES\PluginDefault\av_kas\bin\40226\kavss.exe
C:\Program Files\SonicWallES\PluginDefault\av_kas\bin\40226\kavss.exe
C:\WINDOWS\TEMP\GT35F2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWallES\firebird\bin\fbserver.exe
c:\windows\tsi32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\NCU\cpqteam.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\WINDOWS\system32\CIMntfy\cimntfy.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
C:\Documents and Settings\Administrator.NATARE\Desktop\Sysinternals\Process explorer\procexp.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\windows\tsi32\tsircusr.exe
O4 - HKLM\..\Run: [CPQTEAM] "C:\Program Files\HP\NCU\cpqteam.exe"
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Bginfo.exe.lnk = C:\Documents and Settings\Administrator.NATARE\Desktop\Sysinternals\BGInfo\Bginfo.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O15 - ESC Trusted Zone: http://adaptec-tic.adaptec.com
O15 - ESC Trusted Zone: http://pcpitstop.invisionzone.com
O15 - ESC Trusted Zone: http://www.snapappliance.com
O15 - ESC Trusted Zone: http://clustersearch.support.veritas.com
O15 - ESC Trusted Zone: http://seer.support.veritas.com
O15 - ESC Trusted Zone: http://support.veritas.com
O15 - ESC Trusted Zone: http://www.veritas.com
O15 - ESC Trusted IP range: http://10.0.0.7
O15 - ESC Trusted IP range: http://10.0.0.10
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://natare-nt-02.natare.com/offices ... nNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://natare-nt-02.natare.com/offices ... /setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://natare-nt-02.natare.com/offices ... veCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6041060991
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0045434878
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = natare.com
O17 - HKLM\Software\..\Telephony: DomainName = natare.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB83A6D7-5A70-4A5E-AC5E-4A78A843BA47}: Domain = natare.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB83A6D7-5A70-4A5E-AC5E-4A78A843BA47}: NameServer = 10.0.0.5,10.0.0.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = natare.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = natare.com
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\SonicWallES\afterinstall\tomcat.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: HP Insight Event Notifier (CIMnotify) - Hewlett-Packard Company - C:\WINDOWS\system32\CIMntfy\cimntfy.exe
O23 - Service: HP Insight NIC Agents (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqrcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\SonicWallES\firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\SonicWallES\firebird\bin\fbserver.exe
O23 - Service: MlfASG Replicator (MlfASGReplicator) - Unknown owner - C:\PROGRA~1\SONICW~1\MLFREP~1.EXE
O23 - Service: MlfASG Gateway (MlfASGServer) - SonicWALL - C:\Program Files\SonicWallES\MlfAsgSmtp.exe
O23 - Service: MlfASG Updater (MlfASGThumb) - Unknown owner - C:\PROGRA~1\SONICW~1\MLFTHU~1.EXE
O23 - Service: MlfASG Monitor (MlfMonitorSvc) - Unknown owner - C:\PROGRA~1\SONICW~1\MLFMON~1.EXE
O23 - Service: Mlf Resource Monitor (MlfRSMonitor) - Unknown owner - C:\PROGRA~1\SONICW~1\MLFRSM~1.EXE
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: MlfMTA (PMTA) - Unknown owner - C:\Program Files\SonicWallES\pmta\bin\pmtawatch.exe
O23 - Service: PowerChute Network Shutdown (PowerChuteNetShut) - APC - C:\PROGRA~1\POWERC~1\pcns.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 10896 bytes
candsnetworking
Active Member
 
Posts: 1
Joined: November 7th, 2007, 11:17 am
Location: Indianapolis, Indiana
Advertisement
Register to Remove

Re: Momentary Freeze...

Unread postby random/random » November 11th, 2007, 5:11 pm

candsnetworking,
Because of the special nature of the Win 2003 Server operating system, and the limitations of our tools, we will be unable to help with your machine, or give the advice you have requested.

This is a policy matter with us. Sorry we can't help.

random/random
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware