I have a HP Proliant ML350 that will momentarily freeze up for about 15-20 seconds and then come back to life. We're not getting any events in the event viewer nor is it triggering any WMI event tags. It's one of our DCs and GCs.
Attached is our HiJackThis logfile.
I hope this is the right forum. I'm a newbie to this post, but am a 20 year industry professional.
Thanks.
Sky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:10 AM, on 11/7/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWallES\afterinstall\tomcat.exe
C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\WINDOWS\system32\cpqrcmc.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWallES\firebird\bin\fbguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\PROGRA~1\SONICW~1\MLFREP~1.EXE
C:\Program Files\SonicWallES\MlfAsgSmtp.exe
C:\PROGRA~1\SONICW~1\MLFTHU~1.EXE
C:\PROGRA~1\SONICW~1\MLFMON~1.EXE
C:\PROGRA~1\SONICW~1\MLFRSM~1.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\SonicWallES\pmta\bin\pmtawatch.exe
C:\Program Files\SonicWallES\pmta\bin\pmtad.exe
C:\PROGRA~1\POWERC~1\pcns.exe
C:\Program Files\jvm\bin\java.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE
C:\hp\hpsmh\bin\smhstart.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINDOWS\system32\sysdown.exe
C:\Program Files\SonicWallES\PluginDefault\av_kas\bin\40226\kavss.exe
C:\Program Files\SonicWallES\PluginDefault\av_kas\bin\40226\kavss.exe
C:\Program Files\SonicWallES\PluginDefault\av_kas\bin\40226\kavss.exe
C:\Program Files\SonicWallES\PluginDefault\av_kas\bin\40226\kavss.exe
C:\WINDOWS\TEMP\GT35F2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWallES\firebird\bin\fbserver.exe
c:\windows\tsi32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\NCU\cpqteam.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\WINDOWS\system32\CIMntfy\cimntfy.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
C:\Documents and Settings\Administrator.NATARE\Desktop\Sysinternals\Process explorer\procexp.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\windows\tsi32\tsircusr.exe
O4 - HKLM\..\Run: [CPQTEAM] "C:\Program Files\HP\NCU\cpqteam.exe"
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Bginfo.exe.lnk = C:\Documents and Settings\Administrator.NATARE\Desktop\Sysinternals\BGInfo\Bginfo.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O15 - ESC Trusted Zone: http://adaptec-tic.adaptec.com
O15 - ESC Trusted Zone: http://pcpitstop.invisionzone.com
O15 - ESC Trusted Zone: http://www.snapappliance.com
O15 - ESC Trusted Zone: http://clustersearch.support.veritas.com
O15 - ESC Trusted Zone: http://seer.support.veritas.com
O15 - ESC Trusted Zone: http://support.veritas.com
O15 - ESC Trusted Zone: http://www.veritas.com
O15 - ESC Trusted IP range: http://10.0.0.7
O15 - ESC Trusted IP range: http://10.0.0.10
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://natare-nt-02.natare.com/offices ... nNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://natare-nt-02.natare.com/offices ... /setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://natare-nt-02.natare.com/offices ... veCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6041060991
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0045434878
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = natare.com
O17 - HKLM\Software\..\Telephony: DomainName = natare.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB83A6D7-5A70-4A5E-AC5E-4A78A843BA47}: Domain = natare.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB83A6D7-5A70-4A5E-AC5E-4A78A843BA47}: NameServer = 10.0.0.5,10.0.0.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = natare.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = natare.com
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\SonicWallES\afterinstall\tomcat.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: HP Insight Event Notifier (CIMnotify) - Hewlett-Packard Company - C:\WINDOWS\system32\CIMntfy\cimntfy.exe
O23 - Service: HP Insight NIC Agents (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqrcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\SonicWallES\firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\SonicWallES\firebird\bin\fbserver.exe
O23 - Service: MlfASG Replicator (MlfASGReplicator) - Unknown owner - C:\PROGRA~1\SONICW~1\MLFREP~1.EXE
O23 - Service: MlfASG Gateway (MlfASGServer) - SonicWALL - C:\Program Files\SonicWallES\MlfAsgSmtp.exe
O23 - Service: MlfASG Updater (MlfASGThumb) - Unknown owner - C:\PROGRA~1\SONICW~1\MLFTHU~1.EXE
O23 - Service: MlfASG Monitor (MlfMonitorSvc) - Unknown owner - C:\PROGRA~1\SONICW~1\MLFMON~1.EXE
O23 - Service: Mlf Resource Monitor (MlfRSMonitor) - Unknown owner - C:\PROGRA~1\SONICW~1\MLFRSM~1.EXE
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: MlfMTA (PMTA) - Unknown owner - C:\Program Files\SonicWallES\pmta\bin\pmtawatch.exe
O23 - Service: PowerChute Network Shutdown (PowerChuteNetShut) - APC - C:\PROGRA~1\POWERC~1\pcns.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 10896 bytes