Solved

Windows Server 2003 SP2 Running Slow and Crashes on scheduled or repeated tasks.

Posted on 2009-05-06
3
887 Views
Last Modified: 2013-12-27
Hi All,

I currently have 3 servers running windows server 2003 SP2, they have been running fine for the last 6 months and all of the sudden they started to display the same issues.

There are other servers in the business with the same setup and tasks and they are working perfectly fine.

2 of these servers are running on a VMWare server and the other is just a normal server.

What the servers are running:
- a few batch programs that move files from one server to the other using Scheduled Task
- FTPShell script set up using Scheduled Task

Issues:
- the servers are a lot slower than normal.
- the scheduled tasks run twice and the whole system just lags like hell.
- when that happens, i try opening up scheduled task to see whats happening, but it never loads, My Computer is stuck on searching for items.
- pretty much can't run anything after this point.
- when i try to restart these servers, it takes forever, and just seems to get stuck at Logging off.

I have tried to run virus scans on all 3 servers using Malwarebytes, AVG, Norton Antivirus and didn't find any viruses.

Below is the HiJackThis log on one of the servers:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:27 PM, on 6/05/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\program files\ftpshell\ftpshell.exe
C:\program files\ftpshell\sleep.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\java.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smapp01/intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smapp01/intranet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.110.136.172:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3651843350-3876034987-3285502198-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'kfservnt')
O4 - HKUS\S-1-5-21-3651843350-3876034987-3285502198-1003\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'kfservnt')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Shortcut to CE.lnk = C:\Documents and Settings\Administrator.BLUECIRCLE\Desktop\CE.bat
O4 - Startup: Shortcut to CE2.lnk = C:\Documents and Settings\Administrator.BLUECIRCLE\Desktop\CE2.bat
O4 - Startup: Shortcut to CE3.lnk = C:\Documents and Settings\Administrator.BLUECIRCLE\Desktop\CE3.bat
O4 - Startup: Shortcut to CE4.lnk = C:\Documents and Settings\Administrator.BLUECIRCLE\Desktop\CE4.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://smapp01/intranet
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241585004807
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bluecircle.com.au
O17 - HKLM\Software\..\Telephony: DomainName = bluecircle.com.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FB072EF-64C9-4B90-A26E-619BF878D274}: NameServer = 192.100.100.46,192.100.100.34
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bluecircle.com.au
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: kfservnt - Unknown owner - C:\Dms\bin\kfservnt.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: VMware Descheduled Time Accounting Service (vmdesched) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmdesched.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 6163 bytes

Please help.
0
Comment
Question by:bluecirlce
3 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 500 total points
ID: 24327797
These processes are listed as unknown. If you do not know their source they can be removed. They are FTP related.
C:\program files\ftpshell\ftpshell.exe
C:\program files\ftpshell\sleep.exe
O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bluecircle.com.au
O17 - HKLM\Software\..\Telephony: DomainName = bluecircle.com.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bluecircle.com.au
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll
Your log file is clean other than that.
Have you checked Event Viewer on this system?
You might also try running SFC /SCANNOW or a Repair. SFC SCANNOW takes about fifteen minutes and a Repair about forty minutes.
Both require your OS CD.
SFC SCANNOW
Just insert your CD while holding down Shift to prevent autorun.
Release the Shift key after about ten seconds.
Then click Start and in the Run field type SFC /SCANNOW and select OK.
http://www.updatexp.com/scannow-sfc.html
Additionally, while a Repair may correct the issue it will require that you reinstall your most current Service Pack as well as the Hotfixes that accompany it.
If the problem is only under one log in the user profile could possibly be corrupt.
To test, log in as a different user. If the problem does not persist chances are the profile is bad. In that case, you may need to recreate the profile of the user that is experiencing the issue.

0
 

Expert Comment

by:dimitriz75
ID: 24338567
Please run a dxdiag from command prompt then "Save all Information" and post here.
0
 

Author Comment

by:bluecirlce
ID: 24341312
Hi All,

Just an update, i ddi the scan and repair, and looks like it has fixed the problem.

Still not sure what it was.

Fingers cross is stays stable.

Thanks
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This article describes how to use the timestamp of existing data in a database to allow Tableau to calculate the prior work day instead of relying on case statements or if statements to calculate the days of the week.
In our personal lives, we have well-designed consumer apps to delight us and make even the most complex transactions simple. Many enterprise applications, however, are a bit behind the times. For an enterprise app to be successful in today's tech wo…
This video shows how use content aware, what it’s used for, and when to use it over other tools.
This video will demonstrate how to find the puppet warp tool from the edit menu and where to put the points to edit.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now