Windows Server 2003 SP2 Running Slow and Crashes on scheduled or repeated tasks.

#1 Nghia Dong

Nghia Dong

  • Members
  • 1 posts
  • Local time:08:57 PM

Posted 06 May 2009 - 07:34 PM

Hi All,

I currently have 3 servers running windows server 2003 SP2, they have been running fine for the last 6 months and all of the sudden they started to display the same issues.

There are other servers in the business with the same setup and tasks and they are working perfectly fine.

2 of these servers are running on a VMWare server and the other is just a normal server.

What the servers are running:
- a few batch programs that move files from one server to the other using Scheduled Task
- FTPShell script set up using Scheduled Task

- the servers are a lot slower than normal.
- the scheduled tasks run twice and the whole system just lags like hell.
- when that happens, i try opening up scheduled task to see whats happening, but it never loads, My Computer is stuck on searching for items.
- pretty much can't run anything after this point.
- when i try to restart these servers, it takes forever, and just seems to get stuck at Logging off.

I have tried to run virus scans on all 3 servers using Malwarebytes, AVG, Norton Antivirus and didn't find any viruses.

Below is the HiJackThis log on one of the servers:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:27 PM, on 6/05/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\program files\ftpshell\ftpshell.exe
C:\program files\ftpshell\sleep.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smapp01/intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smapp01/intranet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3651843350-3876034987-3285502198-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'kfservnt')
O4 - HKUS\S-1-5-21-3651843350-3876034987-3285502198-1003\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'kfservnt')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Shortcut to CE.lnk = C:\Documents and Settings\Administrator.BLUECIRCLE\Desktop\CE.bat
O4 - Startup: Shortcut to CE2.lnk = C:\Documents and Settings\Administrator.BLUECIRCLE\Desktop\CE2.bat
O4 - Startup: Shortcut to CE3.lnk = C:\Documents and Settings\Administrator.BLUECIRCLE\Desktop\CE3.bat
O4 - Startup: Shortcut to CE4.lnk = C:\Documents and Settings\Administrator.BLUECIRCLE\Desktop\CE4.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://smapp01/intranet
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1241585004807
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bluecircle.com.au
O17 - HKLM\Software\..\Telephony: DomainName = bluecircle.com.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FB072EF-64C9-4B90-A26E-619BF878D274}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bluecircle.com.au
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: kfservnt - Unknown owner - C:\Dms\bin\kfservnt.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: VMware Descheduled Time Accounting Service (vmdesched) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmdesched.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

End of file - 6163 bytes

Please help.

#2 bama_fan


  • Members
  • 113 posts
  • Gender:Male
  • Location:Alabama.RollTide
  • Local time:06:57 AM

Posted 07 May 2009 - 01:16 PM

anything useful from perfmon.....
