Ill try the startup-scan in my intance also.
In the eventlog I do have a few errors generated before it timesout from its hanging state.
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 22/02/2012 10:52:36 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PPCOW022.cloud.local
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-21T21:52:36.000000000Z" />
<EventRecordID>1449</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>PPCOW022.cloud</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 22/02/2012 10:51:21 AM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: PPCOW022.cloud.local
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-2537138084-603115122-2870846346-1147:
Process 616 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2537138084-603115122-2870846346-1147
Process 616 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2537138084-603115122-2870846346-1147
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-21T21:51:21.080030700Z" />
<EventRecordID>1436</EventRecordID>
<Correlation ActivityID="{848FAA0C-E003-0001-6687-C098E1F0CC01}" />
<Execution ProcessID="1060" ThreadID="3548" />
<Channel>Application</Channel>
<Computer>PPCOW022.cloud.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">2 user registry handles leaked from \Registry\User\S-1-5-21-2537138084-603115122-2870846346-1147:
Process 616 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2537138084-603115122-2870846346-1147
Process 616 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2537138084-603115122-2870846346-1147
</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 22/02/2012 10:41:06 AM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PPCOW022.cloud.local
Description:
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-21T21:41:06.000000000Z" />
<EventRecordID>2985</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>PPCOW022.cloud.local</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</Data>
</EventData>
</Event>
Have you got any similar events raised?
I'll need to look up that DCOM Guid (http://www.symantec.com/connect/forums/dcom-error)