Win 2K intermittent freexes and 100% CPU usage

I've check the forums and nothing seems to fit.
I keep getting intermittent freezes and upon monitoring the CPU usage hits 100% at these times. The freezes generally only last a few seconds but it is iritating and probably is indicative of a larger issue. I checked my event log and it shows this entry:

Event Type: Warning
Event Source: WMI
Event Category: None
Event ID: 12103
Date: 10/13/2005
Time: 07:38:00
User: N/A
Computer: SILVERST-HMOFF
Description:
The registry path () passed by a kernel mode driver is invalid. The driver device object is in the additional data.
Data:
0000: 70 07 34 fb p.4û

I also ran HiJackThis and here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 10:23:40, on 10/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\PROGRA~1\ALURIA~1\AL_ADS~1.EXE
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\GEARSec.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
D:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\ups.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\WFXSVC.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\wfxsnt40.exe
D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Aluria Security Center\SecurityCenter.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
D:\Program Files\Now Software\Now Up-to-Date\NUDQDay.exe
D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.att.net/cgi-bin/mywn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/cgi-bin/mywn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.att.net/cgi-bin/mywn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/cgi-bin/mywn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Silverstar Entertainment Corp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe "
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Aluria Security Center] D:\Program Files\Aluria Security Center\SecurityCenter.exe /minimize
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINNT\is-9R5EF.exe" /REG
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = D:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: QuickDay.lnk = D:\Program Files\Now Software\Now Up-to-Date\NUDQDay.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - D:\Program Files\Active Whois\ieshow.exe
O9 - Extra 'Tools' menuitem: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - D:\Program Files\Active Whois\ieshow.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://my.att.net/cgi-bin/mywn
O14 - IERESET.INF: MS_START_PAGE_URL=http://my.att.net/cgi-bin/mywn
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c94be1f9c4d97a6d21/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122338815953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124253535500
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE8437CA-A438-47D1-880B-DCF808138895}: NameServer = 64.233.217.2,64.233.217.3
O23 - Service: AL_ADSService - Aluria Software, LLC - D:\PROGRA~1\ALURIA~1\AL_ADS~1.EXE
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - D:\Program Files\Aluria Security Center\ascserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINNT\system32\WFXSVC.EXE

I have run Norten AV scan, Spyware Eliminator scan, and Registry Mechanic. To no avail. Please help. Thank you

 

Your event log entry looks like a debug trace report (not sure exactly what triggered it) and is usually of no consequence unless you start seeing lots of them at the same time you are having a freeze and in that case, it's probably a by-product of whatever produced the freeze rather than a cause.

The HJT log indicates you are pretty clean. You might want to upgrade your Plaxo since the InstallStub.exe was replaced by PlaxoHelper.exe in the latest version.

If you have tried with the normal task manager to locate the culprit, try Process Explorer from www.sysinternals.com to see if that lets you capture the info. With the problem located we can probably help you cure it.

 

Here is the log from Process Explorer, again I want to thank you for your help.

Process PID CPU Description Company Name
System Idle Process 0 46.88
PQV2iSvc.exe 884 45.31 Service Module Symantec Corporation
GhostTray.exe 1592 7.81 Tray Application Symantec Corporation
zapro.exe 2196 ZoneAlarm Pro Zone Labs Inc.
WinMgmt.exe 1444 Windows Management Instrumentation Microsoft Corporation
WINLOGON.EXE 468 Windows NT Logon Application Microsoft Corporation
WFXSVC.EXE 1424 Symantec WinFax PRO NT Service Symantec Corporation
WFXSNT40.EXE 2148 Delrina Fax Port Launcher Microsoft Corporation
vsmon.exe 1368 TrueVector Service Zone Labs Inc.
ups.exe 1320 UPS Service Microsoft Corporation
System 8
symlcsvc.exe 1276 Symantec Core Component Symantec Corporation
svchost.exe 668 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 816 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1476 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1504 Generic Host Process for Win32 Services Microsoft Corporation
stisvc.exe 1216 Still Image Devices Monitor Microsoft Corporation
spoolsv.exe 692 Spooler SubSystem App Microsoft Corporation
SPBBCSvc.exe 1188 SPBBC Service Symantec Corporation
SNDSrvc.exe 1128 Network Driver Service Symantec Corporation
SMSS.EXE 356 Windows NT Session Manager Microsoft Corporation
SERVICES.EXE 496 Services and Controller app Microsoft Corporation
SecurityCenter. 1192 Aluria
ScannerFinder.e 2540 SDII MFC Application
savscan.exe 1044 AutoProtect Symantec Corporation
procexp.exe 2240 Sysinternals Process Explorer Sysinternals
PDVDServ.exe 1932 PowerDVD RC Service Cyberlink Corp.
nvsvc32.exe 988 NVIDIA Driver Helper Service, Version 43.45 NVIDIA Corporation
NUDQDay.exe 2412 Now Up-To-Date Quick Day Now Software
NPFMntor.exe 952 Norton AntiVirus Firewall Install Monitor Symantec Corporation
navapsvc.exe 860 Norton AntiVirus Auto-Protect Service Symantec Corporation
mstask.exe 1064 Task Scheduler Engine Microsoft Corporation
Mediadet.exe 1964 Disc Detector Creative Technology Ltd.
mainserv.exe 736 Battery backup management service American Power Conversion Corporation
LSASS.EXE 508 LSA Executable and Server DLL (Export Version) Microsoft Corporation
KbdTray.exe 2456
jusched.exe 2004 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
iTouch.exe 2008 iTouch Application Logitech Inc.
Interrupts n/a Hardware Interrupts
InstallStub.exe 2480 Enables Plaxo to integrate securely with Outlook Express Plaxo, Inc.
IEXPLORE.EXE 1588 Internet Explorer Microsoft Corporation
gearsec.exe 840 gearsec GEAR Software
explorer.exe 2308 Windows Explorer Microsoft Corporation
EM_EXEC.EXE 2100 Control Center Logitech Inc.
DPCs n/a Deferred Procedure Calls
CTsvcCDA.EXE 800 Creative Service for CDROM Access Creative Technology Ltd
CTNotify.exe 744 Disc Detector Creative Technology Ltd.
CTHELPER.EXE 2028 CtHelper Application Creative Technology Ltd
CTFMON.EXE 1720 Cicero Loader Microsoft Corporation
CSRSS.EXE 448 Client Server Runtime Process Microsoft Corporation
CCSETMGR.EXE 784 Symantec Settings Manager Service Symantec Corporation
CCEVTMGR.EXE 1492 Symantec Event Manager Service Symantec Corporation
CCAPP.EXE 2032 Symantec User Session Symantec Corporation
apcsystray.exe 2492 PowerChute system tray power icon American Power Conversion Corporation
AL_ADS~1.EXE 720 Aluria, Active Defense Shield, Service Aluria Software, LLC
acrotray.exe 2384 AcroTray Adobe Systems Inc.

Process: <Non-existent Process> Pid: -2

Type Name



Well I did have it nicely formatted for you. Sorry.

 

Also this might be useful; Even though this is mostly intermitent, I can get the freeze to occur every time I load this webpage: http://www.stmichaelroc.org/st_michael__menu.htm , there is a psudo streamed mp3 for background music. It does not always happen on other pages even from this same site with streamed media.

 

Thank you for the help, as it turns out it must have been a Microsoft thing I read the above post on the Windows 2000 Update rollup, DL'd and installed it and that appears to have resolved the issue.

Again thank you for all the help, the utilities you directed me to have shown me some things I can do to gain back some resources, and that is worth its weight in gold.


Sub-Deacon William

 

Glad you pinned it down. Sorry it took so long to get back to your thread but I've been in security patch purgatory for the past several days.