Delay in accessing Internet, CPU @ 100%

  LeighB 23:14 02 Nov 2004

When I connect to the Internet I find that I cannot view a webpage or access e-mail for up to 5 mins or so. During this time Task manager shows that the CPU is at 100%. 90 - 95 % of this is process SVCHOST.EXE NETWORK SERVICES (there are 3 other instances of SVCHOST.EXE , local services and 2 which just say system) When my Home Page (Google) finally appears the SVCHOST usage drops to 0, and overall CPU to around 10%. I have run various anti spyware programs and found nothing untoward.
Any Ideas please, as it is very irritating!! Incidentally the delay time seems to be slowly increasing on average, although it is variable.

  Nellie2 23:49 02 Nov 2004

SVCHOST.EXE is a legitimate process click here

High CPU usage always makes me think trojan.. although it might not be! Download the trial version of Trojan hunter and run it just to eliminate that possibility click here

  LeighB 16:23 03 Nov 2004

Thanks for reply and advice. I have downloaded, updated and run TrojanHunter, it did find 1 trojan (DownLoader), and cleaned it. However when I next connected to the net same problem, only difference was the delay was only 1 0r 2 mins instead of 5 - 7.
Any further ideas?
Thanks Leigh

  Nellie2 08:26 04 Nov 2004

Hmmm, I don't know if it will show anything but I like to look at hijack logs, (I'm a bit weird like that! :-) )

If you would like to download hijackthis from click here and paste the log it makes here I will have a look and see if it gives any clues.

You may have to paste it in two posts as there is an 800 word limit here... and it would help me if you could double space it too.

  LeighB 09:56 04 Nov 2004

Thanks again, I have been looking at Task manager when I connect. It is normal i.e. around 10% CPU usage, until I start a browser (Mozilla or IE) or try and access e-mail it then instantly jumps to 100% with SVCHOST NETWORK SERVICES hogging all CPU activity that is not being used elsewhere. After 5 mins or so this stops and I can connect to the net!!
Here is the HijackThis log as requested.

Logfile of HijackThis v1.98.2
Scan saved at 09:42:38, on 04/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:








C:\Program Files\Apache Group\Apache2\bin\Apache.exe



C:\Program Files\Network ICE\BlackICE\blackd.exe

C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe

C:\Program Files\Apache Group\Apache2\bin\Apache.exe


C:\Program Files\Network ICE\BlackICE\rapapp.exe




C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe


C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe


C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe


C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe


C:\Program Files\ONSPEED\onspeed.exe

C:\Program Files\Network ICE\BlackICE\blackice.exe

C:\Program Files\Logitech\SetPoint\kem.exe


C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE



C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\ONSPEED\PBHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

First half

  LeighB 10:17 04 Nov 2004

Second half
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\Winampa.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro\AdBlocker.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeed.exe

O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\onspeed.exe/250

O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\onspeed.exe/227

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\JETCAR.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Dell Home - {A22EAB80-A037-11D4-830A-E0A46EC13E03} - click here (file missing) (HKCU)

O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

  LeighB 10:18 04 Nov 2004

Last bit !!
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - click here

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - click here

O16 - DPF: {7380B862-BA18-4529-8972-C66B82AA5D1D} (AccountTracking Class) - click here

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - click here

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - click here

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - click here

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - click here

O17 - HKLM\System\CCS\Services\Tcpip\..\{D534E6D7-0C69-47B2-9F69-099CF839026A}: NameServer =

Hope this all helps,
Thanks again

  Nellie2 18:59 04 Nov 2004

If it is any consolation there is nothing bad visible in your log, you could try an online virus scan if you like click here or you may get some ideas from click here

  LeighB 10:17 05 Nov 2004

Thanks, I am checking through the Ask Leo information, hope I can get something from there

  LeighB 10:28 06 Nov 2004

I found the answer on Ask Leo, many thanks. Someone had posted this

<<problem - cpu 100%

solution - go to "run" - tipe there "msconfig" - than go to "services" - turn off "DNS Client" - restart comp and that's all
I did it and the problem has gone,
At Laaast !!!

Thanks for your help

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Inside the iMac Pro - Apple's most powerful Mac yet

iMac Pro release date, UK price & specs

Football : comment regarder la Ligue 1 en direct ?