Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

AVG Update, now high CPU usage

Feb 4, 2012 9:14PM PST

Several days ago my AVG updated and required a restart. It seems like my issues started after that restart but I don't know if it's coincidence or not. Initially, JIT debugging windows started popping up and I was unable to eliminate them by canceling. I had to OK and click through and then disable within the program. Those have ceased, but now my system is experiencing a multitude of other problems--most notably extremely high CPU usage anywhere in the 70-100% range for svchost. I've noticed as many as 8 instances of svchost running with most using 1-3k. I've also had error messages pop up related to memory, have issues shutting down the computer properly, and have software issues when coming back to my computer after its been in sleep mode.

I'm running XP, Firefox 10.0, and AVG Free 2012.

Any help is greatly appreciated.

Jeanine

Discussion is locked

- Collapse -
Clarification Request
Re: AVG Update, now high CPU usage
Feb 5, 2012 4:40PM PST

Hello silustran,

- Collapse -
Requested files
Feb 7, 2012 8:17AM PST

Thanks for reviewing these. Hopefully I saved and uploaded them properly. My computer is running so slow it takes a while to work through all the steps, especially with rebooting periodically.

home.comcast.net/~silustran/evtlogs.zip

Jeanine

- Collapse -
Re: Requested files
Feb 7, 2012 3:46PM PST

Hello Jeanine,

- Collapse -
Did as much as I could
Feb 8, 2012 11:29AM PST

Have tried to complete as many of the steps as I could understand. I removed Trojan Hunter from running in the background. I don't see that I have Ad Aware installed. Are there still remaining bits of the software I need to disable/remove? It doesn't show up in my Programs listing nor in my Add/Remove Programs link.

I removed the Yahoo updater thing and believe I disabled it from running in the background. Not sure why Intuit Update was running and using so much memory--I tried disabling the updater thorough the software but that didn't seem to work so had to disable it using msconfig.

Here are some screen shots from steps I was able to complete home.comcast.net/~silustran/B.zip

I did not understand how to perform the memory test. I downloaded memtest.bin and mt420.iso to a CD and thought I made it bootable but I must have misunderstood or missed a step somewhere because I couldn't get my computer to boot from the CD.

I have been trying to do as much as I can with my computer offline as it seems to function MUCH faster without an active internet connection and without Firefox open. Usually once I reconnect my internet, svchost once again starts grabbing resources and creeps up little by little until it utilizes over 90% of my CPU. Firefox also seems to hog quite a few resources so I don't know if it is separate issues or one related issue. At this point I am wondering if I should post my query to another forum on here as I have not been receiving AVG error messages lately so am starting to think the issue lies elsewhere. Another point of note is that while looking at the list of active processes in Process Explorer this morning, there was an instance of Outlook.exe open which was using a decent chunk of memory--I did NOT open Outlook today nor have I opened it in the past several days. I killed the process and it has not run again to my knowledge.

Over the last several days I have run a full computer scan with AVG, Trojan Hunter, and Housecall and have not found any viruses or Trojans. I am unsure at this point what else I can do. Should I even consider a System Restore to a point in time say a week or two ago?

Thanks again,

Jeanine
<span id="INSERTION_MARKER">

- Collapse -
Spoke too soon
Feb 8, 2012 8:02PM PST

After startup this morning, this AVG message was displayed:
http://home.comcast.net/~silustran/C/2_9_12_infections.jpg

So, I am dealing with malware of some kind even though it was not found on previous searches. I selected the "Remove all unhealed" button and then restarted. Do you know if this is one of those trojans that I will need to take additional steps other than just hitting the button in the AVG window? I am going to run HouseCall to see if it locates anything further.

Jeanine

- Collapse -
Re: Spoke too soon
Feb 8, 2012 11:25PM PST

Hello silustran,

- Collapse -
No more errors--results of scans uploaded
Feb 9, 2012 9:31AM PST

I have not received any notifications of trojans or viruses since this morning but my system is still running slow. I was able to run Autoruns, GMER (both autostart & anti-rootkit), and OTL output this evening. The results of these are here: home.comcast.net/~silustran/D.zip As a point of note, while running GMER, I received an on-screen error message while running GMER. An image of this error is included in the D.zip folder. Another oddity I encountered was after running the GMER anti-rootkit, my computer displayed this screen: http://home.comcast.net/~silustran/error_2912.jpg

FWIW, I did try disabling Windows automatic updates but the problems persisted.

Thanks again for all your help and advice.

- Collapse -
Re: No more errors--results of scans uploaded
Feb 9, 2012 3:47PM PST

Hello silustran,

- Collapse -
Not sure what happened
Feb 9, 2012 8:49PM PST

No worries about the GMER blue screen--nothing seemed any worse afterwards Wink I just wanted to note my observation in case it meant anything significant.

I downloaded the MbrFix utility. I got to the command line and typed "MbfFix /drive 0 fixmbr" which them asked me to confirm Y/N to which I entered "Y" and hit enter. I did not notice anything happen so I'm not really sure the application ran. How would I know? I made the assumption my C: drive was drive "0" but I'm not positive. How could I confirm this? Should I have noticed anything running? I restarted my computer and have not noticed anything much different one way or another.

In the process of doing these steps this morning, I got this pop up from AVG:
http://home.comcast.net/~silustran/Feb10AVGAlert.jpg

I did not perform any of the steps related to running the MbrFix utility in offline mode. Please advise if I should redo the steps above or try something different.

Thanks

- Collapse -
Re: Not sure what happened
Feb 9, 2012 10:18PM PST

Hello silustran,

- Collapse -
Can not proceed further
Feb 10, 2012 6:35AM PST

I guess I have hit a wall at this point as I purchased my computer from Dell and never received a Windows XP disc. UGH It never occurred to me that this would be necessary to have--live and learn I guess. I appreciate all your help and advice.

- Collapse -
Re: Can not proceed further
Feb 12, 2012 3:37PM PST

Hello silustran,