Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sluggish for first hour only. Seems AVG related.


  • Please log in to reply
12 replies to this topic

#1 eg327

eg327

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 29 August 2010 - 02:56 PM

For the last month my computer (Dell/XP Home) has become very sluggish during the first 45-60 minutes of the first startup of the day. It doesn't seem to have a problem during subsequent restarts within the same day. I noticed during the sluggish period that the page file usages spikes and gradually comes back down over the course of the first hour. It may be related to AVG 9.0 because when I disable the resident shield prior to the next morning startup, the problem doesn't seem as bad.

I used he AVG remover tool to remove AVG entirely but it still seemed sluggish, althought not quite as bad. I have since reinstalled AVG 9.0

No recent changes to the computer other than to uninstall Spamfighter because I didn't need it anymore.

I ran Autoruns and didn't see any glaring problems, but there was a lot of info there and I didn't have time to look up every entry. Is there an automated way to analyze the results of Autoruns?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:32 AM

Posted 29 August 2010 - 08:52 PM

Did you have AVG set to automatic download updates? If so, the activity could have been due to AVG doing just that.

You may need to switch AVG for another anti-virus like avast. A particular anti-virus that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use and your system. There is no universal "one size fits all" solution that works for everyone.

As for entries in Autoruns, you can search each process using the following databases:If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 eg327

eg327
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 29 August 2010 - 09:39 PM

Thanks. Is there any chance this is actually a virus of some sort. I run weekly scans with AVG, have run both Malwarebytes and Ad Aware and it seems clean.

I didn't count, but it looked like there were dozens if not hundreds of entries when I ran Autoruns. Since I'm not used to looking at these things I would have to compare each one individually which seems like it would take forever. I'm willing to do that it that's what it takes, just want to make sure that's the most efficient way to do it.

I couldn't figure out a way to print or export the results of Autoruns

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:32 AM

Posted 30 August 2010 - 07:09 AM

I would probably recognize some of the more common entries, but others I would have to conduct a search using the databases I provided to you. You can try using System Explorer which provides a security check of running processing using their online security database when you first launch the program. If you want process the initial scan, press the "Start Security Check" button. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Further investigation is always recommended.

As for further checking your machine for possible malware, you can always get a second opinion by performing an Online Virus Scan like:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 eg327

eg327
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 31 August 2010 - 02:48 PM

I think I must have one or more programs in addition to AVG trying to update each morning, because when I turn off the AVG update, it gets better but not totally back to normal. And again, the problem only exists on the first startup of the morning.

Any suggestions on how to quickly identify programs that are trying to update? And should I move this thread to a different forum?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:32 AM

Posted 31 August 2010 - 04:16 PM

Use your mouse to right-click an open area in the task bar and in the context list select Task Manager or go to Start > Run and type: taskmgr
Click OK or press Enter.

When Task Manager opens, select the "Processes" tab and you can view what is running.

You may have too many applications loading at startup when Windows boots. Almost all applications you install want to startup when Windows loads. If you allow all these startups, they will compete for and use system resources resulting in poor performance and a slow system. Many of these programs are not needed and disabling them can save resources and improve performance as they can be accessed from Start > Programs or an icon on the desktop if needed. Other reasons for slowness include disk fragmentation, disk errors, corrupt system files, unnecessary services running, too many browser Add-ons/toolbars, failure to clear browser cache, not enough RAM, dirty hardware components, etc. Incompatible browser extensions and add-ons can impact system performance and cause compatibility issues such as application hangs (freezing).

To disable unnecessary startups, use a free Startup Manager like one of the following:You will be provided with a list of programs that load when Windows starts. If you untick an entry it will no longer run at startup. This will allow you to experiment and see how your system performs with any of them disabled.
-- Note: some startup programs are necessary so be careful what you disable.

If you are unsure what any of the program entries are or if they are safe to disable, search the name using Google <- click here for an example.
Or search the following databases:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 eg327

eg327
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 01 September 2010 - 05:34 PM

I ran Starter by Codestuff and I have an "Intiut Update Service" process running but I can't find anything related to Intuit in my Startups list. I know it's nonessential so I'd like to shut it down. Is there a way to relate a process back to what started it?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:32 AM

Posted 01 September 2010 - 06:22 PM

Launch Starter, click the Process tab, click the process in question to highlight it, right-click and choose File Properties which will show you the location (full file path) where it's running from. You can also choose to Explore the folder where it resides or to conduct a Search on the Internet from that same context menu.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 eg327

eg327
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 01 September 2010 - 08:21 PM

I'm baffled. I found where the Intuit Update resides, but I have no idea why it is running on startup. There is nothing even remotely close to Intuit in my startups. Maybe I'm not seeing all of my startups in Starter?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:32 AM

Posted 02 September 2010 - 06:34 AM

Check the Services tab to see if its running as a service.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 eg327

eg327
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 04 September 2010 - 05:22 PM

I found the processes wmiprvse.exe and wuauclt.exe running during the sluggish time. It appears from looking at the database that these can be legitimate but are also associated with infections. I've run several different scans and have never found an infection. How do I know if these are legitimate processes?

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:32 AM

Posted 04 September 2010 - 06:06 PM

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program or service so that it can run automatically each time the computer is booted. Keep in mind that a legitimate file can also be infected by some types of malware such as Virut which is a dangerous polymorphic file infector.

Anytime you come across a suspicious file for which you cannot find any information about, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 eg327

eg327
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 10 September 2010 - 06:50 PM

I think I finally found the problem or at least a major portion of it. Since deleting a couple Dell Support startup programs the problem has gone away. Maybe this info will help someone else.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users