Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avgw.exe Causing Slow Computer - What Is It?


  • Please log in to reply
1 reply to this topic

#1 abrogard

abrogard

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 07 March 2006 - 06:26 PM

My computer - an old 200mhz running win2k - started getting really slow on the web and the task list showed avgw.exe using often more than 50% of cpu cycles and always at least 40% - when nothing was happening!!
No scans, nothing.
So I did a web search for avgw.exe and found it is apparently a bona fide part of AVG's suite and it needs it to run. Don't delete it all the hits said. And no one said it was a trojan or a virus in disguise or anything bad about it at all.

But I've got another old win2k machine with AVG on it and it doesn't even show avgw.exe in the task list!!

But neither does it show the icon in the system tray. But it does show the other avg processes running so I assume that machin is protected alright.

But what about this one? How do I make sense of what avgw.exe is doing?

Here is my HJT log if anyone can help me and many thanks in advance for trying, if you do.

regards,

ab :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 9:22:28 AM, on 7/03/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\internat.exe
C:\Program Files\FounderscanVP\AM32.exe
D:\acrobat\Distillr\AcroTray.exe
C:\hijackthisunzip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\acrobat\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\FounderscanVP\AM32.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\acrobat\Distillr\AcroTray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

BC AdBot (Login to Remove)

 


#2 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:47 AM

Posted 07 March 2006 - 09:09 PM

Hi abrogard :thumbsup:
I don't see any serious malware in your HJT log. I do see that you have no Service Packs and IE is out of date.

Rescan with HJT, check these items:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

Close all windows and programs except HJT, then click "fix checked". Close HJT.

Next..clean out all the temporary files and cookies on your system. Go to Start > Run type: cleanmgr, click OK. Let it scan your system for files to remove. Check these three boxes and then press ok to remove:
Temporary Files
Temporary Internet Files
Recycle Bin


Go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Please let me know about any problems with the temp file deletes.

***Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete.

Click "Start > Run" and type "%temp%" (without the quotes). Delete the entire contents of that "temp" folder (use "Edit > Select All", press "Delete", click "Yes").

Then, Empty your Temporary Internet Cache completely. Close all instances of Outlook and and Internet Explorer, then use "Control Panel > Internet Options > General tab" and click the "Delete File" button. When prompted place a check in: "Delete all offline content", then click OK.

Use Windows Explorer to clean out ALL the other temp folders on your system (navigate to the folder, use "Edit > Select All", press "Delete", click "Yes"):

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* C:\Windows\Prefetch\

Run Windows defragging tool.

Reboot/restart you computer.

Post a new HJT log and tell me how things are now.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users