22 replies to this topic

[gangangunleon]

I noticed that whenever I try to open a browser (I use the latest version of Firefox), my CPU usage spiked. At first, I thought this is because of the flash game I'm playing on Facebook, but I noticed that whenever I go to any website, I still get a spike. Tried using IE and I got the same issue. I did a scan with AVG and Malwarebytes and it didn't find anything. I even went on disabling AVG's firewall, which worked at first, but afterwards it spikes to 100% again.

Below is my HiJackThis log if it's of any help:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:41 PM, on 12/31/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mozilla.org/
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4297 bytes

[Ztruker]

How does it behave if you boot to Safe Mode with Networking? If better then something is starting at boot that is causing the problem.

Advanced startup options - XP
Advanced startup options - Vista
Advanced startup options - Windows 7

Use msconfig to determine what is causing the problem

These are good tutorials on using msconfig in XP, Vista or Windows 7:
How to use msconfig in Windows XP
How to use msconfig in Windows Vista
How to use msconfig in Windows 7

Click on Start then Run, type msconfig and press Enter.
Click on the Startup tab, record what is currently starting then click the Disable All button.
Reboot and see if it runs better.
If yes then use msconfig to enable several items at a time till you find the culprit.

If no, start msconfig and click on the Services tab.
Check the Hide All Microsoft Services box, record what is currently starting then click the Disable All button.
Again, do a regular boot, see if it runs normal.
If yes then use msconfig to enable services till you find the culprit.

Once you've found the culprit, uninstall it or find out how to eliminate it from your system. Simply disabling it in msconfig is a temporary fix at best.
Enable everything else you disabled.

[gangangunleon]

except all MS Services, the only things running on my systems are my driver software for my WiFi connection, Java, and AVG Antivirus. I only disabled AVG and it reduced the CPU spike by 25%. Tried going online again and it only spiked between 50-80%, but never reached 100.

[Ztruker]

How does it behave if you boot to Safe Mode with Networking?

[gangangunleon]

safe mode with networking is doing just fine. I do not see any problems there.

[Ztruker]

Sorry for the delay in replying, lost my internet. Had to have the cable box replaced. Since it works okay in Safe Mode with Networking, please work through using msconfig as described, see what that does for you.

[gangangunleon]

i don't think there's anything else in msconfig that i can remove as the only ones enabled are Java and my WiFi driver, unless I can turn off some services from Microsoft that may reduce the CPU spike, though I don't know which to disable. I also tried disabling plugin-container.exe for Firefox, which reduced the CPU spike by 10%. So at most, it spikes up to 60-70%. It's manageable at least.

[Ztruker]

That leaves a device driver as the probably cause.

Have you updated any around the time this started happening?

If not, start updating them one at a time with the latest available and see if that helps. Test for awhile after updating.

Read here and post results please: What programs are installed and what programs run at startup, XP, Vista and Windows 7

[gangangunleon]

Here are the results starting with the install programs: 7-Zip 9.20 12/29/2012 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 1/5/2013 11.5.502.135 Apple Application Support Apple Inc. 1/4/2013 66.77 MB 2.3.2 Apple Mobile Device Support Apple Inc. 1/4/2013 24.55 MB 6.0.1.3 Apple Software Update Apple Inc. 1/4/2013 2.38 MB 2.1.3.127 AVG 2012 AVG Technologies 12/22/2012 2012.0.2221 Belarc Advisor 8.3 Belarc Inc. 12/29/2012 8.3.0.0 Bonjour Apple Inc. 1/4/2013 1.03 MB 3.0.0.10 CCleaner Piriform 12/19/2012 3.26 Conexant HDA D110 MDC V.92 Modem 12/24/2012 DW WLAN Card Utility Dell Inc. 12/29/2012 5.60.18.9 High Definition Audio Driver Package - KB835221 Microsoft Corporation 12/22/2012 20040219.000000 HiJackThis Trend Micro 12/31/2012 0.36 MB 1.0.0 Intel® Graphics Media Accelerator Driver 12/22/2012 iTunes Apple Inc. 1/4/2013 187.00 MB 11.0.1.12 Java 7 Update 10 Oracle 12/29/2012 128.00 MB 7.0.100 LibreOffice 3.6 The Document Foundation 1/5/2013 392.00 MB 3.6.4.3 Malwarebytes Anti-Malware version 1.70.0.1100 Malwarebytes Corporation 12/29/2012 1.70.0.1100 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12/22/2012 5.21 MB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 12/22/2012 10.19 MB 9.0.30729.4148 Mozilla Firefox 17.0.1 (x86 en-US) Mozilla 12/29/2012 17.0.1 SigmaTel Audio SigmaTel 12/22/2012 5.10.5210.0 VLC media player 2.0.5 VideoLAN 12/29/2012 2.0.5 µTorrent BitTorrent Inc. 12/29/2012 3.2.3.28705

[gangangunleon]

here's the startup from windows: No HKCU:Run ctfmon Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" No HKLM:Run avgtray AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG2012\avgtray.exe" Yes HKLM:Run Broadcom Wireless Manager UI Dell Inc. C:\WINDOWS\system32\WLTRAY.exe No HKLM:Run hkcmd Intel Corporation C:\WINDOWS\system32\hkcmd.exe No HKLM:Run igfxpers Intel Corporation C:\WINDOWS\system32\igfxpers.exe No HKLM:Run igfxtray Intel Corporation C:\WINDOWS\system32\igfxtray.exe No HKLM:Run IMJPMIG Microsoft Corporation "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe" Yes HKLM:Run SigmatelSysTrayApp SigmaTel, Inc. %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe Yes HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe" No HKLM:Run TINTSETP Microsoft Corporation C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[gangangunleon]

startup from ie: Yes Extension AVG Do Not Track AVG Technologies CZ, s.r.o. C:\Program Files\AVG\AVG2012\avgdtiex.dll Yes Extension Messenger Microsoft Corporation C:\Program Files\Messenger\msmsgs.exe Yes Helper AVG Do Not Track AVG Technologies CZ, s.r.o. C:\Program Files\AVG\AVG2012\avgdtiex.dll Yes Helper AVG Safe Search AVG Technologies CZ, s.r.o. C:\Program Files\AVG\AVG2012\avgssie.dll Yes Helper Java™ Plug-In 2 SSV Helper Oracle Corporation C:\Program Files\Java\jre7\bin\jp2ssv.dll Yes Helper Java™ Plug-In SSV Helper Oracle Corporation C:\Program Files\Java\jre7\bin\ssv.dll

[gangangunleon]

startup from firefox No Extension AVG Do Not Track 12.0.0.2189 AVG Technologies default-1356973590234 Firefox 17.0.1 C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack No Extension AVG Safe Search 12.0.0.2191 AVG Technologies default-1356973590234 Firefox 17.0.1 C:\Program Files\AVG\AVG2012\Firefox4 Yes Extension DownloadHelper 4.9.12 Michel Gutierrez default-1356973590234 Firefox 17.0.1 C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\re1jqwfb.default-1356973590234\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} Yes Extension leethax.net extension 2012.12.22 leethax.net default-1356973590234 Firefox 17.0.1 C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\re1jqwfb.default-1356973590234\extensions\leethax@leethax.net.xpi Yes Extension Perapera Japanese 9.0.2 Justin Kovalchuk default-1356973590234 Firefox 17.0.1 C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\re1jqwfb.default-1356973590234\extensions\peraperakun@gmail.com Yes Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default-1356973590234 Firefox 17.0.1 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll Yes Plugin Java Deployment Toolkit 7.0.100.18 10.10.2.18 Oracle Corporation default-1356973590234 Firefox 17.0.1 C:\WINDOWS\system32\npDeployJava1.dll Yes Plugin Java™ Platform SE 7 U10 10.10.2.18 Oracle Corporation default-1356973590234 Firefox 17.0.1 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll Yes Plugin Microsoft® DRM 9.0.0.3250 Microsoft Corporation default-1356973590234 Firefox 17.0.1 C:\Program Files\Windows Media Player\npdrmv2.dll Yes Plugin Microsoft® DRM 9.0.0.3250 Microsoft Corporation default-1356973590234 Firefox 17.0.1 C:\Program Files\Windows Media Player\npwmsdrm.dll Yes Plugin Shockwave Flash 11.5.502.135 Adobe Systems Incorporated default-1356973590234 Firefox 17.0.1 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll Yes Plugin VLC Web Plugin 2.0.2.0 VideoLAN default-1356973590234 Firefox 17.0.1 C:\Program Files\VideoLAN\VLC\npvlc.dll Yes Plugin Windows Media Player Plug-in Dynamic Link Library 3.0.2.628 Microsoft Corporation (written by Digital Renaissance Inc.) default-1356973590234 Firefox 17.0.1 C:\Program Files\Windows Media Player\npdsplay.dll

[gangangunleon]

and finally from the context menu: Yes Directory 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll Yes Directory Add to VLC media player's Playlist VideoLAN "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" Yes Directory AVG Shell Extension AVG Technologies CZ, s.r.o. C:\Program Files\AVG\AVG2012\avgse.dll Yes Directory MBAMShlExt Malwarebytes Corporation C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll Yes Directory Play with VLC media player VideoLAN "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" Yes File 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll Yes File AVG Shell Extension AVG Technologies CZ, s.r.o. C:\Program Files\AVG\AVG2012\avgse.dll Yes File MBAMShlExt Malwarebytes Corporation C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

[gangangunleon]

forgot to mention that as for the driver update, it is the last version as Dell no longer provides updates to the driver in question.

[Ztruker]

The first thing I would do is uninstall AVG completely and install Microsoft Security Essentials instead. Next, run Firefox with no Add-ons (I think you can select this from the Help menu but not sure as I don't have it installed at the moment. I'm still in the process of setting up after a Win 7 Pro X64 clean install, first since I installed 9/2009). If that helps start disabling the Add-ons until you find the one causing the problem. Ditto for IE.