What's eating my RAM?

Discussion in 'System Security & Infection Support' started by Faaris, Mar 13, 2004.

  1. Faaris

    Faaris

    Joined:
    Jan 15, 2004
    Messages:
    54
    Likes Received:
    0
    Location:
    Australia
    What's fleecing my RAM?

    G'Day Dreamers...

    Something is eating up my RAM.

    What programs might it be?

    For now i have...

    Pentium 4 (512RAM)

    black ice*

    steganos 5

    ispeed (accelerator between PC and Service provider to open pagers quiker (works great)

    tune up utilities

    Norton NIS on trial period

    Pentium 3 (512 RAM)

    Sygate personal Firewall*

    steganos 5

    ispeed

    no AV

    tune up

    * Replacing with Sygate Firewall pro 5.5 soon on both PCs.

    It's frustrating to be told 'not enuff memory to close a window' etc.

    Do you think it's these that are chewing up the memory??
     
    Last edited: Mar 13, 2004
    Faaris, Mar 13, 2004
    #1
    1. Advertisements

  2. Faaris

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Go to Task Manager (ctrl + shift + exc) and go to Processes. Which server / app is taking up the most?
     
    James, Mar 13, 2004
    #2
    1. Advertisements

  3. Faaris

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Is the memory being eaten up on both machines? Or just one?
    The problem is that several of the apps you've posted above can be memory hogs. Software firewalls and antivirus programs are well known to do so. I don't know about this 'ispeed' app, it could be sucking up all kinds of resources. Also, you may have some sort of adware or something in the background. You should download 'HijackThis' from the Handy Tools section, and post the log it generates from both machines into this thread.
     
    Fenis-Wolf, Mar 13, 2004
    #3
  4. Faaris

    Faaris

    Joined:
    Jan 15, 2004
    Messages:
    54
    Likes Received:
    0
    Location:
    Australia
    Go to Task Manager (ctrl + shift + exc) and go to Processes. Which server / app is taking up the most?

    oh-oh...

    PC jargon...

    +exc??? :?

    Also...

    I'll down/load hijack this and post soon.:thumbs
     
    Faaris, Mar 13, 2004
    #4
  5. Faaris

    Faaris

    Joined:
    Jan 15, 2004
    Messages:
    54
    Likes Received:
    0
    Location:
    Australia
    G'Day Dreamers...

    Here's the log for the P3...

    Logfile of HijackThis v1.97.7
    Scan saved at 10:59:09 م, on 13/03/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRAM FILES\IPRIMUS ISPEED\PROPELAC.EXE
    C:\PROGRA~1\PANASO~1\PANASO~1\KX7WSWPD.EXE
    C:\WINDOWS\BTZ7.EXE
    C:\WINDOWS\SYSTEM\A.EXE
    C:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
    C:\PROGRAM FILES\123 BULK EMAIL DIRECT SENDER 2003\XMAILER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\SABRAGENERAL\PROGRAM DOWNLOADS\COMPUTER PROTECTIONS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=2672163
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=2672163
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=PopupKiller:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {863D63F6-1493-4DEF-A5E8-374109E0B8B7} - C:\WINDOWS\AHV3J5H.DLL
    O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
    O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\IPRIMUS ISPEED\PROPELAC.EXE
    O4 - HKLM\..\Run: [Panasonic KX-P7100] C:\PROGRA~1\PANASO~1\PANASO~1\KX7WSWPD.EXE
    O4 - HKLM\..\Run: [xMdi22] C:\WINDOWS\bTZ7.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Roxio\GoBack\GBPoll.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKCU\..\Run: [SIA5] "C:\PROGRAM FILES\STEGANOS INTERNET ANONYM 5\SIA5.EXE" /booting
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
    O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
    O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
    O8 - Extra context menu item: Download using Download &Express - C:\AHMADGENERAL\Add_Url.htm
    O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\iPrimus iSpeed\pac-page.html
    O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\iPrimus iSpeed\pac-addwl.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\iPrimus iSpeed\pac-image.html
    O9 - Extra button: Internet Download Accelerator (HKLM)
    O9 - Extra 'Tools' menuitem: &Internet Download Accelerator (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    Maybe the memory is being eaten up by...

    ispeed surfing accelerator...

    or firewall...all those logs and things??

    but i got 512RAM??

    One thing...

    When i ask TuneUp about the memory it said at the time of last memory crisis that i had something like 287mb free???

    Odd huh??

    Or is the 'TuneUp' B/S??
     
    Faaris, Mar 13, 2004
    #5
  6. Faaris

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Well...I see you have a lot of stuff. The Bulk Mailing software, and Free Download Accelerator sound a lot like spyware. You might want to run AdAware and see if it cleans up any spyware laying around on your machine. Spyware apps are generally poorly written and can sometimes cause problems. Also, I see you have Roxio software 'GoBack' running as well. I'm tempted to believe that the GoBack software may be causing massive memory spikes every once in awhile. It may be setting a restore point for itself, and this would require loads of memory.
    How often does your memory get used up or used excessively? How long does it last?

    Oh, btw. About the TuneUp app. No doubt it was counting your page file as part of your memory. Your page file can be about 200 odd megabytes. So thats why it may report you having that much memory even though Task Manager says its all used up.
     
    Fenis-Wolf, Mar 13, 2004
    #6
  7. Faaris

    Faaris

    Joined:
    Jan 15, 2004
    Messages:
    54
    Likes Received:
    0
    Location:
    Australia
    ok...

    Both machines are losing memory.

    Mailing software is only used on P3.

    ispeed accelerator is on both...its from my service provider...not a download from the net thing. Could be responsible.

    Only put Go-Back on P3 yesterday...not on P4. So its innocent??

    Memory seems to happen when bulk mail but...

    the P4 is innocent and its been having this problem too.

    Accelerator and Sygate Pro Firewall & Steganos 5 are the common programs that are suspicious. Though i don't think it's steganos (ip scrambler).

    Or...

    something else like a virus etc??

    ...And Memory drama lasts until i reach for the reset button.
     
    Faaris, Mar 13, 2004
    #7
  8. Faaris

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Well you could uninstall one, and observe the behavior. I would do this on the machine thats not directly connected to the net. Also, you don't need to run steganos or the firewall on the internal machine. Via the wonder of DHCP your internal machine isn't routable from the outside world. So your IP address isn't viewable so the ip scrambler isn't applicable and since its not externally routable the firewall really isn't saving you from anything.
     
    Fenis-Wolf, Mar 13, 2004
    #8
  9. Faaris

    deftones yup VIP Member

    Joined:
    Nov 30, 2003
    Messages:
    439
    Likes Received:
    4
    Location:
    Georgia
    Also uninstall Tune-Up Utilities and throw that crap in the garbage.;)
    It caused so many problems with all my computers. Use msconfig to disable any unwanted startup items.:)
     
    deftones, Mar 14, 2004
    #9
  10. Faaris

    Faaris

    Joined:
    Jan 15, 2004
    Messages:
    54
    Likes Received:
    0
    Location:
    Australia
    G'day Dreamers...

    just going off main subject...

    ""Also uninstall Tune-Up Utilities and throw that crap in the garbage""

    do we need a tool like this??

    i know some stuff is in system tools but defragmenter and scan disk take a day to run...

    Are there programs worth getting??

    ...Apart from a firewall ad aware spybot??
     
    Faaris, Mar 14, 2004
    #10
  11. Faaris

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Make sure you have an up-to-date virus scanner running at all times. I also recommend you run AdAware once in awhile, and if your machine has a high risk of getting junk installed on it by others or yourself, you should run the spyware blocked thats on the Handy Tools page. If you run XP disk defragment is done invisibily in the back ground all the time.
     
    Fenis-Wolf, Mar 14, 2004
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.