1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

is my ram missing?

Discussion in 'Virus & Other Malware Removal' started by veryconfused, Sep 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. veryconfused

    veryconfused Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    62
    hello .just got my first computer at 38 . How sad!was hoping u guys could answer a question or two for me.the box in question is a packard bell 2.1Gh celeron 256mb ram , win xp 32. Now , when i start up the computer ,and look at snapsys, it tells me that out of the 256mb of ram i have somewhere between 40 and 80mb free and the only thing running is activsurf agent.(exept from the OS i assume).when im on the web there are two explore prossesses running . IEXPLORE.EXE and explorer.exe and 5 or 6 cvchost.exes. i have updated norton and ran it and it didnt find any viruses. is it normal to use this much ram or do you think there is something else running that i need to know about?And if so how do i find it ? P.S. Reading thru some of your threads is like trying to read hindu. please remember im veryconfused! P.P.S . iv just noted on of the cvchosts uses a very simillar amount of ram to explorer.exe. cheers!
     
  2. dai

    dai

    Joined:
    Mar 6, 2003
    Messages:
    11,198
    256 is the minimum recommend you put in another 256,everthing you do goes into ram for fast retrieval,if you are not running out of memory,getting a box popping up saying insuffiecent memory,don't worry.
    xp is a ram hog.
    run adaware and spybot on a regular basis as well as your virus checker
     
  3. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Veryconfused
    I am not familiar with the program Snapsys but I am assuming it creates a snapshot of dynamic and static information about the state of your computer.
    Anyway lets discuss RAM first.
    I always use this statement to explain usage of RAM.
    "Unused RAM is Wasted RAM!"
    What is meant by that is RAM and other on motherboard are the fastest storage media you have. Compared to a hard drive it is lightning fast! When you system boots there are many programs that start. All these program use RAM space for quite retrieval of information\processes required.
    You mentioned the only process you though was running is activsurf agent! Well that is not true. There are many others that are exposed via Task Manager, (Ctrl,Alt,Del) and other that are hidden and can be exposed by other free third party utilities such as Process View found Here
    Take a look at the attached snapshot of what is running on my system and you will see that there are many items in residence.

    There is nothing wrong with RAM consumption running at 30% free.

    Keep in mind Windows does a great job in controlling RAM and Virtual memory.

    Here is a series of 4 articles one which build to the next.

    The only thing we disagree with in there is setting virtual memory max settings since windows has evolved since to handle it quite well.

    http://content.techweb.com/winmag/columns/explorer/2000/11.htm
    http://content.techweb.com/winmag/columns/explorer/2000/12.htm
    http://content.techweb.com/winmag/columns/explorer/2000/13.htm
    http://content.techweb.com/winmag/columns/explorer/2000/14.htm

    Take care and I am sure others will help explain to.

    Dave
     

    Attached Files:

  4. veryconfused

    veryconfused Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    62
    cheers davey n dia . where do i get adaware and spybot?
     
  5. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    veryconfused
    Have a look Here.

    Dave
     
  6. veryconfused

    veryconfused Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    62
    hi again .ran spybot.do i get rid of backweb lite?and will anything stop working if i do . theres lots n lots of "backweb lites"! thanks!
     
  7. dai

    dai

    Joined:
    Mar 6, 2003
    Messages:
    11,198
    found this on a google search
    It's best to try to find the host program *first* and then uninstall that.
    THEN run Adaware and Spybot. Coupla reasons...first, if you don't
    uninstall the host program and then clean out the entries, you likely
    never *will* be able to completely uninstall it. Second, if the host
    program is still there, Backweb is generally tightly written into that host
    program, so, if you don't uninstall it first, not only will the host
    program not work properly (probably), it will keep trying to reinstall the
    Backweb registry keys.

    Trouble is, it's often hard to find the host program. Many times it comes
    disguised in support/help utilities or drivers. Always either back the
    registry up or use a system restore point when you install new software.
    Go Back or something like it may work too. If you got it snuck into a new
    computer, try to find out what all those wonderful preloaded programs
    actually *do* before you go too far installing your personal stuff.
    Chances are you can (and probably should) live without about half of them.
     
  8. veryconfused

    veryconfused Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    62
    hi dia. any clues as to how i can find the host program pls? you r talking to a computer virgin. my typing is getting quicker tho!
    :eek:
     
  9. dai

    dai

    Joined:
    Mar 6, 2003
    Messages:
    11,198
    try start/search and look for something like backweb lite.exe
    backweb lite
    include hidden folders in the search
    first d/l the 30 demo of jv16 from
    www.jv16.org
    when you run the registry tool check on the first page that comes up and lists everthing on your computer for backweb lite and tick the box for removal the let jv16 remove everthing for backweb
     
  10. veryconfused

    veryconfused Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    62
    HI! ran the jv16 prog. COOL TOOL! Got shot of backweb. Had to re run spybot to loose the cookies. could you tell me what i should do with "DSO exploits" and "teknum auto updater" pls?
     
  11. dai

    dai

    Joined:
    Mar 6, 2003
    Messages:
    11,198
    dso is a entry point for a hacker,get rid of it
    teknum updater a google search says this is a a/virus updater so leave it
    then post a hijack log for one of the experts to have a look at
    you can get it from here
    http://www.tomcoyote.org/hjt/
     
  12. veryconfused

    veryconfused Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    62
    did away with the dso sLogfile of HijackThis v1.97.2
    Scan saved at 16:58:08, on 16/09/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\khooker.exe
    C:\Program Files\Norton Internet Security\IAMAPP.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Norton Internet Security\ATRACK.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\sllights.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\kevin\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.blueyonder.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dial.blueyonder.co.uk/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Packard Bell (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{785F214E-FE93-48C7-9EC0-66487677FA44}: NameServer = 193.38.113.3 194.117.157.4

    . heres the log frm hijackthis . any ideas?
     
  13. dai

    dai

    Joined:
    Mar 6, 2003
    Messages:
    11,198
    it is best one of the experts looks at your log,but i see you have a dialer for blueyonder uk is this your isp
     
  14. veryconfused

    veryconfused Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    62
    HI. Blueyonder is my isp. This may be a really silly question but how do i get an expert to look at the log? oh. one other thing, when i down load programs they seem to down load very slowly.usually something like 3.5/4 kbps . is that normal?
     
  15. IMM

    IMM

    Joined:
    Feb 1, 2002
    Messages:
    3,257
    This one entry is something i'm not sure about
    O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
    Can you tell me what it is?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164749

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice