1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Memory leakage

Discussion in 'Windows XP' started by CutInHalf, Jan 22, 2006.

Thread Status:
Not open for further replies.
  1. CutInHalf

    CutInHalf Thread Starter

    Jan 22, 2006
    I think it's memory leakage, or something, but here's my problem.

    My comp has and is steadily becoming worse and worse. It's a Celeron, Gateway, 256mb ram (although I know that I'm not getting all 256 mb), 1.4 ghz processor, max harddrive 40gigs, etc.

    Anyway, now its at a point where the speed reduction of the computer is unbearable. I feel like I'm using DSL again (I use a cable modem, high speed too), seeing as some pages take up to 15 seconds to load sometimes. In addition, I often experience temporary periods of 95%-100% CPU usage, usually attributed to the Iexplorer (Even when I'm not using Iexplorer). As a matter of fact, my Iexplorer CPU usage is never 0%; it is always 02%-10% when not during one of those 100% cpu usage times; it can even go up to 25% when idle.

    Anyhow, my computer is pretty slow now. I think it's ram-related, but who am I to be sure; im not really a computer genius. I've run adaware several times, and mostly, Roings keeps popping up - get this - every day. I mean, every time I run adaware 2x in a row, the first time I delete it and the second time I get nothing, but the next day, roings is back (oh, and with about 12-25 data miners).

    My physical memory doesnt add up either... it says my total is 259888k, and my system cache is 110000k, but my available is only 93000k. That doesnt add up (not sure if thats relevant, just threw that out there). One more thing though: I noticed like 6-7 processes of svchost, 2 processes of iexplore, and 1 of explorer.

    Given this info, can you guys figure out why my comp moves slower than my '94 Jeep?
  2. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, We need this to start out: Someone will help you if they can once the log is posted...

    Please do the following: Without closing anything, use the link below, follow the downloading directions,
    when it says you are to open a Reply, use the Post Reply at the top of the thread

    Click here to download HJTsetup.exe
    • Save Hijackthis.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • At the top of the Notepad HJT log screen, hit EDIT then SELECT ALL then click EDIT and then click COPY, doing that copies the text to the clipboard, you won't see it yet....
    • Open a TechSupportGuy forum Reply window for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
    • At the top of your TSG/browser window, hit EDIT then PASTE
    • You should see your copied Hijackthis log appear in the reply space....then, submit the reply
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
  3. CutInHalf

    CutInHalf Thread Starter

    Jan 22, 2006
    Alright, here's what the HijackThis log showed:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:04:33 PM, on 1/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Creative\8xxx\bbui.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: jimmyhelp.CBrowserHelper - {75D31225-8030-4049-A68D-878A3F4EA6AA} - C:\WINDOWS\setczwi.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    any suggestions now?
  4. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, Your log shows that the computer has or had, an installed file sharing program, P2P, that is probably the cause of your problems.

    It may be something like Kazaa or other P2P program- and it will bring you nothing but trouble. My advice would be to uninstall it, but you will need some help doing that.

    Removing the spyware junk P2P programs either contain themselves, or have brought into your computer, will generally disable the P2P program anyway. You have to let us know what you wish to do, like completely remove P2P networking program, or wait and see.

    I can't give you any advice until you let us know!

    Look for a folder on the hard drive named for one of these P2P file sharing programs:

    there are more-

    Also, the program may have an entry in your Add/Remove Programs list, check there.
    Just post what it is, as there are some tricks involved in uninstalling them completely.
  5. CutInHalf

    CutInHalf Thread Starter

    Jan 22, 2006
    I used to have kazaa about a year or two ago, but I think I deleted it with the add/remove programs. I dont know if theres still a trace of it on my computer though.

    I dont know what limewire is, but I DO have it on my add/remove program list and my desktop.

    Help =(
  6. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    hi, Did you see the list of P2P common programs in my reply before? Limewire is one of those....

    My advice could only be for you to uninstall it, but it may have been installed by someone else with access to the computer...if the machine is yours, and the kids have installed it, do what you think is best. As I told you, it will be disabled by what we have to do next....

    The parts of Kazaa that I see have remained, we can remove. Limewire should go, as it can bring you infected files that seem like good ones. File sharing of this nature, since you have no way to tell copyrighted material such as songs, videos, etc from non-copyrighted ones, is not supported here at TSG.

    The Limewire program is apparently installed under another user account> we see that here often.

    It should uninstall OK from your account, if you are at admin level, and you seem to be.

    In any event, download this: KazaaBegone
    Just put it in your favorite folder and unzip it. Find the file kazaabegone.exe (I'm rusty, but it should be very similar to that) and double click it, make sure you PUT a check into "Search for and Remove all the nasty bits of Kazaa" (similar wording to that) and it will remove what it finds.

    There is no removal tool for Limewire, but an uninstall and then some scans will clean up.

    Download this> SpySweeper HERE (It's a 2 week trial):

    Click the Download button, middle on right of page...it's small but its there...

    Install it. Once the program is installed, it will open.
    It will prompt you to update to the latest definitions, click Yes.
    Once the definitions are installed, click Options on the left side.
    Click the Sweep Options tab.
    Under What to Sweep please put a check next to the following:
    Sweep Memory
    Sweep Registry
    Sweep Cookies
    Sweep All User Accounts
    Enable Direct Disk Sweeping
    Sweep Contents of Compressed Files
    Sweep for Rootkits-Make sure you DO check to do this one!
    Please UNCHECK Do not Sweep System Restore Folder.

    You should do the scan in Safe Mode-here is how:

    * Restart your computer into safe mode now.To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

    Perform the following steps in safe mode:

    Click "Sweep Now" on the left side.
    Click the Start button.
    When it's done scanning, click the Next button.
    Make sure everything has a check next to it, then click the Next button.
    It will remove all of the items found.
    Click Session Log in the upper right corner, copy everything in that window.
    Click the Summary tab and click Finish.
    Paste the contents of the session log you copied into your next reply along with a NEW Hijackthis log made after you run SpySweeper.
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436383

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice