Boycer
asked on
Physical ram drops to less than 8mb within minutes of starting system, Virtual ram remains constant at 208mb
I have a client's system that within minutes of starting up and without opening any applications the physical ram drops from around 50MB free to just under 8mb. The system is an Athlon 1.113 CPU, Giga-byte GA-7VXTE Motherboard with 128 MB RAM, running Windows 98. Normal Windows startup items, plus Norton Anti-virus corporate edition client, InCD, Wireless MS Mouse & Keyboard. Video Drivers are ATI Catalyst, the latest version. Graphics chipset is Radeon VE (7000).
I have done the following: Upgraded Bios to current version, changed processor to Athlon XP 220+. applied all current updates to Windows 98. Applied Via drivers 4.48, Updated the Virus definitions, scanned for virus's, scandisk, defragged and applied updates to Office XP, SP1 & SP2. The client did have the W32.Galil virus, but i have removed it using Norton and have scanned with both Nortons online scanner & Mcaffe's online scanner, but
no virus's were found.
I Still the same problem, I increased the ram to 384 MB and now it drops down to about 25% of that. I am using a free memory program called freemem to free up the ram every now and then.
Has anyone got any ideas, I am fresh out, I have never seen this large a drop in physical ram 15 years of PC tech work.
I have done the following: Upgraded Bios to current version, changed processor to Athlon XP 220+. applied all current updates to Windows 98. Applied Via drivers 4.48, Updated the Virus definitions, scanned for virus's, scandisk, defragged and applied updates to Office XP, SP1 & SP2. The client did have the W32.Galil virus, but i have removed it using Norton and have scanned with both Nortons online scanner & Mcaffe's online scanner, but
no virus's were found.
I Still the same problem, I increased the ram to 384 MB and now it drops down to about 25% of that. I am using a free memory program called freemem to free up the ram every now and then.
Has anyone got any ideas, I am fresh out, I have never seen this large a drop in physical ram 15 years of PC tech work.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BillDL
That was quick, CrazyOne :-)
ASKER
Thanks Crazyone for responding.
I have not scanned for spyware on this particular machine, normally I would use spybot but this is a business machine and I have not noticed any of the usual spyware. Lately, this has become a daily support issue for me with my non-business clients. I will however try this anyway, it can't hurt.
I have swapped out the ram for known good ones, ones out of one of my own systems. I also am a computer dealer/consultant and have access to parts to swap in & out.
I haven't checked CPU Usage, just resource usage. I will try this as well. I will post the results to-morrow getting late now, tired.
Thanks
I have not scanned for spyware on this particular machine, normally I would use spybot but this is a business machine and I have not noticed any of the usual spyware. Lately, this has become a daily support issue for me with my non-business clients. I will however try this anyway, it can't hurt.
I have swapped out the ram for known good ones, ones out of one of my own systems. I also am a computer dealer/consultant and have access to parts to swap in & out.
I haven't checked CPU Usage, just resource usage. I will try this as well. I will post the results to-morrow getting late now, tired.
Thanks
>>>That was quick, CrazyOne :-)
:)
:)
>>>I haven't checked CPU Usage,
It may give a clue to which proccesses that may be the culprit.
It may give a clue to which proccesses that may be the culprit.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I forgot one other thing I did, ran msconfig and unchecked all startup items, rebooted and re-selected each one at a time and rebooted each time to see if I could eliminate or find the problem that way.
No luck.
The closest solution I have found is that with just plain vga driver loaded, and 128 MB of ram installed the physical ram stayed around 45 - 50MB.
The video card was made by giga-byte, powered by ATI. I have tried both Giga-byte drivers and reference drivers from ATI.
I might end up swapping out the video card.
Just ran spybot with latest detection rules, found 27 components, all were tracking cookies.
No luck.
The closest solution I have found is that with just plain vga driver loaded, and 128 MB of ram installed the physical ram stayed around 45 - 50MB.
The video card was made by giga-byte, powered by ATI. I have tried both Giga-byte drivers and reference drivers from ATI.
I might end up swapping out the video card.
Just ran spybot with latest detection rules, found 27 components, all were tracking cookies.
ASKER
Logfile of HijackThis v1.97.3
Scan saved at 12:16:47 AM, on 11/1/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\MSTASK.E
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.E
C:\WINDOWS\SYSTEM\STIMON.E
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\RunDLL.exe
C:\PVSW\BIN\BTRBOX95.EXE
C:\PROGRAM FILES\ANALOGX\MAXMEM\MAXME
C:\WINDOWS\SYSTEM\DDHELP.E
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\BB\HIJACKTHIS\HIJACKTHI
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptra
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.e
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvsc
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwa
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUND
O4 - Startup: Btrbox95.lnk = C:\PVSW\Bin\BTRBOX95.EXE
O4 - Startup: Outlook Backup Batch File.pif = C:\OUTLOOK.BAT
O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxme
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O17 - HKLM\System\CCS\Services\V
I am running behind a hardware firewall with a static Private IP address.
I like the ideas though, keep them coming.
Boycer
Hmmm I like your idea of the video. Does it use System RAM or VRAM?
ASKER
32 MB VRAM
I have tested the video ram using PC-Check and everything passed. Also ran motherboard, processor and ram tests - burn in tests.
I think I will try swapping out the video card in the morning. I am sitting here right now and the ram has dropped to 127MB free and I have only IE open and windows explorer open.
I justed did an aggressive free up of memory and am back at 269MB free now.
getting late time for sleep :-)
I will let you know regarding the video card. just a note though, this is one of two identical systems. Same motherboard, same video card, same processor, same OS etc..
I will re-post results in the morning.
Thanks to CrazyOne and BillDL for the feedback.
Boycer
I have tested the video ram using PC-Check and everything passed. Also ran motherboard, processor and ram tests - burn in tests.
I think I will try swapping out the video card in the morning. I am sitting here right now and the ram has dropped to 127MB free and I have only IE open and windows explorer open.
I justed did an aggressive free up of memory and am back at 269MB free now.
getting late time for sleep :-)
I will let you know regarding the video card. just a note though, this is one of two identical systems. Same motherboard, same video card, same processor, same OS etc..
I will re-post results in the morning.
Thanks to CrazyOne and BillDL for the feedback.
Boycer
Thanks for the list. The only thing I can see that would have any consequence is the Norton AntiVirus Definition Update monitoring file DEFWATCH.EXE, but that certainly wouldn't be chewing up resources to any noticeable extent.
Incidentally, while I was checking Symantec's site for possible conflicts with this file, I found the following extremely annoying script on their page:
http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2000051209340948?OpenDocument&ExpandSection=4
Place in "Head" tag.
<script language="JavaScript" type="text/javascript">
<!--
<!--
function printPage() {
var da = (document.all) ? 1 : 0;
var pr = (window.print) ? 1 : 0;
var mac = (navigator.userAgent.index
if (pr) { window.print(); } // NS4, IE5
else if (da && !mac) {vbPrintPage();} // IE4 (Windows)
else { } // other browsers
if (da && !pr && !mac) with (document) {
writeln('<OBJECT ID="WB" WIDTH="0" HEIGHT="0" CLASSID="clsid:8856F961-34
writeln('<' + 'SCRIPT LANGUAGE="VBScript">');
writeln('Sub window_onunload');
writeln(' On Error Resume Next');
writeln(' Set WB = nothing');
writeln('End Sub');
writeln('Sub vbPrintPage');
writeln(' OLECMDID_PRINT = 6');
writeln(' OLECMDEXECOPT_DONTPROMPTUS
writeln(' OLECMDEXECOPT_PROMPTUSER = 1');
writeln(' On Error Resume Next');
writeln(' WB.ExecWB OLECMDID_PRINT, OLECMDEXECOPT_DONTPROMPTUS
writeln('End Sub');
writeln('<' + '/SCRIPT>');
}
}
//-->
// -->
</script>
The damned page fires up your printer without prompting you. The swines, that's verging on malicious intrusion !!
Incidentally, while I was checking Symantec's site for possible conflicts with this file, I found the following extremely annoying script on their page:
http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2000051209340948?OpenDocument&ExpandSection=4
Place in "Head" tag.
<script language="JavaScript" type="text/javascript">
<!--
<!--
function printPage() {
var da = (document.all) ? 1 : 0;
var pr = (window.print) ? 1 : 0;
var mac = (navigator.userAgent.index
if (pr) { window.print(); } // NS4, IE5
else if (da && !mac) {vbPrintPage();} // IE4 (Windows)
else { } // other browsers
if (da && !pr && !mac) with (document) {
writeln('<OBJECT ID="WB" WIDTH="0" HEIGHT="0" CLASSID="clsid:8856F961-34
writeln('<' + 'SCRIPT LANGUAGE="VBScript">');
writeln('Sub window_onunload');
writeln(' On Error Resume Next');
writeln(' Set WB = nothing');
writeln('End Sub');
writeln('Sub vbPrintPage');
writeln(' OLECMDID_PRINT = 6');
writeln(' OLECMDEXECOPT_DONTPROMPTUS
writeln(' OLECMDEXECOPT_PROMPTUSER = 1');
writeln(' On Error Resume Next');
writeln(' WB.ExecWB OLECMDID_PRINT, OLECMDEXECOPT_DONTPROMPTUS
writeln('End Sub');
writeln('<' + '/SCRIPT>');
}
}
//-->
// -->
</script>
The damned page fires up your printer without prompting you. The swines, that's verging on malicious intrusion !!
ASKER
I agree, it is presumptious of them to assume we would want to print the page without prompting us. Talk about
taking control of a situation eh!
Oh by the way I am canadian eh!
I think I narrowed the problem down to either faulty video ram or buggy drivers, or a combination of both. I suspect the ram, myself, as I have heard nothing but fairly good things regarding ATI Catalyst Ref Drivers. Also,
I tried Giga-bytes ATI Drivers and V-tuner program with the same results.
I swapped out the Radeon Ve card for an old ATI Rage IIC AGP card, loaded the drivers and was able to run
Microsoft Word, Excel, Windows Explorer, Internet Explorer and play a Daredevil DVD using PowerDVD and still had almost 200MB of physical ram free and it did not drop below this.
So, I'am going to run with that as the solution.
taking control of a situation eh!
Oh by the way I am canadian eh!
I think I narrowed the problem down to either faulty video ram or buggy drivers, or a combination of both. I suspect the ram, myself, as I have heard nothing but fairly good things regarding ATI Catalyst Ref Drivers. Also,
I tried Giga-bytes ATI Drivers and V-tuner program with the same results.
I swapped out the Radeon Ve card for an old ATI Rage IIC AGP card, loaded the drivers and was able to run
Microsoft Word, Excel, Windows Explorer, Internet Explorer and play a Daredevil DVD using PowerDVD and still had almost 200MB of physical ram free and it did not drop below this.
So, I'am going to run with that as the solution.
Thank you, Boycer