Solved

Top Urgent : Page file usage jumps sky high suddenly.

Posted on 2004-04-12
54
8,847 Views
Last Modified: 2011-08-18
Hi

I'm using windows xp pro , my system is preety tidy no spythings no viruses and things like that.

O.k , So the problem is that after about 5 mins after booting windows the page file is jumping from bout 98MB into 950MB slowing down my system totally.. , Than randomly calm down back to around 100MB and back to around 1000MB in pars of minutes/seconds...

Please provide me with your best knowlege i realy getting pissed off..

Bye.
0
Comment
Question by:ShadowRack
  • 28
  • 9
  • 4
  • +7
54 Comments
 

Author Comment

by:ShadowRack
Comment Utility
It's going exactly up high to 965MB and then back to normal after couple of minutes...
0
 

Author Comment

by:ShadowRack
Comment Utility
Not exacly 965MB...
0
 
LVL 4

Expert Comment

by:brunomsilva
Comment Utility
have you tried looking at the scheduler?

you can also try to execute "msconfig" and check startup for strange files.

but it's hard to tell with that amount of information.
0
 

Author Comment

by:ShadowRack
Comment Utility
I changed the value at registry to clean the pf at logoff.

Maybe it worked out , it's only the first minutes of the new log and no raise for now..

BTW , i coulndn't manage to custume the page file both in the registry or at the advanced managment , The commit charge is always  - *usage* / 1247M -

k i wait for more idea's.
0
 

Author Comment

by:ShadowRack
Comment Utility
no strange files at the msconfig startup window , no scheduler.

What information u need?

Computer is P4 3.0GHZ@3.15GHz , Mem 256x2(400) / (@440).


Damn it havn't solved.. , it looks so weirdly annoying at the page file usage history , somth like this:

       ______
      |          |
___|            |____________
0
 

Author Comment

by:ShadowRack
Comment Utility
I've defragmented the page file with "System file defragmenter"..

still waiting to see if it succeded
0
 

Author Comment

by:ShadowRack
Comment Utility
didn't work...

This is too weird help me plx!!!!
0
 
LVL 8

Expert Comment

by:banks1850
Comment Utility
Tell me what your video card is, some of the ATI cards caused problems similar to this in the past, some others may as well, I would check it out.  Also, open up your task manager, add the I/O reads and I/O writes columns to it (view --> columns) and see what processes are using up all the I/O time, this usually helps and could be the culprit.  Could be a faulty process (programming bug, finite loop...etc)
0
 

Author Comment

by:ShadowRack
Comment Utility
Man your good maybe 2 shots.. , I tought it might be my firewall's fault <VSMON.EXE> proccess - I/O Reads 390,240 , Well i closed it and the page file was still a resources hog..

Plx give me further instruction bout this I/O comparation..

Bout my GPU it is Hercules Radeon 9800 pro , Never did problems , I already tried uninstalling catalist and runing windows in generic graphic drivers and it still did that mess..

Well , I'm waiting for your reply.

Thanks ahead.



0
 

Author Comment

by:ShadowRack
Comment Utility
These are the proccess that usually running :

aston.exe           C:\Aston\aston.exe                                                               1716 KB     9240 KB
    cisvc.exe           C:\WINDOWS\System32\cisvc.exe                                                     244 KB     3056 KB
    iexplore.exe        C:\Program Files\Internet Explorer\iexplore.exe                                   104 KB     9504 KB
    internat.exe        C:\Aston\XP\internat.exe                                                          120 KB      848 KB
    lsass.exe           C:\WINDOWS\system32\lsass.exe                                                     596 KB     1768 KB
    services.exe        C:\WINDOWS\system32\services.exe                                                  600 KB     1544 KB
    smss.exe            C:\WINDOWS\System32\smss.exe                                                       44 KB      172 KB
    svchost.exe         C:\WINDOWS\system32\svchost.exe                                                   140 KB     1108 KB
    svchost.exe         C:\WINDOWS\System32\svchost.exe                                                  1576 KB    11504 KB
    taskmgr.exe         C:\WINDOWS\System32\taskmgr.exe                                                  1496 KB     1772 KB
    vsmon.exe           C:\WINDOWS\system32\ZONELABS\vsmon.exe                                           1440 KB     5384 KB
    winlogon.exe        C:\WINDOWS\system32\winlogon.exe                                  
0
 

Author Comment

by:ShadowRack
Comment Utility
If ill tell you it happend all of the sudden would it be weirder?..

That pagefile don't even go to the bounderies stated...

0
 
LVL 7

Expert Comment

by:wtrmk74
Comment Utility
Post This for me

Regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Thanks
wtrmk74
0
 
LVL 6

Expert Comment

by:parkerig
Comment Utility
Hi,
Rather intrigue by this so please run msconfig
Choose Diagnostic StartUp and advise if problem still happens
If it doesn't then it must be a service or driver etc.
Have a look at the other msconfig tabs to see if anything loading that shouldn't
Finally unless you have a really good reason to clear page file at shutdown - don't as it just takes longer to shutdown.
Also I read in numerous areas to set the page file at 512 Meg. If I find the URL re that I'll post.
I use to have all my company servers at 1024 Meg for page file but after many hours of reading dropped them all to only 512 Meg ( Memory in Servers is 2048 so needed to disable complete dump in system area though) again I'll have a look for URL on this.

Any way I look forward to an EE solution to this.

Cheers
Ian
0
 

Expert Comment

by:mahae
Comment Utility
Your DDR memory is proberly bogus or the pipe (ea bios or hardware on motherboard) to it is not working properly.
If you let windows choose for it self the memory swap usage, is will continuely check what it needs, depending on access to drives and other systems and depending on installed memory.
0
 

Author Comment

by:ShadowRack
Comment Utility
Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Class Name:        <NO CLASS>
Last Write Time:   13/04/2004 - 11:41
Value 0
  Name:            NeroCheck
  Type:            REG_SZ
  Data:            C:\WINDOWS\system32\NeroCheck.exe

Value 1
  Name:            SoundMAXPnP
  Type:            REG_SZ
  Data:            C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

Value 2
  Name:            Zone Labs Client
  Type:            REG_SZ
  Data:            C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

Value 3
  Name:            MSConfig
  Type:            REG_SZ
  Data:            C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

--------------

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

this key is empty.
0
 

Author Comment

by:ShadowRack
Comment Utility
For both parkerig and mahae , I've ran windows at Safe Mode whice it is same as diagnostical startup and the problem havn't occur.. , So it seem that maybe it's a faulty service or somthing else unknown since it realy acts out randomly - jumping from 100 to 1000 and via versa in random timings without running somthing new.. , I tried looking everywhere for something that runs and making this problem , msconfig , registry editor etc..

But.. , another thing i saw is the RAM inusement , I think it is getting optimized and unused frequent somewhy..

I'm not running any program that autooptimize or somthing it is just like that.

Well it's not a fact yet but ill try to provide more clues.

Thanks ahead.
0
 

Author Comment

by:ShadowRack
Comment Utility
Yup it seems the memory is stuck at 437016k(83% free) and only the page file functioning.. as i opened many many programs that consume memory..
0
 

Author Comment

by:ShadowRack
Comment Utility
Mmm.. , well my bad it wasn't refreshed so dont mind the "stuck at 437016k(83% free)" thing.


:P
0
 
LVL 8

Assisted Solution

by:banks1850
banks1850 earned 50 total points
Comment Utility
ShadowRack,
    That posting you gave showing your current running processes, was that from the time when the memory is spiking?  If it is then I would check the event viewer for errors and warnings.  The viewer give you the time of any errors that pop up, there may be a clue there.  If you see an error or warning, or just something suspicious during the time the memory is spiking, then send that error along and we may be able to help further.  As far as I can tell, everything running in that list was normal (mem usage as well as them being normal processes for XP).  One other thing, by booting into safe mode, you confirmed that it is definately a driver or one of the enhanced Windows processes (I.E. not the core kernel), so the good news it is most likely something fixable as soon as you can isolate it.  

Also, just to be safe, I would download the latest ati drivers and all the agp/mboard drivers for your system and install them.  Check to see if there is a bios update too, AGP 8X sometimes causes problems.  Oh, and make sure you have DX 9.  Ati optimizes for the latest Direct X drivers.
0
 
LVL 11

Assisted Solution

by:lbertacco
lbertacco earned 50 total points
Comment Utility
ShadowRack, if you haven't already done this, in the task manager where you see the current processes and their memory usage, try adding the column "Peak memory usage" (from menu View->select columns). You might be able to see which process has benn using that much memory.
0
 
LVL 7

Expert Comment

by:shahrial
Comment Utility
Imho,

Try uninstalling Nero first...and see what happens.

Is your XP machine patched with XP Service Pack 1 (and all other fixes and critical update) from Windows Update?
If not then please do so.

You should also follow banks1850 good comments for better performance.
Good luck and have a nice day.

0
 

Author Comment

by:ShadowRack
Comment Utility
I have all Driveres both GPU , DirectX , Updated all at windows update , ill see if there's new bios update.

Ill try to uninstalled nero soon as my other computer(Shared internet) is finish his work.. since it need restarting.

About the sp1 i uninstalled it coz i tought it would help solve the problem but it didn't , I reupdated everything at windows update , i didn't notice if the SP1 is installed or not.

So for all your questions please follow the link below its images of many things you might need to know of the system :

http://www.villagephotos.com/pubbrowse.asp?selected=843339


Please notive all photos taken when the page file wasn't sky high , Ofcourse it wasn't intentionly.

ill try to catch it skyhigh and make a screen of it soon.
0
 

Author Comment

by:ShadowRack
Comment Utility
IT seems the ram is consumes to 0 when the page file icreasing to 1000 MB..

Please see this photo i added now too :

http://www.villagephotos.com/pubbrowse.asp?selected=843339
0
 
LVL 7

Expert Comment

by:wtrmk74
Comment Utility
Looking over your task manager files....
some curious entries arise....   Are you using Bilangual Windows ?

internat.exe
http://www.liutilities.com/products/wintaskspro/processlibrary/internat/

However the entry is only used in bilangual supprted OS. and should be about 20kb to 30kb

Conclusion = Possible Trojan or new variant of this
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.netsnake.html

Also...
aston.exe is a desktop manager and shell replacement for Windows.
if you do not have this or know about this could be another problem surrounding your problems. If your new shell replacement has been corrupted you will recieve spikes and errors and all sorts of problems running apps.

I would recommend also to varify the zlclient.exe has not been corrupted - This is your zone alarm client that runs in the background.

disconnect your PC from the internet....uncheck the run as service in your zone alarm dialog boxes....restart your PC and check on the entries listed above.

good luck
wtrmk74
0
 
LVL 7

Expert Comment

by:wtrmk74
Comment Utility
even the most tidy of systems can get infected !
0
 
LVL 6

Expert Comment

by:parkerig
Comment Utility
Hi,
I can't see any virus checker running.
Can you please confirm that you have booted into safe mode and run a full virus scan with the latest virus defns.
Thanks in advance
Ian.

Below is my stock standard advise on virus checking

http://www.experts-exchange.com/Miscellaneous/Q_20936305.html
0
 

Author Comment

by:ShadowRack
Comment Utility
o.k

I downloaded norton antivirus 2004 and checked viruses on safe mode(I already checked before that with panda antivirus , updated , no viruses found) and it found the following viruses :

1.winlogon.exeCommon Startup

2.cd_clint.dll

Altough it have been deleted the memory is still going mad and the problem consist , The page file is arising uncontorlably...


About the internat.exe and aston.exe , I'm aware of them , Aston is my shell instead of explorer hog , Aston is using internat.exe , I never had problem with it for a year..

Ill try unloading the zone alarm and all the other stuff now on clean start..

Please help me more ill give extra points plx!! , It works perfectly in safe mode no spiking and things...

chao..
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 7

Assisted Solution

by:wtrmk74
wtrmk74 earned 100 total points
Comment Utility
I find it interesting that you have 25 out of 33 services automatically starting when you boot your PC.

WHY ?

go to black viper website, this guy spent a long time researching service usauge and CPU draw

http://www.blackviper.com/WIN2K/servicecfg.htm

He has actually calculated that you only really need two or three services running for a successful boot !
Definately check out this site and turn off these services to find the problem!

SAFE MODE boots your PC with only the service required for basic functionality! Which is why your PC works fine in SAFE MODE. By eliminating the causer SERVICE you should find your answer thru TRIAL AND ERROR !

Let us know how it goes.
wtrmk74
0
 
LVL 6

Expert Comment

by:parkerig
Comment Utility
ShadowRack,
Thank you for your feedback.

Can I please ask you to startup zone alarm, remove all programs out of the program control and then see what POPS up.
I suggest this as there my be a program trying to send something out.
This will catch it and give us a hint.

Also having used many spy ware products I decided to retry http://pestpatrol.com
The earlier versions were terrible but version 4 just found an extra 35 problems including 2 high risk.

Suggest you give it a try. The trial version can't delete automatically but tells you how to delete manually.
I am about to spend the coin and buy it - very impressed.

Re BlackViper above - good advice but make your own decisions based on his advice.
I'm opening myself up here but the worst service ever ( in my humble opionion) has to be SSDP Discovery Service.

Cheers
Ian
0
 

Author Comment

by:ShadowRack
Comment Utility
Belive me  wtrmk74 i have spent alot but i'm not kidding , ALOT of my time disabling most of the services much more than the 19 i'm running currently , However disabling more than that will cause in infunction in the Internet and the Intenet Sharing which i need since i share 1 internet connection into 2 computers , BTW i've been to like 5 site like this and blackviper is not so "clear" in his settings modes.

parkerig , I tought about that idea and i shall uninstall zonealarm totaly including all it's settings including the program control as ill be back from work.

As for a total conclusion i might need to disable every service and wait some time to see which makes the spikies..

Please think about more ideas while im gone

Thanks alot all of you.
0
 
LVL 16

Expert Comment

by:Nyaema
Comment Utility
Your system seems to be running normally.

You mentioned that you have about 512MB of RAM.

The recommend page-file size is twice your physical ram.
I personally recommend three times.

Your page file only spikes to twice your physical RAM, once in a while expecially on startup.
That to me is normal, and should not be a reason for worry, unless there is a more worrying phenomenon.
0
 

Author Comment

by:ShadowRack
Comment Utility
It's not happening at startup , It's happening randomly in a season of usement of the pc at windows xp slowing the computer like a slug with sars...

well soon ill try what u suggested me my bro is using the other comp..
0
 

Expert Comment

by:mahae
Comment Utility
If you got more then one memory bank filled inside this pc remove all of them and check them one for one, if the problem keeps occuring with every one of them, then it's proberly a system process what is not working properly. If not,...
0
 

Author Comment

by:ShadowRack
Comment Utility
That must be a process since it's works fine at safe mode..

I've noticed that the spikes usage happends allot when the screensaver comes.. , well maybe it's another hint but it happends when it's not in screen server season too obviusoly..

I tried revoming the zonealarm program control and to update it again but it didnt work even with an access only to the internet only for iexplorer , messanger and outlook express..
0
 

Author Comment

by:ShadowRack
Comment Utility
Even with no programs at all allowed , so probebly not internet guided problem or is it?
0
 

Author Comment

by:ShadowRack
Comment Utility
Also when system is idle for a bit
0
 

Author Comment

by:ShadowRack
Comment Utility
I added new photo :

http://www.villagephotos.com/pubbrowse.asp?selected=843339

I managed to find the spikes happens when the system is idle for about 5 minutes and when i deleted all program access on zonealarm , A window popup saying scvhost.exe need accesss to the intenet from zonealarm showen up , So it is probebly 1 of the system services.. , anyone knows about the one that initiate when idle process??

plx help me ppl
0
 

Author Comment

by:ShadowRack
Comment Utility
Added another photo that shoes the usage spikes 25 mins when the computer was idle and when i came back it fixed up...

http://www.villagephotos.com/pubbrowse.asp?selected=843339
0
 

Expert Comment

by:mahae
Comment Utility
I know there are some issues with zone-alarm, remove it from your system, and get the internet connection out. See of the system keeps steady now.
0
 
LVL 7

Expert Comment

by:wtrmk74
Comment Utility
I know you probably dont want to do this but
Download HiJackThis
and post the report on your next visit
http://www.spychecker.com/program/hijackthis.html

I think we need to go deeper !

wtrmk74
0
 

Author Comment

by:ShadowRack
Comment Utility
Logfile of HijackThis v1.97.7
Scan saved at 03:05:31, on 15/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Aston\aston.exe
C:\Aston\XP\internat.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
F0 - system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Shortcut to killpnp.lnk = C:\killpnp.bat
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://c:/x.mht!file:///c:/pl.exe
O16 - DPF: {18871EA7-1B30-46DE-9283-E96E707492BA} (Playcom_ATL_Object Class) - http://www.netbabyworld.com/media/playcom/Playcom.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/patch/EARTPX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37905.6196875
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVBU/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5090935-6599-4CA3-8BE0-62AD13F1B67D}: NameServer = 212.150.48.169 206.49.94.234

0
 

Author Comment

by:ShadowRack
Comment Utility
I already tried not loading all zone alarm services and it didn't worked out :/
0
 
LVL 6

Expert Comment

by:parkerig
Comment Utility
Remove google tool bar

Ian
0
 
LVL 3

Accepted Solution

by:
haresh-nyc earned 300 total points
Comment Utility
Hi,
I just checked out the print screens. the last one is hilarious !

listen, Try this:

I see you've already added columns to your task manager screen.
From task manager under processes, click the view menu, and choose "select columns" and
Also add the following:
Virtual Memory Size (or VM Size).
AND also add the PID (process ID) columns.

you can then keep your task manager sorted by the VM Size column and keep the highest listed on top.
and then just wait till it happens again,

when the page file is increasing, look to see which process is using the most Virual Memory.
if it says srvchost note the PID number, and then you can use netstat -o which will show you the actual process using srvchost based on knowing the PID

also,  I notice a lot of attention being given to running processes,
but you should also consider going into your Internet Explorer settings and then to security, and set it to HIGH security to prevent active-x and other scripts from running until we find out where this is coming from. Active-x scripts make use of the cpu just like a program does.

let me know what happens.
haresh
0
 
LVL 3

Expert Comment

by:haresh-nyc
Comment Utility
hey,
read this:

Please note that there is a legitimate Windows application called %windir%\system\Internat.exe. The Trojan file (also known as internat.exe) is 82.5 KB in length and uses a zip file icon. The "real" Internat.exe is generally about 20 KB in length with a "?" icon.

why is internat.exe running on your machine ? are you using international settings ?

can you remove it from your startup (either using msconfig) or edit the run key.

also, I realized that a very important way to determine if this problem is coming from a user installed software package or if it's some windows issue is to see if this activity happens if you DO NOT LOGIN for the first minutes of your boot up.

haresh
0
 
LVL 7

Expert Comment

by:wtrmk74
Comment Utility
haresh-nyc

that was mentioned in previous post !
did you read entire thread yet ?
0
 
LVL 7

Expert Comment

by:wtrmk74
Comment Utility
HijackThis Log:

OK here's something that needs fixing !
Downloaded Program Files (DPF)

O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://c:/x.mht!file:///c:/pl.exe

What is this ?
http://www.tapuz.co.il

O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVBU/launcher.cab


SIMCITY , GAMINGZONE , and GIGEX dont really need to be ran when explorer opens unless you live for gaming !

NETBABYWORLD ?

WINDOWS UPDATE and MACROMEDIA are OK entries

wtrmk74
0
 
LVL 7

Expert Comment

by:wtrmk74
Comment Utility
Also fix this:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm


Question are you running a start up batch script ?
Because this is running !
O4 - Global Startup: Shortcut to killpnp.lnk = C:\killpnp.bat

Also....
Browser Helper Objects (BHO)
BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
0
 
LVL 11

Expert Comment

by:lbertacco
Comment Utility
The Windows Update starts only when the system is idle and also tries to access the internet (to see if updates are available). You can try disabling it:
right click on My Computer, Properties, Automatic Updates, uncheck "Keep my computer up to date".
0
 

Author Comment

by:ShadowRack
Comment Utility
Problem found! , It's the proccess Cidaemon.exe it eates all memory after some idleness and going back to normal after returning!

it doesn't load at the startup so it is probebly a manual proccess ill try to find the fix to beat it without windows probelem(if it is needed).


Special thanks to haresh-nyc with the help in task manger detection.
0
 

Author Comment

by:ShadowRack
Comment Utility
I disabled the indexing service as the source for the mem hog.. , If it works ill split points since many ppl here gave usufull hints , PLEASE TELL ME IF IT IS NOT RECOMMENDED TO DISABLE INDEXING SERVICE.

Thanks.
0
 
LVL 3

Expert Comment

by:haresh-nyc
Comment Utility
no problem to disable indexing.
I hate indexing.

keep it disabled forever !!!!!

haresh :)
0
 

Author Comment

by:ShadowRack
Comment Utility
I guess it's fixed now , 99%


Thanks for anyone that helped , You are great team even as total strangers to each other :P
0
 
LVL 7

Expert Comment

by:wtrmk74
Comment Utility
Glad it's all better!

Check on your Hijack This entries ....

Take Care
wtrmk74
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Clickfree HD 6 87
How to move files saved within Google Drive to other folder 3 61
windows 10 free update 45 127
Windows pro to home 2 69
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now