pagefile problems highjack this log

Discussion in 'Windows Desktop Systems' started by Vanquished, Jan 12, 2006.

  1. Vanquished

    Vanquished Mr. Bananagrabber Political User

    Messages:
    4,868
    Location:
    Massachusetts
    Hey.
    Heres the deal, im not sure if this is a hardware or a software problem but my problem is this: Over the last few days i installed Azereus on my computer and left my computer on to download, first of all my computer won't stay hibernated, or in stand by it resurrects itself on its own. Second I keep getting a message about my Page File memory being to low and that windows is making it higher. My Page File memory has jumped from 1Gb to 2.8 GB in the last 2 days. Does anyone know what wrong?
    Thanks Alot
    - Jack
     
  2. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    Re: Page file usage problem

    Thread moved to Windows Desktop.
     
  3. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    Re: Page file usage problem

    open task manager and see what's using your memory

    you have a leak, possibly a virus.

    till you get it sourted I would change the pf to 4 gigs
     
  4. Vanquished

    Vanquished Mr. Bananagrabber Political User

    Messages:
    4,868
    Location:
    Massachusetts
    Re: Page file usage problem

    A virus already?
    I just redid my computer with windows xp pro, and i havent gone to any unsecure places. Do you think that it might be my Azereus that gave me the spyware? Also what is this page file stuff? Maybe if i knew what controls how much i use i could figure out what to do. Im not at my computer right now so i couldnt check what its at. If it is a virus How could i get rid of it? Mcaffe?
    - Jack
     
  5. Son Goku

    Son Goku No lover of dogma

    Re: Page file usage problem

    I use Azureus, and am not seeing problems like this... It's likely something else.

    Basically the page file is a location on your hard drive, where inactive pages in memory (or pages that aren't immediately needed by the proc) can be "swapped out" to disk, so as to allow the system to bring pages into memory which the system or some program needs at the moment.

    Course I wouldn't set Azureus's built in cache size to some insane value, but it, upon install doesn't default to a massive value, so not suspecting that.

    BTW, depending on the network you're on, you could still get a virus without actually going to shady sites or opening some email that says "open my executable, plz" :laugh:

    Two other possible sources:

    - I've even had it happen where shrink wrapped instillation media has included a virus on it. With an old system I had, which came pre-loaded with MS-DOS 6.22 and win3.1, the DOS installation disk 1 came with a boot virus on the blasted thing, that for years I never noticed. (I guess it had some date thing included in the stupid virus, or something...)

    It was when I was getting another computer, and ready to format/partition the drive, that I ended up scanning the disk, and low and behold... I always kept the disk in the write protected state, so it wouldn't be over-written by accident. It must have shipped from MS that way, or something...

    The Windows 3.1 disk 5 (after I saw this, I checked the other disks too) had a different virus on the blasted thing. It can happen...

    - Several years ago, when we had blaster, nimda, and some other viruses going around, I was pretty well protected, with my own software firewalls and stuff. That is until I went to do a periodic/routine fresh format and reinstall the following December. I kept my IP info out of the NIC until I was ready to connect to Windows Update to patch the thing. I already installed SP1 (Service Pack 2 hadn't yet been released then), and the moment I brought my interface up (in like 1 second flat), network activity jumped, and that virus fricken pushed an upload onto my new install.

    I ended up having to grab the patches for the thing, to fix it (as removal would result in getting it from the network again), and then grab and run the removal tool for the thing afterwards...

    BTW, and as an aside:

    - If you don't have a seperate firewall program, enable Windows Firewall, (Windows XP I'm presuming?)
    - Get a good antivirus program, and scan your box
     
    Last edited: Jan 12, 2006
  6. Vanquished

    Vanquished Mr. Bananagrabber Political User

    Messages:
    4,868
    Location:
    Massachusetts
    Re: Page file usage problem

    Hi,
    Thanks alot, i'll do that, I just hate to do it with macafee, it takes too long. BUt whatever, ill do it.
    Thanks again for the time it must have taken you to write that essay helping me :)
    - JAck
     
  7. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    Re: Page file usage problem

    Azureus uses the Java VM which is a memory vulture - I recommend avoiding applications built with java for that reason. Take a look at utorrent as a nice alternative to azureus that isnt java based and see if you fair any better - this will allow us to see if it is a java vm issue or not.
     
  8. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    Re: Page file usage problem

    Agree with LordofLa here. utorrent is good.... I've had some good times with Bit Comet as well.
     
  9. Vanquished

    Vanquished Mr. Bananagrabber Political User

    Messages:
    4,868
    Location:
    Massachusetts
    Re: Page file usage problem

    2 things, do i have to unistall azereus to test it? because its not open now and the pf usage is nearing 4 gb. Also if all i need to do you think is to uninstall it to get the pf usage to go down ill do it instantly.
    Also are u sure utorrent inst spyware? i downloaded it and got right out of it cause i didnt like the feel of it.
    - JAck
     
  10. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
  11. Vanquished

    Vanquished Mr. Bananagrabber Political User

    Messages:
    4,868
    Location:
    Massachusetts
    Re: Page file usage problem

    Here's the deal, i really don't care about downloading stuff, all i want to do is fix the problem. Thus i just removed limewire, and azereus and im doing a virus scan right now.
    - JAck
     
  12. Vanquished

    Vanquished Mr. Bananagrabber Political User

    Messages:
    4,868
    Location:
    Massachusetts
    Re: Page file usage problem

    It kinda sucks that i built my pc so i cant go yell at a computer company but anyways....
    Here is a list of what i installed in the past few days.
    Gta San andreas
    Mobile edit
    Utorrent (unistalled right away)
    Azereus
    Java Runtime Environment
     
  13. Vanquished

    Vanquished Mr. Bananagrabber Political User

    Messages:
    4,868
    Location:
    Massachusetts
    Re: Page file usage problem

    Hey here is teh log that it gave me:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:45:35 PM, on 1/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
    C:\Program Files\ZyXEL\G360\OdHost.exe
    C:\Program Files\Labtec Wireless Desktop\OSD.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trillian\trillian.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Jack Ciriello\Local Settings\Temp\hijackthis\HijackThis.exe

    O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    O4 - Global Startup: ZyXEL G-360 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\G360\Gcc.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  14. Vanquished

    Vanquished Mr. Bananagrabber Political User

    Messages:
    4,868
    Location:
    Massachusetts
    Re: Page file usage problem

    By the way,
    I just got another windows message saying that my computers virtual memory was low and that it was going to up the reserves. So i dont know if thats really bad, this is like the 5th message ive gotten like that....
    so.....
     
  15. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    Re: Page file usage problem

    Remove the following (put a checkmark next to em all, and then 'Fix Selected'

    O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll

    Why?

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

    I'm not really sure why it's doing this - but it's got something to do with NVidea forceware... not sure what can be done about it.... anybody?

    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - htt p://install.wildtangent.com/Activ...veLauncher.cab


    Get rid of it.

    For now, get rid of these too...


    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)


    This too - I couldn't really identify it - but it's an installer of sorts and should only be running when you are installing something...

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    These two - though keep in mind, these may be all legit NVidea services... just doesn't feel right to me, especially with all the Winsock entries pointing at the specific NVidea DLLs...

    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
     
  16. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    Re: Page file usage problem

    I did a search on 'nvappfilter.dll' and I came up with nothing. It doesn't appear to be related to Nvidia software. I could be wrong.

    I also went to nvidia.com and ran a search through them... nothing. You could check the file properties for that file and see what the company is (any legit DLL by a major company will have the details filled in).
     
  17. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    Re: Page file usage problem

    Well Matt - I found it here....

    http://castlecops.com/lsp-164.html

    but why would it need to access the net? Perhaps to look for updates....

    /shakes scratching head, thinks this is way too many 'NVidea' services....
     
  18. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    Re: Page file usage problem

    I have a hard time believing what they say on that page. I'd check the file properties. NVIDIA'S site doesn't mention the file at all.

    You know?
     
  19. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
  20. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    Vanquished likes this.