XP Freezing

Maineearle · Feb 14, 2008

I was hit with some viruses and hacks unable to remove so I wiped the
harddrive with Killdisk and reformated and reinstalled OS but something is
draining my memory gets as low as 29 bytes ran Windows Memdiag (no errors
found) ran Windows Cleanmem and the computer runs good for about 5 min then
starts locking up, sometime after reboot and sometimes I can work for hours.
I including some errors and warning logs plus a Hijack log.

Applications:
Warning 2/8/2008 2:12:51 PM Userenv None 1517 SYSTEM RONALD-B2730983
Warning 2/8/2008 2:02:19 PM Windows Product
Activation None 1005 N/A RONALD-B2730983
Warning 2/8/2008 1:49:22 PM WinMgmt None 63 SYSTEM RONALD-B2730983

Security:
Failure Audit 2/14/2008 10:23:06 AM Security Policy Change 615 NETWORK
SERVICE RONALD-B2730983
System:
Warning 2/14/2008 10:23:19 AM Dhcp None 1003 N/A RONALD-B2730983
Warning 2/14/2008 10:23:05 AM PlugPlayManager None 256 N/A RONALD-B2730983
Error 2/14/2008 1:35:48 AM PSched None 14103 N/A RONALD-B2730983

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:17 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program
Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} -
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program
Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program
Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Leonard Grey · Feb 14, 2008

By consensus, HiJack This logs are not analyzed in this newsgroup. You
should be glad that all your memory is being used - that's why it was
put into your computer.

---
Leonard Grey
Errare humanum est

I was hit with some viruses and hacks unable to remove so I wiped the
harddrive with Killdisk and reformated and reinstalled OS but something is
draining my memory gets as low as 29 bytes ran Windows Memdiag (no errors
found) ran Windows Cleanmem and the computer runs good for about 5 min then
starts locking up, sometime after reboot and sometimes I can work for hours.
I including some errors and warning logs plus a Hijack log.

Applications:
Warning 2/8/2008 2:12:51 PM Userenv None 1517 SYSTEM RONALD-B2730983
Warning 2/8/2008 2:02:19 PM Windows Product
Activation None 1005 N/A RONALD-B2730983
Warning 2/8/2008 1:49:22 PM WinMgmt None 63 SYSTEM RONALD-B2730983

Security:
Failure Audit 2/14/2008 10:23:06 AM Security Policy Change 615 NETWORK
SERVICE RONALD-B2730983
System:
Warning 2/14/2008 10:23:19 AM Dhcp None 1003 N/A RONALD-B2730983
Warning 2/14/2008 10:23:05 AM PlugPlayManager None 256 N/A RONALD-B2730983
Error 2/14/2008 1:35:48 AM PSched None 14103 N/A RONALD-B2730983

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:17 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program
Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} -
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program
Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program
Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Gerry · Feb 15, 2008

How much RAM?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the boxes
before Peak Memory Usage and Virtual Memory size. What are the figures
for the 6 processes using the largest amounts?

Open Disk Defragmenter and click on Analyse. Select View Report and
click on Save As and Save. Now find VolumeC.txt in your My Documents
Folder and post a copy. Do this before running Disk Defragmenter as it
is more informative.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

I was hit with some viruses and hacks unable to remove so I wiped the
harddrive with Killdisk and reformated and reinstalled OS but
something is draining my memory gets as low as 29 bytes ran Windows
Memdiag (no errors found) ran Windows Cleanmem and the computer runs
good for about 5 min then starts locking up, sometime after reboot
and sometimes I can work for hours. I including some errors and
warning logs plus a Hijack log.

Applications:
Warning 2/8/2008 2:12:51 PM Userenv None 1517 SYSTEM RONALD-B2730983
Warning 2/8/2008 2:02:19 PM Windows Product
Activation None 1005 N/A RONALD-B2730983
Warning 2/8/2008 1:49:22 PM WinMgmt None 63 SYSTEM RONALD-B2730983

Security:
Failure Audit 2/14/2008 10:23:06 AM Security Policy Change 615 NETWORK
SERVICE RONALD-B2730983
System:
Warning 2/14/2008 10:23:19 AM Dhcp None 1003 N/A RONALD-B2730983
Warning 2/14/2008 10:23:05 AM PlugPlayManager None 256 N/A
RONALD-B2730983 Error 2/14/2008 1:35:48 AM PSched None 14103 N/A
RONALD-B2730983

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:17 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -
C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common
Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 -
HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program
Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk =
C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O16 - DPF:
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program
Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Maineearle · Feb 15, 2008

Ram size: 256

Committed: Total 341812 Limit 557596 Peak 418564
Processes:
iexplore 115920-58544
ccscchost systen 75792-59564
explore 38172-18144
svchost system 23524-16344
ccapp 15428-8996
winlogon 12522-5752

Volume (C

Volume size = 128 GB
Cluster size = 4 KB
Used space = 3.82 GB
Free space = 124 GB
Percent free space = 97 %

Volume fragmentation
Total fragmentation = 6 %
File fragmentation = 12 %
Free space fragmentation = 0 %

File fragmentation
Total files = 24,611
Average file size = 221 KB
Total fragmented files = 2,042
Total excess fragments = 8,326
Average fragments per file = 1.33

Pagefile fragmentation
Pagefile size = 336 MB
Total fragments = 1

Folder fragmentation
Total folders = 2,180
Fragmented folders = 16
Excess folder fragments = 210

Master File Table (MFT) fragmentation
Total MFT size = 27 MB
MFT record count = 26,852
Percent MFT in use = 97 %
Total MFT fragments = 2

--------------------------------------------------------------------------------
Fragments File Size Most fragmented files
269 17 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009901.exe
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP8\A0000180.msi
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002085.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001698.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002124.dll
92 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002209.dll
90 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009912.dll
90 5 MB \virusdef\VIRSCAN9.DAT
85 5 MB \virusdef\ESRDEF.BIN
81 344 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\ZCWVBH7V
79 336 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\69SZPV2P
74 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001946.dll
71 5 MB \Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
70 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP7\A0000141.cpl
69 6 MB \Program Files\Common Files\Symantec
Shared\SymcData\idsdefs\BinHub\sigs.dat
69 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080214.007\full-webauth.sql.bin
67 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\latest-hub-webauth.sql.bin
55 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009908.dll
49 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080215.002\full-webauth.sql.bin
47 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002129.dll
47 3 MB \virusdef\TCSCAN7.DAT
46 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0003346.EXE
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002244.dll
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002247.dll
45 4 MB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\3NY0648I\SymADataWeb[1].msi
45 4 MB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\69SZPV2P\SymADataWeb[1].msi
43 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP16\A0001331.dll
42 2 MB \virusdef\CCERASER.DLL
40 2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP23\A0008822.DLL
40 2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009924.DLL

Found something disturbing in the event logs the following warning
Hiperfcooker_V1 has been registered in the VMI namespace
Is this a virus?

Thanks Ron

Gerry said:
How much RAM?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the boxes
before Peak Memory Usage and Virtual Memory size. What are the figures
for the 6 processes using the largest amounts?

Open Disk Defragmenter and click on Analyse. Select View Report and
click on Save As and Save. Now find VolumeC.txt in your My Documents
Folder and post a copy. Do this before running Disk Defragmenter as it
is more informative.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

I was hit with some viruses and hacks unable to remove so I wiped the
harddrive with Killdisk and reformated and reinstalled OS but
something is draining my memory gets as low as 29 bytes ran Windows
Memdiag (no errors found) ran Windows Cleanmem and the computer runs
good for about 5 min then starts locking up, sometime after reboot
and sometimes I can work for hours. I including some errors and
warning logs plus a Hijack log.

Applications:
Warning 2/8/2008 2:12:51 PM Userenv None 1517 SYSTEM RONALD-B2730983
Warning 2/8/2008 2:02:19 PM Windows Product
Activation None 1005 N/A RONALD-B2730983
Warning 2/8/2008 1:49:22 PM WinMgmt None 63 SYSTEM RONALD-B2730983

Security:
Failure Audit 2/14/2008 10:23:06 AM Security Policy Change 615 NETWORK
SERVICE RONALD-B2730983
System:
Warning 2/14/2008 10:23:19 AM Dhcp None 1003 N/A RONALD-B2730983
Warning 2/14/2008 10:23:05 AM PlugPlayManager None 256 N/A
RONALD-B2730983 Error 2/14/2008 1:35:48 AM PSched None 14103 N/A
RONALD-B2730983

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:17 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -
C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common
Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 -
HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program
Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk =
C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O16 - DPF:
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program
Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Click to expand...

Leonard Grey · Feb 15, 2008

"Ram size: 256"

That could be your problem right there. (Sorry to butt in, Gerry.)

---
Leonard Grey
Errare humanum est

Gerry said:
Ram size: 256

Committed: Total 341812 Limit 557596 Peak 418564
Processes:
iexplore 115920-58544
ccscchost systen 75792-59564
explore 38172-18144
svchost system 23524-16344
ccapp 15428-8996
winlogon 12522-5752

Volume (C
Volume size = 128 GB
Cluster size = 4 KB
Used space = 3.82 GB
Free space = 124 GB
Percent free space = 97 %

Volume fragmentation
Total fragmentation = 6 %
File fragmentation = 12 %
Free space fragmentation = 0 %

File fragmentation
Total files = 24,611
Average file size = 221 KB
Total fragmented files = 2,042
Total excess fragments = 8,326
Average fragments per file = 1.33

Pagefile fragmentation
Pagefile size = 336 MB
Total fragments = 1

Folder fragmentation
Total folders = 2,180
Fragmented folders = 16
Excess folder fragments = 210

Master File Table (MFT) fragmentation
Total MFT size = 27 MB
MFT record count = 26,852
Percent MFT in use = 97 %
Total MFT fragments = 2

--------------------------------------------------------------------------------
Fragments File Size Most fragmented files
269 17 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009901.exe
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP8\A0000180.msi
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002085.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001698.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002124.dll
92 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002209.dll
90 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009912.dll
90 5 MB \virusdef\VIRSCAN9.DAT
85 5 MB \virusdef\ESRDEF.BIN
81 344 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\ZCWVBH7V
79 336 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\69SZPV2P
74 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001946.dll
71 5 MB \Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
70 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP7\A0000141.cpl
69 6 MB \Program Files\Common Files\Symantec
Shared\SymcData\idsdefs\BinHub\sigs.dat
69 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080214.007\full-webauth.sql.bin
67 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\latest-hub-webauth.sql.bin
55 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009908.dll
49 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080215.002\full-webauth.sql.bin
47 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002129.dll
47 3 MB \virusdef\TCSCAN7.DAT
46 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0003346.EXE
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002244.dll
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002247.dll
45 4 MB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\3NY0648I\SymADataWeb[1].msi
45 4 MB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\69SZPV2P\SymADataWeb[1].msi
43 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP16\A0001331.dll
42 2 MB \virusdef\CCERASER.DLL
40 2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP23\A0008822.DLL
40 2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009924.DLL

Found something disturbing in the event logs the following warning
Hiperfcooker_V1 has been registered in the VMI namespace
Is this a virus?

Thanks Ron

Gerry said:

How much RAM?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the boxes
before Peak Memory Usage and Virtual Memory size. What are the figures
for the 6 processes using the largest amounts?

Open Disk Defragmenter and click on Analyse. Select View Report and
click on Save As and Save. Now find VolumeC.txt in your My Documents
Folder and post a copy. Do this before running Disk Defragmenter as it
is more informative.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

I was hit with some viruses and hacks unable to remove so I wiped the
harddrive with Killdisk and reformated and reinstalled OS but
something is draining my memory gets as low as 29 bytes ran Windows
Memdiag (no errors found) ran Windows Cleanmem and the computer runs
good for about 5 min then starts locking up, sometime after reboot
and sometimes I can work for hours. I including some errors and
warning logs plus a Hijack log.

Applications:
Warning 2/8/2008 2:12:51 PM Userenv None 1517 SYSTEM RONALD-B2730983
Warning 2/8/2008 2:02:19 PM Windows Product
Activation None 1005 N/A RONALD-B2730983
Warning 2/8/2008 1:49:22 PM WinMgmt None 63 SYSTEM RONALD-B2730983

Security:
Failure Audit 2/14/2008 10:23:06 AM Security Policy Change 615 NETWORK
SERVICE RONALD-B2730983
System:
Warning 2/14/2008 10:23:19 AM Dhcp None 1003 N/A RONALD-B2730983
Warning 2/14/2008 10:23:05 AM PlugPlayManager None 256 N/A
RONALD-B2730983 Error 2/14/2008 1:35:48 AM PSched None 14103 N/A
RONALD-B2730983

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:17 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -
C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common
Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 -
HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program
Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk =
C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O16 - DPF:
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program
Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Click to expand...

Click to expand...

Maineearle · Feb 15, 2008

This computer has alway worked well with 256 ram untill it was hit with
viruses and hacks. I have to believe that the rest of my reponse to
Gerry was no read

:
"Ram size: 256"

That could be your problem right there. (Sorry to butt in, Gerry.)

---
Leonard Grey
Errare humanum est

Ram size: 256

Committed: Total 341812 Limit 557596 Peak 418564
Processes:
iexplore 115920-58544
ccscchost systen 75792-59564
explore 38172-18144
svchost system 23524-16344
ccapp 15428-8996
winlogon 12522-5752

Volume (C
Volume size = 128 GB
Cluster size = 4 KB
Used space = 3.82 GB
Free space = 124 GB
Percent free space = 97 %

Volume fragmentation
Total fragmentation = 6 %
File fragmentation = 12 %
Free space fragmentation = 0 %

File fragmentation
Total files = 24,611
Average file size = 221 KB
Total fragmented files = 2,042
Total excess fragments = 8,326
Average fragments per file = 1.33

Pagefile fragmentation
Pagefile size = 336 MB
Total fragments = 1

Folder fragmentation
Total folders = 2,180
Fragmented folders = 16
Excess folder fragments = 210

Master File Table (MFT) fragmentation
Total MFT size = 27 MB
MFT record count = 26,852
Percent MFT in use = 97 %
Total MFT fragments = 2

--------------------------------------------------------------------------------
Fragments File Size Most fragmented files
269 17 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009901.exe
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP8\A0000180.msi
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002085.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001698.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002124.dll
92 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002209.dll
90 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009912.dll
90 5 MB \virusdef\VIRSCAN9.DAT
85 5 MB \virusdef\ESRDEF.BIN
81 344 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\ZCWVBH7V
79 336 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\69SZPV2P
74 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001946.dll
71 5 MB \Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
70 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP7\A0000141.cpl
69 6 MB \Program Files\Common Files\Symantec
Shared\SymcData\idsdefs\BinHub\sigs.dat
69 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080214.007\full-webauth.sql.bin
67 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\latest-hub-webauth.sql.bin
55 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009908.dll
49 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080215.002\full-webauth.sql.bin
47 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002129.dll
47 3 MB \virusdef\TCSCAN7.DAT
46 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0003346.EXE
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002244.dll
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002247.dll
45 4 MB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\3NY0648I\SymADataWeb[1].msi
45 4 MB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\69SZPV2P\SymADataWeb[1].msi
43 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP16\A0001331.dll
42 2 MB \virusdef\CCERASER.DLL
40 2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP23\A0008822.DLL
40 2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009924.DLL

Click to expand...

Found something disturbing in the event logs the this was the warning
message

Gerry said:
Hiperfcooker_V1 has been registered in the VMI namespace
Is this a virus?

Thanks Ron

Gerry said:

How much RAM?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the boxes
before Peak Memory Usage and Virtual Memory size. What are the figures
for the 6 processes using the largest amounts?

Open Disk Defragmenter and click on Analyse. Select View Report and
click on Save As and Save. Now find VolumeC.txt in your My Documents
Folder and post a copy. Do this before running Disk Defragmenter as it
is more informative.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Maineearle wrote:
I was hit with some viruses and hacks unable to remove so I wiped the
harddrive with Killdisk and reformated and reinstalled OS but
something is draining my memory gets as low as 29 bytes ran Windows
Memdiag (no errors found) ran Windows Cleanmem and the computer runs
good for about 5 min then starts locking up, sometime after reboot
and sometimes I can work for hours. I including some errors and
warning logs plus a Hijack log.

Applications:
Warning 2/8/2008 2:12:51 PM Userenv None 1517 SYSTEM RONALD-B2730983
Warning 2/8/2008 2:02:19 PM Windows Product
Activation None 1005 N/A RONALD-B2730983
Warning 2/8/2008 1:49:22 PM WinMgmt None 63 SYSTEM RONALD-B2730983

Security:
Failure Audit 2/14/2008 10:23:06 AM Security Policy Change 615 NETWORK
SERVICE RONALD-B2730983
System:
Warning 2/14/2008 10:23:19 AM Dhcp None 1003 N/A RONALD-B2730983
Warning 2/14/2008 10:23:05 AM PlugPlayManager None 256 N/A
RONALD-B2730983 Error 2/14/2008 1:35:48 AM PSched None 14103 N/A
RONALD-B2730983

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:17 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -
C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common
Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 -
HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program
Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk =
C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O16 - DPF:
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program
Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Click to expand...

Click to expand...

Leonard Grey · Feb 15, 2008

What was not read - by you - are the suggested minimum requirements for
a complete set of effective, modern security applications.

For example, NOD32 has one of the lightest footprints of today's
antivirus application. It's minimum requirement is 128MB. But you also
need a third-party firewall, at minimum, and you probably want
additional protection against malware, rootkits, trojans, spam, etc.
These programs also use RAM. I bet you're using some Office-type
applications, too.

You can certainly run XP with 256MB, but you're going to be making
compromises.

---
Leonard Grey
Errare humanum est

This computer has alway worked well with 256 ram untill it was hit with
viruses and hacks. I have to believe that the rest of my reponse to
Gerry was no read

:
"Ram size: 256"

That could be your problem right there. (Sorry to butt in, Gerry.)

---
Leonard Grey
Errare humanum est

Ram size: 256

Committed: Total 341812 Limit 557596 Peak 418564
Processes:
iexplore 115920-58544
ccscchost systen 75792-59564
explore 38172-18144
svchost system 23524-16344
ccapp 15428-8996
winlogon 12522-5752

Volume (C
Volume size = 128 GB
Cluster size = 4 KB
Used space = 3.82 GB
Free space = 124 GB
Percent free space = 97 %

Volume fragmentation
Total fragmentation = 6 %
File fragmentation = 12 %
Free space fragmentation = 0 %

File fragmentation
Total files = 24,611
Average file size = 221 KB
Total fragmented files = 2,042
Total excess fragments = 8,326
Average fragments per file = 1.33

Pagefile fragmentation
Pagefile size = 336 MB
Total fragments = 1

Folder fragmentation
Total folders = 2,180
Fragmented folders = 16
Excess folder fragments = 210

Master File Table (MFT) fragmentation
Total MFT size = 27 MB
MFT record count = 26,852
Percent MFT in use = 97 %
Total MFT fragments = 2

--------------------------------------------------------------------------------
Fragments File Size Most fragmented files
269 17 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009901.exe
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP8\A0000180.msi
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002085.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001698.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002124.dll
92 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002209.dll
90 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009912.dll
90 5 MB \virusdef\VIRSCAN9.DAT
85 5 MB \virusdef\ESRDEF.BIN
81 344 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\ZCWVBH7V
79 336 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\69SZPV2P
74 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001946.dll
71 5 MB \Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
70 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP7\A0000141.cpl
69 6 MB \Program Files\Common Files\Symantec
Shared\SymcData\idsdefs\BinHub\sigs.dat
69 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080214.007\full-webauth.sql.bin
67 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\latest-hub-webauth.sql.bin
55 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009908.dll
49 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080215.002\full-webauth.sql.bin
47 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002129.dll
47 3 MB \virusdef\TCSCAN7.DAT
46 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0003346.EXE
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002244.dll
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002247.dll
45 4 MB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\3NY0648I\SymADataWeb[1].msi
45 4 MB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\69SZPV2P\SymADataWeb[1].msi
43 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP16\A0001331.dll
42 2 MB \virusdef\CCERASER.DLL
40 2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP23\A0008822.DLL
40 2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009924.DLL

Click to expand...

Click to expand...

Found something disturbing in the event logs the this was the warning
message

Hiperfcooker_V1 has been registered in the VMI namespace
Is this a virus?

Thanks Ron

:

How much RAM?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the boxes
before Peak Memory Usage and Virtual Memory size. What are the figures
for the 6 processes using the largest amounts?

Open Disk Defragmenter and click on Analyse. Select View Report and
click on Save As and Save. Now find VolumeC.txt in your My Documents
Folder and post a copy. Do this before running Disk Defragmenter as it
is more informative.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Maineearle wrote:
I was hit with some viruses and hacks unable to remove so I wiped the
harddrive with Killdisk and reformated and reinstalled OS but
something is draining my memory gets as low as 29 bytes ran Windows
Memdiag (no errors found) ran Windows Cleanmem and the computer runs
good for about 5 min then starts locking up, sometime after reboot
and sometimes I can work for hours. I including some errors and
warning logs plus a Hijack log.

Applications:
Warning 2/8/2008 2:12:51 PM Userenv None 1517 SYSTEM RONALD-B2730983
Warning 2/8/2008 2:02:19 PM Windows Product
Activation None 1005 N/A RONALD-B2730983
Warning 2/8/2008 1:49:22 PM WinMgmt None 63 SYSTEM RONALD-B2730983

Security:
Failure Audit 2/14/2008 10:23:06 AM Security Policy Change 615 NETWORK
SERVICE RONALD-B2730983
System:
Warning 2/14/2008 10:23:19 AM Dhcp None 1003 N/A RONALD-B2730983
Warning 2/14/2008 10:23:05 AM PlugPlayManager None 256 N/A
RONALD-B2730983 Error 2/14/2008 1:35:48 AM PSched None 14103 N/A
RONALD-B2730983

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:17 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -
C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common
Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 -
HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program
Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk =
C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O16 - DPF:
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program
Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Click to expand...

Click to expand...

Daave · Feb 16, 2008

Leonard said:
"Ram size: 256"

That could be your problem right there. (Sorry to butt in, Gerry.)

Although OP doesn't seem to have enough RAM to avoid relying on using
the pagefile (which would surely slow things down), his main problem is
with freezing, so there must be something else wrong.

Daave · Feb 16, 2008

Maineearle said:
I was hit with some viruses and hacks unable to remove so I wiped the
harddrive with Killdisk and reformated and reinstalled OS but
something is draining my memory gets as low as 29 bytes ran Windows
Memdiag (no errors found) ran Windows Cleanmem and the computer runs
good for about 5 min then starts locking up, sometime after reboot
and sometimes I can work for hours.

Are you on a network?

What exactly locks up? Are you talking about applications hanging? And
if so, which one(s)?

In another post, I noted high figures for Internet Explorer. Which
version are you running? If IE7, have you tried running it in "no
add-ons" mode?

Gerry · Feb 16, 2008

Last question first answer! Normal warning confirming WMI doing it's
job.
http://www.eventid.net/display.asp?eventid=63&eventno=1885&source=WinMgmt&phase=1

Hiperfcooker_V1
http://msdn2.microsoft.com/en-us/library/aa390431(VS.85).aspx

Your system is clearly using the pagefile as both the Total and Peak
exceed 256 mb RAM. Most users need 512 mb RAM for satisfactory
performance and more if the computer is used to run programmes requiring
considerable memory e.g. graphics with undo features. You can add memory
or try to reduce usage.

You pagefile is shown as 336 mb. Is this a fixed maximum or is you
pagefile set up on a "Let Windows manage". Until you add RAM memory you
need either to significantly increase the maximum to 512 mb or more or
change to "Let Windows manage".

Is this an Acer Laptop? What model?

ccscchost systen - I think you have a mistype here?

What Norton product do have installed? When does the subscription
expire? Many users have found Norton to be unsatisfactory in performance
terms on your type of machine. There are perfectly adequate freeware
alternatives available to home users.

I find a used disk space of only 3.82 gb a potential puzzle as the
Windows XP Windows folder needs over 3 gb. You presumably have few
programmes and little or no data on the computer?

Select Start, All Programs, Accessories, System Tools, Disk CleanUp to
Empty your Recycle Bin and Remove Temporary Internet Files. Also
select Start, All Programs, accessories, System Tools, Disk CleanUp,
More Options, System Restore and remove all but the latest System
Restore point. Run Disk Defragmenter.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Gerry said:
Ram size: 256

Committed: Total 341812 Limit 557596 Peak 418564
Processes:
iexplore 115920-58544
ccscchost systen 75792-59564
explore 38172-18144
svchost system 23524-16344
ccapp 15428-8996
winlogon 12522-5752

Volume (C
Volume size = 128 GB
Cluster size = 4 KB
Used space = 3.82 GB
Free space = 124 GB
Percent free space = 97 %

Volume fragmentation
Total fragmentation = 6 %
File fragmentation = 12 %
Free space fragmentation = 0 %

File fragmentation
Total files = 24,611
Average file size = 221 KB
Total fragmented files = 2,042
Total excess fragments = 8,326
Average fragments per file = 1.33

Pagefile fragmentation
Pagefile size = 336 MB
Total fragments = 1

Folder fragmentation
Total folders = 2,180
Fragmented folders = 16
Excess folder fragments = 210

Master File Table (MFT) fragmentation
Total MFT size = 27 MB
MFT record count = 26,852
Percent MFT in use = 97 %
Total MFT fragments = 2

--------------------------------------------------------------------------------
Fragments File Size Most fragmented files
269 17 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009901.exe
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP8\A0000180.msi
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002085.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001698.dll
128 8 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002124.dll
92 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002209.dll
90 6 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009912.dll
90 5 MB \virusdef\VIRSCAN9.DAT
85 5 MB \virusdef\ESRDEF.BIN
81 344 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\ZCWVBH7V
79 336 KB \Documents and Settings\Ron\Local
Settings\Temporary Internet Files\Content.IE5\69SZPV2P
74 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0001946.dll
71 5 MB \Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
70 5 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP7\A0000141.cpl
69 6 MB \Program Files\Common Files\Symantec
Shared\SymcData\idsdefs\BinHub\sigs.dat
69 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080214.007\full-webauth.sql.bin
67 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\latest-hub-webauth.sql.bin
55 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009908.dll
49 9 MB \Program Files\Common Files\Symantec
Shared\SymcData\nco1.0defs\20080215.002\full-webauth.sql.bin
47 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP19\A0002129.dll
47 3 MB \virusdef\TCSCAN7.DAT
46 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0003346.EXE
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002244.dll
45 3 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP20\A0002247.dll
45 4 MB \Documents and Settings\Ron\Local
Settings\Temporary Internet
Files\Content.IE5\3NY0648I\SymADataWeb[1].msi 45 4 MB
\Documents and Settings\Ron\Local Settings\Temporary Internet
Files\Content.IE5\69SZPV2P\SymADataWeb[1].msi 43 3 MB
\System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP16\A0001331.dll
42 2 MB \virusdef\CCERASER.DLL 40
2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP23\A0008822.DLL
40 2 MB \System Volume
Information\_restore{DDAB1A4E-0E55-48AC-8843-9AEC216A8F83}\RP25\A0009924.DLL

Found something disturbing in the event logs the following warning
Hiperfcooker_V1 has been registered in the VMI namespace
Is this a virus?

Thanks Ron

Gerry said:

How much RAM?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the
boxes before Peak Memory Usage and Virtual Memory size. What are the
figures for the 6 processes using the largest amounts?

Open Disk Defragmenter and click on Analyse. Select View Report and
click on Save As and Save. Now find VolumeC.txt in your My Documents
Folder and post a copy. Do this before running Disk Defragmenter as
it is more informative.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

I was hit with some viruses and hacks unable to remove so I wiped
the harddrive with Killdisk and reformated and reinstalled OS but
something is draining my memory gets as low as 29 bytes ran Windows
Memdiag (no errors found) ran Windows Cleanmem and the computer runs
good for about 5 min then starts locking up, sometime after reboot
and sometimes I can work for hours. I including some errors and
warning logs plus a Hijack log.

Applications:
Warning 2/8/2008 2:12:51 PM Userenv None 1517 SYSTEM RONALD-B2730983
Warning 2/8/2008 2:02:19 PM Windows Product
Activation None 1005 N/A RONALD-B2730983
Warning 2/8/2008 1:49:22 PM WinMgmt None 63 SYSTEM RONALD-B2730983

Security:
Failure Audit 2/14/2008 10:23:06 AM Security Policy Change 615
NETWORK SERVICE RONALD-B2730983
System:
Warning 2/14/2008 10:23:19 AM Dhcp None 1003 N/A RONALD-B2730983
Warning 2/14/2008 10:23:05 AM PlugPlayManager None 256 N/A
RONALD-B2730983 Error 2/14/2008 1:35:48 AM PSched None 14103 N/A
RONALD-B2730983

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:17 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -
C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common
Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 -
HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program
Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk =
C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O16 - DPF:
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program
Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Click to expand...

Click to expand...

Daave · Feb 16, 2008

Wouldn't 3.82 GB of used disk space be normal for a fresh install?

Gerry · Feb 16, 2008

Daave

Plus System Restore + pagefile + Norton possibly but it is unusual to
have no programmes etc.

--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Daave · Feb 16, 2008

I'm not following.

It's been a while since I've done a clean install, but if I were to do
one, about how much disk space do you think it would take up? And since
it's a clean install, wouldn't you expect there to be a low number of
programs and a small amount of data?

Gerry · Feb 16, 2008

As I said Daave it's possible but it's hardly a key factor in
determining why the system is freezing. It was just an aside.

--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~