"Memory space keeps decreasing".... Is this a virus?

I've been facing a peculiar problem on my laptop but haven't been able to figure whether it is a spyware/ malware infection.

Around 2 weeks ago, i noticed that the free space in my comp would continuously keep decreasing. In some cases it would "lose" around 20 MB every 1 hour. It was so bad that on one day it fell to zero MB free space. Now i've run as many anti-virus scans as possible and have been attempting to fix this issue, but to no result.

I've undertaken scans from Avast, Avira, Spybot, Adaware, NOD 32, Trojan Hunter and finally MBAM. None of the earlier scans detected any virus on the system except for MBAM which indicated a hijack.system.hidden infected file.

Now i'd like to know if this problem has been encountered by anyone here before and if so, is this a malware problem? If not, how do i rectify it?

Thanks in advance.

[Global Moderator]

What Operating System?
Do you currently have more than one antivirus program installed?
What is the total hard drive space and free space?

After answering those, try this:
Download and Install
CCleaner.
(Without Yahoo Toolbar: http://www.ccleaner.com/download/builds/downloading-slim)

When it is installed, run it and make sure the following checkboxes are checked.
Internet Explorer --> Temporary Files
Internet Explorer --> Cookies (optional)
Mozilla Firefox --> Internet Cache
Mozilla Firefox --> Cookies (optional)
System --> Temporary Files
System --> Empty Recycling Bin (optional but recommended if low on disk space)
You can check whatever else you want but you should know that whatever you check will be unrecoverable.
When you are done, Run the Cleaner.

Another tip on freeing space is to remove old programs you don't use or don't work(like trial versions)
Go to Start --> Control Panel
(Start --> RUN --> Control and press Enter)
Make sure you are in Classic View, not Category View.
Look for Add and Remove Programs.

(snippet from here: http://www.computerhope.com/forum/index.php/topic,62253.0.html)

Thanks for the reply, Carbon.

My current OS is Win XP SP2and currently i have the free version of ESET NOD32. After detecting the problem i've also installed a firewall (Comodo), an anti-malware s/w (Malwarebyte's Anti-malware). Before that I installed (and later uninstalled) Avira, avast, Adaware and Trojan Hunter. None of these have detected anything except for MBAM, so i'm planning to install AVG in a while.

The laptop has a single drive of 33.1 GB and as of now the free space is 3.79 GB.

I have d/l and installed CCleaner. The actions you prescribed have been performed and unnecessary programs uninstalled. But the problem still remains.

Have i missed out on something? Any other details? Do let me know...

[Global Moderator]

Lets see.....

How much Virtual Memory do you have set to your drive?
Right Click My Computer and go to Properties. Then go to the Performance Tab and click on Virtual Memory.

How much space is your Recycling Bin using?
Right Click the Recycling Bin and go to Properties
(also try emptying the bin)

How much HD space have you set System Restore?
Right Click My Computer and go to Properties. Click on the System Restore tab.

Now how much free space is there?

Thanks for the prompt reply, Carbon. Here goes..

How much Virtual Memory do you have set to your drive?

Uhm.. I'm unable to find the Performance Tab on right-clicking. Do i look some place else?

How much space is your Recycling Bin using?

Max size of Recycle bin is 10% and space reserved is 3.31 GB. I've emptied the Bin using CCleaner

How much HD space have you set System Restore?

Last week, I removed system restore points so that i could use more memory space. Currently it reads as "Disk Space to use - 12% (4007 MB)"

If it helps - since i started the thread the free space on my laptop has fallen to 3.69 GB!

[Global Moderator]

How much HD space have you set System Restore?

Last week, I removed system restore points so that i could use more memory space. Currently it reads as "Disk Space to use - 12% (4007 MB)"

If it helps - since i started the thread the free space on my laptop has fallen to 3.69 GB!

Wow, strange.....
When did this start? Any recent downloads or installations that may have caused this?

Also, If you think it's a malware issue, I would look here:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Wow, strange.....

Surprising, eh? Knocked my socks off when i saw that on my laptop as well. I somehow keep visioning my laptop as a live time-bomb!  My strongest hunch is that i d/l Google Chrome on the second day of release and browsed the planet on it - without a firewall !! In hindsight, i've realised how under-prepared and naive i was.

Let me now admit to you that i've been ravaging the internet in search of a solution. I've read up a few other sites which have similar step-by-step procedures listed and those are my resources. I'm more than glad to have you showing interest in this problem. Please don't get me wrong here but i'm at my wits end in trying to understand what's wrong.

I've read that link before reaching the forums and am currently installing AVG. Have already installed MBAM, Trojan Hunter and Adaware. Is it necessary for me to uninstall any of them before loading SuperAntiSpyware?

Will let you in on the progress of the AVG scan in a while.

Edit - Spelling mistakes

[Global Moderator]

Is it necessary for me to uninstall any of them before loading SuperAntiSpyware?

I don't think so. Just follow those steps and post the three logs here and one of our Malware Specialists will have a look at them.

Hmm.. this is surely going to take me a while then. In a few hours probably you should see a reply... or since i'm too lazy, it'll be Sunday morning. Either ways, i'm smiling that there's atleast ONE person who'se noticed my problem. Thanks for the replies, Carbon.

Will be back soon.

[Global Moderator]

All right, Good Luck!

This evening I AVG installed with the latest updates. It performed a command line scan in Safe mode and... found nothing! I restarted and also noted the HijackThis log. Frustrating as it is, now the free memory space has moved a few notches to 4.02 GB but falls back to 4.00 GB in 5 min time!!!!

What is happening??? Expert advice majorly solicited.

Here are the logs:

AVG 8.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2008 AVG Technologies
Program version 8.0.145, engine 8.0.0
Virus Database: Version 270.8.2/1743  2008-10-24

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c4d52b15c41845c42eda9b1d64a2353_b339b0d0-f2f5-494c-acfb-6ea85074dcce Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d3305a016ed9f70500a0a6b338f998a_b339b0d0-f2f5-494c-acfb-6ea85074dcce Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\WINDOWS\system32\config\DEFAULT Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SOFTWARE Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SYSTEM Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.

------------------------------------------------------------
Objects scanned     : 654467
Found infections    :    0
Found PUPs          :    0
Healed infections   :    0
Healed PUPs         :    0
Warnings            :    0
------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:53 AM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Documents and Settings\Ramakant_pgp\Desktop\hijackthis_ver2.0.2_(Auhma.com).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.4:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199311108859
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\system32\cssdll32.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 11023 bytes

[Malware Removal Specialist]

Also, If you think it's a malware issue, I would look here:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

We need to see the logs from the above link. Posted in order.

Hey Evil,

Sorry for the delay. Am traveling this week. Will be checking mails every night. Here are the files as requested. Hope they help.



[Saving space - attachment deleted by admin]

[Malware Removal Specialist]

I can't see anything that would indicate a virus or anything that would be causing this.

That's what been bothering me as well. Practically every virus scan that i've been running hasn't shown signs of any malware or virus. However still the issue of vanishing memory space refuses to budge.

Its strange since the last time i shut my computer i remember clearly Explorer showing 3.43 GB of free space. I shut it down for 2 days and boot it after the travel and last night it spiked to 5.31 GB! Without me deleting anything, free memory space has apparently "increased". The only activity i performed the previous time were only virus scans. For preparing the logs, it took me almost 3 hours in scanning the system. In this period the free space "decreased" to 4.30 GB. I lost an entire 1 GB in that period of time.

Hence the question - Is this now a malware/ trojan/ virus or is something else seriously wrong with the laptop?

[Malware Removal Specialist]

It could be malware but sounds more like something that is constantly writing information to the disk. A buggy program maybe that is constantly writing logs or something.

Download and run 'Windows Directory Statistics'. This program will show you what is using up your resources and hopefully narrow down what the problem is.

Hmm.. Thanks for the tool, evil. Its a very convenient method to have a visual glance of the memory usage. With regard to the problem, most of what i see are the expected results. Nothing unusual here.

In the event that my virtual memory might be faltering, I changed the paging file size from custom (1000 MB to 2000 MB) to System Managed. After that, located two files in the windows directory - pagefile.sys and hiberfil.sys which were occupying 753 MB and 502 MB respectively. Could they be indication of the fault? Let me know what ur thinking in case u need any more info.

(PS: Memory still fluctuating)

[Malware Removal Specialist]

This is a bit outside of my normal help zone but you might get some idea by looking at the Event Viewer (not sure)

A Faster Way Of Accessing The Windows Event Viewer (XP)

[Malware Removal Specialist]

More links.

How to view and manage event logs in Event Viewer in Windows XP http://support.microsoft.com/kb/308427

How To Use Computer Management in Windows XP http://support.microsoft.com/kb/308423

[Global Moderator]

Nice program, Evil.

I've stumbled by WinDirStat before but I didn't take the time to look at it in more detail.

[Malware Removal Specialist]

It's pretty cool. I have freed up quite a bit of space with it a few times.

This is a bit outside of my normal help zone but you might get some idea by looking at the Event Viewer (not sure)

A Faster Way Of Accessing The Windows Event Viewer (XP)

Hey Evil,

Quick confession from my side.. I'm really not a tech-literate person. Having known that fact myself, i dived in to open the Event Viewer logs. Tracing the steps back i've tried to look at the first instances when the problem started surfacing. I have a Win XP SP 2 operating system which only recently was using my MotoROKR E6 as a mobile phone to access the internet. While using the phone as a modem, there was this one time that the Motorola Phone Tools software froze in the middle while refusing to recognise the cellphone. I then yanked the USB cable out and restarted both systems. Subsequently i started browsing the internet without a firewall or anti-virus. The latter was my initial assumption behind the strange functioning of my system. SO that's why i would continuously run scans to find the problem.

Reading the Event Viewer may probably suggest something else. Let me present it event log wise.

System Log view
For the past two weeks, there've been a series of dual errors that occur every time i start the computer:
1. A series of errors for event numbers:

• 10005

Source              DCOM
Type             Information
Description     DCOM got error "The Program cannot be started in Safe Mode attempting to start the service netman with arguments" in order to run the server: {COM object GUID}

• 7001

Source              Service Control Manager
Type             Error
Description     The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning

• 7026

Source              Service Control Manager
Type                 Error
Description     The following boot-start or system-start drivers failed to load - <list of start-up applications>

• 7036

Source              Service Control Manager
Type             Information
Description     The <service name> service entered the <running/stopped> state.


2. Two rapid succession errors for event numbers:

• 104

Source              SRService
Type             Error
Description     The System Restore initialization process failed

• 7023

Source              Service Control Manager
Type             Error
Description     The System Restore Service terminated with the following error: The system cannot find the specified file


In some cases (probably just after booting?) errors begin with event 104 and immediately jumping to 10005 causing a cycle of errors.

The second set of errors (104 and 7023) seem to make sense since i disabled System Restore to use more memory space and install the required anti-virus softwares.

Considering that...

An event that describes a significant problem, such as the failure of a critical task. Error events may involve data loss or loss of functionality.

.. then is this problem something to do with some faulty memory system?

Application Log view
Exactly one day after the first set of System errors took place, i think took place the mishap where i yanked the cable out. This is logged in as errors for event numbers:

• 1002

Description - Hanging application mPhoneTools.exe, version 3.0.0.0 hang module hungapp, version 0.0.0.0, hang address 0x00000000000

After this are a series of errors with source ESENT and event numbers:

• 482
• 439

That's practically all from the Application logs - loads of ESENT errors!

In the light of all the info that i gave you, i may still be wrong in trying to link events or interpreting the errors. This is deep into the no-fly territory for me. I'm not even sure if this is the right section to post this thread. If you have made some sense of this, please do let me know what i must proceed with.

Am i supposed to use this ??

*gulp*

HELP PLEASE!! 


[/list][/list][/list]

Thanks for starting this thread deletestardotstar , I am having the same problem. Wasn't sure if this was something I hadn't noticed before and was normal or what, but because I am using a friend's computer that is very low on disk space I have been monitoring the size. I am noticing how when I am on certain sites, usually graphic heavy ones, the MBs drop quick. Usually clearing the browser session gets it back up, but with a few less than when started. So there is a gradual 'eating away' of MBs. But there has also been times of major drops and raises in MBs that I have no idea why.

Thanks evilfantasy
Like the WinDirStat...now let's see if I can make sense of it and utilize it correctly. 

Thanks evilfantasy
Like the WinDirStat...now let's see if I can make sense of it and utilize it correctly. 

Same problem? Use Event Viewer and try back-tracking to the date you first observed the problem. You might just be able to locate the reason behind this weird behaviour. In case ur able to figure it out, do post a link to another thread or update this one. I'd like to know what you're thinking about...

Same problem? Use Event Viewer and try back-tracking to the date you first observed the problem. You might just be able to locate the reason behind this weird behaviour. In case ur able to figure it out, do post a link to another thread or update this one. I'd like to know what you're thinking about...

Thanks deletestardotstar....not sure when it started really, but I'll let you know if I find anything.

My initial feeling about this is that it seems like there is something running when it shouldn't be, because I see the yellow light next to the power button flashing and hear the hard drive clicking away. And the Firefox takes a long time to come up, could be the new AVG toolbar, but it was still overall slow most often than not even before installing it.

I read recently that there are programs that access the internet even when a browser is not up, plus a Windows update recently addressed a security breach possibility of having the computer 'remotely accessed'. I recently turned off a feature in Windows that allows for remote access, to allow for someone to see your desktop and interact with your computer from theirs...not sure if that helps any, but I don't need the feature right now, so it's off.   

Get back to you sooner than later I hope. Good luck!

I'm sorry if i revived this thread but I didn't want to create a  new one if a similar topic was around. But I'm having this same issue on my pc. My hard drive decreases after every couple of minutes and continues to go down. I had ccleaner do its job and mal aware scans as well. I used Norton to clean up as well and it hasn't found any viruses. I don't know what else to do. I'm running on xp, my c drive has 18.6 g b . Any ideas on what I can do. This problem started out like 2 days ago.

what model of laptop do you have?  If you have a sony viao your problem could be that the partition that holds the operating system is too small. If that is the case you need to backup everything on your computer and do a system recovery to make the two partitions that you currently have into one big partition.

[Global Moderator]

Coheed015, You will need to start a new topic.

Come here:
http://www.computerhope.com/forum/index.php/topic,33586.html

And then here:
http://www.computerhope.com/forum/index.php?action=post;board=1.0