DjLizard

I'll post some more information later...

The page file contains code and data segments from active programs that have been swapped to disk -- and if you have been infected with malware, pieces of the file may get swapped to disk. However, after you restart the computer, the page file becomes invalid for that session, and it basically ignores the data inside of it and begins overwriting it all over again. So, the page file can contain fragments of malware processes, but they are unusable in the page file form - nothing to worry about there. Besides, if you had an active infection, the page file is of little concern. Modern DOS scanners (F-Prot, McAfee, and NavDX) do not scan hiberfil.sys nor pagefile.sys, as it is pointless, and extremely time consuming (since those files are usually on the order of 512 MB and up for each one). avast for DOS was not written so intelligently, and it will scan a page file (which takes forever) and will actually find malware code in it and end up deleting the file. It's easier just to have it deleted on shutdown, or ignore it. Tell your virus scanner to exclude it from future scans.

Did you actually do what I suggested in the other thread? : http://forum.ccleaner.com/index.php?s=&sho...indpost&p=34650 First issue is that there was a problem in your registry, the second issue is that CCleaner removed the error, and a third issue exists if you haven't been making backups of the 'Issues' removals. Please download Dial-a-fix: http://DjLizard.net/daf58.exe (note to everyone else: I am not authorizing anyone to link to this version) ...and checkmark everything in box #5 and hit GO, if you hadn't already tried that. You are the only one who has had this issue, and CCleaner is doing its job in removing InProcServer errors. I use CCleaner's issues scan on every machine that comes in here and I have not yet been able to reproduce this issue. If you do not like CCleaner anymore, that is fine, but do understand that CCleaner has correctly targeted a problem in your registry. If you haven't made any backups of the issues you've been removing, then... At any rate, the good thing about your issue is that it is a software issue, which means that it can be fixed.

"If you had 8 GB of RAM"...

Windows typically recommends system RAM times 1.5. If you had 8 GB of RAM, it would recommend a swap file of 12GB, which of course is retarded. Basically, Windows doesn't make recommendations based on actual real-life reasoning, it just does some static math. At 512MB, systems run pretty well, but still use VM when running a lot of apps or playing games. 640 is pretty close to not needing a page file at all. I have 1024MB of RAM myself, and in the worst case scenario, I'm using 700 MB of it (I have virtual memory turned off). She most likely won't be using more than 1280MB of RAM, so 640 is just fine. That means that she would first have to use 640 MB of RAM, then use 640 more MB of RAM before the system would warn you or programs would stop launching. You'd then adjust the setting to be higher, but it's unlikely it will ever happen to her unless a program starts memory leaking like crazy, or a driver runs away with the system. If that happened, the process would likely stop leaking memory and just crash after it peaked at >1280MB of RAM usage. Edit: there's no disadvantage to an unnecessarily large page file (it simply just won't access it unless it *has* to) except for hard drive space being used for no real purpose.

640 min, 640 max.

DrWatson is the debugger built into Windows, which is being triggered because of an unexpected severe error (probably in your registry). I'd be very careful with registry cleaning programs at this point, because Windows won't always crash out the program that gracefully. Some severe registry problems will end in a blue screen of death (typically, PAGE_FAULT_IN_UNPAGED_AREA). At any rate, there is something not right going on. I'd start out by doing: Start > Run > chkdsk C: /R A black console window will open, and chkdsk will tell you that it can't check the volume because it's in use by another process, and will ask you if you wish to schedule it for the next system restart. Type a Y, and hit enter. chkdsk /R can take up to 2 hours to complete. Then go into event viewer: Start > Run > eventvwr.msc Right-click Application, and choose Clear all events. Do the same thing to System. Then run CCleaner again and get it to crash again and shut it down the same way you have been doing it. After DrWatson and CCleaner are gone, go back to eventvwr.msc again. Right-click on Application, and choose Save Log File As.... In "Save as type", choose CSV (Comma delimited) (*.csv) and save it to your desktop. Do the same for the System log. Go to http://upload2.net/multiple_upl.php and upload both files, and post the download links it gives you so I can take a look. edit: upload2 sucks; I can't ever download anything from it. Don't use it. Find another online file-hosting service.

The installer, or ccleaner.exe itself? The installer kills off any copies of CCleaner currently running before it installs... if that's being flagged as not-a-virus, then Kaspersky needs to get a clue. Flagging the process killing API is pretty stupid... might as well flag the ShellExecuteEx API as well, since it can lead to code execution! oh noes... I decided to send an uncompressed Dial-a-fix.exe through virusscan.jotti.org to see if DAF's process kill function (which is used to stop copies of winmgmt.exe, helphost.exe, and stuff like that, while doing repairs to WBEM and the Help and Support service) was detected as "not-a-virus" and it wasn't flagged. Damn.

Upload the latest dump file from C:\winnt\minidump (if it exists) somewhere and post a link to it - I will debug it for ya.

That's fine, I'm here to help. Well, most drives spin at 7200 RPM (some more, some less) which is enough to make the drive fight gravity. You can pick up a drive that is spinning that fast, and while holding it horizontally, tilt it left and right and feel the G-force it gives off. The typical access time from random sector to random sector is between 5 to 15 milliseconds because of the great speed at which it spins, combined with the precision servo motor controlling the head and actuator, and then depending on which zone of the platter the heads are in. The inner zone has quicker seek time because it is a shorter circumference, and the outermost zone of the platter has a much greater circumference. I would guess that the travel time from the inner zone to the outer, or vice versa, is probably around 20-25 milliseconds (I don't have a source for that data, that's just my guess). But I know it's faster than a blink. A hard drive head is typically 0.3 by 1.2 millimeters. Pretty sick, huh? Not to mention that there are multiple heads reading multiple platters. Next, you have to take into account the internal RAM that modern drives have, and their new "lookahead" features that allow the drive to read data into the buffer in anticipation of a data request. By the time the computer sends the request for the next section of data, the drive is ready to pass the section from its internal buffer back to the bus. The bigger the cache your drive has, the more apparent this effect is. I personally have gone from 0 cache to 8 MB of cache and just a simple bootup of Windows was stunningly fast. (I had ghosted my drive to a new one - I got to see the difference immediately after the ghost, and it was very obvious). Now, drives are loaded with up to 16 MB of cache. Finally, most modern operating systems have lazy write features where the OS can defer disk writes until an appropriate time (like when the bus and CPU are not so congested). Combining these things (and more that I haven't even mentioned) gives you a nice representation of the speed you are dealing with. Typical modern hard drive transfer rates are between 30 to 50 megabytes per second. At 50 MB/s, an entire CD's worth of data can be handled in about 14 seconds. Defragmenting frequently speeds up your computer on the order of nanoseconds, and frequent defragmentation will cause platter defects sooner. I'm also fairly certain that hard drives last longer while spinning than they do while not, and that is just one reason I keep my computer on 24/7.

It's also important to note that frequent defragmenting reduces the lifespan of the disk, removes the possibility of recovering deleted files, and generally does not increase visible performance (it does, but it's in the order of nanoseconds to milliseconds, even in extremely fragmented cases). As a tech, I always recommend that customers defragment only once a year. Pretty surprising, huh?

A lot of software had been uninstalled. On most machines I see between 200 and 2000 issues (and then subsequent scans show 200 to 2000 more). Worst machine I ever saw had 6000.

One thing to note is that Diskeeper Ultra-lite is part of Windows already: Start > Run > dfrg.msc Help > About Windows Disk Defragmenter Copyright © 2001 Microsoft Corp. and Executive Software International, Inc. hehe...

My votes are on QTPARTED and Partition Magic.

If you're just talking about the progress bar, it's supposed to do that. CCleaner can't tell you how long it's going to take so the progress bar keeps flying through the end, back to the beginning.

Try Dial-a-fix > Tools > Repair permissions

What she said.

Try removing the entry using Microsoft Installer Clean-up Utility. If it's not listed, then this won't help. CCleaner will probably not help you remove anything of it at all.

It's either a joke or it's totally broken, because the answer seems to always be 0.

Save to your hard drive first - you can't save directly to a CD, and I believe the save dialog will not correctly send the file to the 'files to be burned to CD' folder that XP uses. Once saved somewhere on your hard drive, right-click it and choose Send to > <your cd-rom drive letter> if you want to use the XP burning feature.

System Restore is a great thing for technicians; it contains automatic full hive versions of the registry (see DjLizard.net wiki: SVI) System Restore is exactly that, System restore, not Document restore. If you were working on a document, and went back to a SR point, it would delete your document or roll-back changes to it, which would be worse than just leaving it alone. If you want your documents backed up, then back them up. Document backups are your issue, and they don't belong to the system. burtman: ControlSet001 is a backup of CurrentControlSet (used for Last Known Good purposes) and thus, isn't a reliable source of information. If you look at HKLM\System\CurrentControlSet, it's probably the same, but at any rate, it is specifying files that the Volume Shadow Copy service cannot possibly get a reliable snapshot of (and files you wouldn't want a snapshot of, such as the hibernation file), and all of the files 'not to backup' are logs and metadata created by services and applications built into Windows that you wouldn't need copies of. This list is used more by backup software (NTBackup, Veritas, and other programs that utilize the Shadow Copy Service) than System Restore (which has a specific set of data to backup). Check my aforementioned wiki page (SVI) for information on how to peek inside your System Volume Information folder. --- System Restore within an application works differently than creating a full System Restore point (and thus, is 1000% faster). The pseudocode is as such: SystemRestorePoint.Begin <Application makes its changes> SystemRestore.End It only makes a restore point containing changes made by the application, which takes just a few moments. Notice how Spybot's SR point creation works. It's fast. System Restore is a godsend for me, because I can rescue customer machines that other people thought would require a complete reinstallation of Windows.

The current version of DAF blindly deletes the entire folder (SoftwareDistribution), including your update history log. Dial-a-fix 0.58 (coming soon) asks you if you wish to preserve that log.

I would be embarassed (if I were the developer) if it were case sensitive, because that's just a retarded limitation... especially in an operating system where case never matters. I'd die laughing, but I wouldn't actually leave, no.

They're all correct, krit86lr. The "system variables" versions of TEMP and TMP are for 16-bit and other legacy applications, I believe. If you change them to non-dynamic versions of TEMP and TMP (like Andavari did), there exists the possibility of conflicts on multi-user systems, especially when taking advantage of Fast user-switching. On a single user system, this is not an issue.

1 avast vote from me (with Custom installation > turning off services you won't use, and turning off skins)