# [Resolved] Help need to free up RAM!



## Darg_mals (Oct 12, 2002)

192.0 MB 69% free (Let Windows manage my Virtual Memory settings) 0 min No max Running Windows Me

RAM drops to 41% when I have Zone alarm on. I do have Norton Anti Virus 2003, but have been told I should also have firewall protection, but ever since I downloaded Zone alarm it has slowed up the system considerably among other problems. I have deleted temporary internet files. Ran Spybot and am clear there. Did a window wash. Have taken several things off startup (I am in selective start-up mode). Is there anything else I can do? Is the firewall that important? We had the computer in a while ago and increased our RAM and memory, and I think we are maxed out. Is there anyway I can bump up the RAM? Or I am just expecting to much and simply can't have all these programs for the system that we have?

System Type X86-based PC
Processor Intel(r) Celeron (tm) GenuineIntel ~366Mhz
BIOS Phenix BIOS 4.0 Release 6.0.7
Total Physical Memory 191.43 MB
Available Physical Memory 252.0 KB

Total Virtual Memory 2 GB
Available Virtual Memory 1.69 GB

Page File Space 1.81 GB

C: 19.07 GB
Free 11.44 GB

D: 4.01 GB
Free 3.85 GB

E: CD Rom


----------



## Darg_mals (Oct 12, 2002)

OOPS! Posted in wrong spot


----------



## Rollin' Rog (Dec 9, 2000)

First, what are you using to determine "available" ram? Some people confuse it with "System Resources", and these are not the same.

If you are really referring to ram, you should not be concerned at all. Windows will use as much of it as it can efficiently use because that is how it runs best.

Even if the figure is for System Resources, it is not necessarily a sign for alarm if the figure is occuring after a period of use. It would be very low if seen immediately after startup.

If you post a "startup list" using the StartupList application from the site below, it may lead to some good suggestions:

http://www.lurkhere.com/~nicefiles/

Just unzip, run it and copy/paste the results to a reply.


----------



## IMM (Feb 1, 2002)

Pretty weird value 
Total Physical Memory 191.43 MB 

What did you use to get it? What does it indicate for ram if you hit the Win-Break key combination (or use some other method to get to the General Tab of systm properties)?


----------



## Darg_mals (Oct 12, 2002)

OK Thank-you Rollin' Rog

192.0 MB of RAM
System Resources 45% free

Is this not related? All I know is when % drops system becomes very slow and when that starts happening I start getting System Is Dangerously Low in Resources. So I thought it was important to check this and was referring to the amount of RAM available. No?

Here is the list:

StartupList report, 04/02/2003, 11:40:21 PM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\MLH\LAUNCHER.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\MY DOCUMENTS\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
PowerReg Scheduler.exe

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SystemTray = SysTray.Exe
NPROTECT = C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check = C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
Atikey = Atitask.exe
AtiCwd32 = Aticwd32.exe
LoadQM = loadqm.exe
Hidserv = Hidserv.exe run
Launcher = "C:\Program Files\MLH\launcher.exe" /P
AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
CreateCD50 = C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
NPROTECT = C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
SchedulingAgent = mstask.exe
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 3/2/2003, 21:30:32)

[rename]
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
C:\WINDOWS\SYSTEM\VSDATA95.VXD=C:\WINDOWS\SYSTEM\~GLH0008.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll - {724d43a9-0d85-11d4-9908-00400523e39a}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job
{3F24C109-4B78-4A07-9334-B3A763CDB7F0}_CHARLOTTE.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R932/V31Controls/x86/mil/en/actsetup.cab

[CCMPGui Class]
InProcServer32 = C:\WINDOWS\SYSTEM\CCMP392.DLL
CODEBASE = http://64.124.45.181/chaincast/proxy/CCMP.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HRTBEAT.OCX
CODEBASE = http://fdl.msn.com/zone/Z4/heartbeat.cab

[SurferNETWORK Plugin]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SURFER~1.OCX
CODEBASE = http://rd1.surfernetwork.com/surferplugin.ocx

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37610.8023958333

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

[ChainCast VMR Client Proxy]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CCPM_0237.DLL
CODEBASE = http://64.124.45.181/downloads/ccpm_0237.cab

--------------------------------------------------
End of report, 7,187 bytes
Report generated in 0.559 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Darg_mals (Oct 12, 2002)

IMM

I get that by going to run msinfo32 maybe its weird because when they installed memory(or whatever it is called) we bought they said they had to create another drive, not really sure.


----------



## IMM (Feb 1, 2002)

My first guess is that ZA isn't getting along well with the way norton is set up. Which version of ZA is this (and is it the free or the pro)?


----------



## Darg_mals (Oct 12, 2002)

Its free Version 3.1.395


----------



## Darg_mals (Oct 12, 2002)

I'm thinking I posted to much information on the start-up menu, is that safe?


----------



## Darg_mals (Oct 12, 2002)

Oh and thank-you for moving my post to the right spot


----------



## IMM (Feb 1, 2002)

I'm unfortunately not very familiar with norton AV 2003 - so perhaps someone will jump in and help. In earlier norton schemes they installed an intermediate server to handle email (it's likely more extensive now). Have you tried disabling the email protection within ZA as a start? I think that (from within ZA) you should also set it not to start at windows startup as a test. After a reboot - start ZA manually. Does that improve the browsing?


----------



## Rollin' Rog (Dec 9, 2000)

If you are receiving that warning it is related to low System Resources rather than ram.

Here is an explanation of the difference:

http://www.pcnineoneone.com/howto/resources1.html

http://www.forrestandassociates.co.uk/pcforrest/resources.html

You still have a number of startups there that could be disabled in msconfig. I would recommend unchecking these:

Quicktime
LoadQm
AdaptecDirectCD
CreateCD
PowerReg

Launcher ?? Not really clear what this is, scanner perhaps?

You can review info regarding these using the site below:

http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

The adaptec stuff does not need to load at startup and can be run when desired from the Start Menu > Programs directory.


----------



## Darg_mals (Oct 12, 2002)

Once again I received some great information and was recommended to view some fantastic web sites. I get the RAM versus resources thing now. Thank-you very much for your time and help, appreciate it!


According to that site your recommended Launcher launcher.exe is Spyware component related to DownloadWare and found in Program Files\KFH although mine is Program Files\MLH\launcher.exe "/P It is some clever dating pop up ad thing I have aquired that spybot doesn't pickup.

Is it ok that all that startup information is listed here could someone access or harm any files with that information?


----------



## Rollin' Rog (Dec 9, 2000)

Don't worry, there is nothing in the startuplist that is exploitable.

Is there a entry in Add/Remove programs for DowloadWare or Launcher? If so I would use that to remove it.

If not you can remove the startup entry permanently from the registry by running *regedit*

Navigate to the entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

>> highlight the RUN folder in the left hand pane and look in the right for its entry. You can right click on that then and delete it. If you have previously unchecked the entry in msconfig you will find the entry in the RUN- folder rather than Run.

After rebooting you should then be free to delete the MLH folder at your convenience.


----------



## Darg_mals (Oct 12, 2002)

Alrighty then thanks again for your help Rollin' Rog  I'll figure out this computer stuff yet! Especially since I get to talk all the the computer wizards here.


----------



## Rollin' Rog (Dec 9, 2000)

Okedoke, you're certainly welcome. I'll mark this 'resolved' unless you tell us all's not well.


----------

