[Resolved] Hard Drive Chewing

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Shairel

Thread Starter
Joined
Jan 14, 2003
Messages
312
Strange problem...as the system is running the 'system' process makes about 200k of IO disk writes per second, until the C drive is completely full
system restore disabled, swapfile and all moved onto differant , NAV 2k3 and trend housecall come up with zip, so does Anti Trojan 5.5 and Ad-Aware ( both with latest defs ) find nothing, all drivers are up to date, and signed, except for HP precisionscan LTX and Nvidia Detonator 41.29..this only happens to the C drive, a 40 GB maxtor hooked up to the primary controller on my ASUS P4B533-E with intal application accelerator 2.2 installed. I also have an 80 GB on the mainboard's raid array, a 60 and a 160 on a promise ultra 133 card, and an external 120 GB USB. Currently my C drive has files totalling about 22.3 GB, and free space is normally 17 something GB, but now it is 10.5 and decreasing steadily. If I reboot the hard drive space is instantly reclaimed...this drive space also isnt' being used up by any files, it is just correlating exactly to the amount listed as 'IO Write Bytes' by the '"System" process, PRocessID 4


here are the specs from the program most people on these boards use to post processes

StartupList report, 1/14/2003, 10:47:39 PM
StartupList version: 1.50
Started from : C:\Documents and Settings\Shairel\Desktop\startuplist15\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\PFWShared\cfgintpr.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Promise\FastTrak\FtrakSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TPF4\umxagent.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\TPF4\amon.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\LiveJournal\LiveJournal.exe
C:\Program Files\United Devices\UD.EXE
C:\Program Files\United Devices\ud_1396140.exe
C:\Program Files\United Devices\ud_1396140_0.dir\ud_ligfit_Release.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Shairel\Desktop\startuplist15\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Shairel\Start Menu\Programs\Startup]
LiveJournal.lnk = C:\Program Files\LiveJournal\LiveJournal.exe
UD Agent.lnk = C:\Program Files\United Devices\UD.EXE

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
FastCheck Monitoring Utility.lnk = C:\Program Files\Promise\FastTrak\RAIDeUtility.exe
HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Quicken Scheduled Updates.lnk = C:\Quicken\bagent.exe
SideACT!.lnk = C:\Program Files\ACT\SideACT.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
WINDVDPatch = CTHELPER.EXE
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
GhostStartTrayApp = C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
AMonitor = C:\Program Files\TPF4\amon.exe
LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Opware12 = "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
OP12 Reminder = "C:\Program Files\ScanSoft\OmniPagePro12.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPagePro12.0\EregEng\Ereg.ini"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
NvMediaCenter = RunDLL32.exe NvMCTray.dll,NvTaskbarInit

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
HKLM\..\Windows\CurrentVersion\WinLogon: load=
HKLM\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
HKCU\..\Windows\CurrentVersion\WinLogon: load=
HKCU\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=umxexw.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

*INI section not found*
*INI section not found*
*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\UD.SCR
*Registry value not found*

Policies Shell key:

HKCU\..\Policies: *Registry key not found*
HKLM\..\Policies: *Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\Program Files\Common Files\PFWShared\weaddon.dll - {BF55256A-3B3B-11D2-B05B-000001145917}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Kiseki no Umi - Sea of Miracles.job
Norton AntiVirus - Scan my computer.job
Norton SystemWorks One Button Checkup.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe

[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://207.188.7.150/12681a1d3088bad56101/netzip/RdxIE6.cab

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab

[{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}]
CODEBASE = http://216.65.38.226/Download_Plugin.exe

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37598.5867013889

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab

--------------------------------------------------
End of report, 11,196 bytes
Report generated in 0.703 seconds
 
Joined
Dec 9, 2000
Messages
45,855
Welcome to TSG, Shareil.

You have a number of unusual startups showing there, none of which I'm particularly familiar with, so I'll just mention them and ask if you are well aquainted with their presence and have disabled them for test purposes.

1 -- FastCheck Monitoring Utility.lnk = C:\Program Files\Promise\FastTrak\RAIDeUtility.exe [this appears to be a drive monitoring utility and could well be responsible for the read/write processes testing the drive]. I've never seen it as a startup before.

2 -- UD Agent.lnk = C:\Program Files\United Devices\UD.EXE [evidently a "distributed computing" program, it shouldn't cause the problems reported unless somehow it's gone awry]

3 -- LiveJournal.lnk = C:\Program Files\LiveJournal\LiveJournal.exe [no idea what this does, but thought I'd mention it anyway]

4 -- SideACT!.lnk = C:\Program Files\ACT\SideACT.exe [don't really know what this does, even after checking the homepage; does it verify files on the hard drive?]

>> I would suggest running msconfig and disabling these or all programs under the startup tab and see if the problem continues.

"Clean-Booting" is the best diagnostic troubleshooting approach for this.

http://support.microsoft.com/default.aspx?scid=KB;en-us;q310353

Might this be a similar issue?

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=utf-8&th=6eddc4f195fe02a3&rnum=1
 

Shairel

Thread Starter
Joined
Jan 14, 2003
Messages
312
Good points...this is my home computer so i'll take those suggestions when I get home tonight from work....
This might be related to inetinfo as well, as that is internet information server...but I have all of those processes closed, I'm at a loss, people on the windrivers forums are stumped too

1 -- FastCheck Monitoring Utility.lnk = C:\Program Files\Promise\FastTrak\RAIDeUtility.exe
This was a part of my P4B533-E RAID controller driver, but I can always just put a stop on it, it's not essential

2 -- UD Agent.lnk = C:\Program Files\United Devices\UD.EXE

You're right, united devices is a distributed computing program, maybe i'll try re-installing it

3 -- LiveJournal.lnk = C:\Program Files\LiveJournal\LiveJournal.exe

This is a client for posting to a blog

4 -- SideACT!.lnk = C:\Program Files\ACT\SideACT.exe

This is a little widget that comes with Symantec ACT! that is very similar to quicken's 'quickentry' ..some basic portions of the program to make and be notified of entries and appointments, again not essential, though I run it without consequence on other computers.
 

Shairel

Thread Starter
Joined
Jan 14, 2003
Messages
312
Trying system file checker now....now that's up to 15 GB in the same image
 

Shairel

Thread Starter
Joined
Jan 14, 2003
Messages
312
System file checker did nothing, reinstalled service pack, nothing...did a clean boot, nothing...went to sleep with 18.2 GB free, woke up with 13 free..and the five gigs are not accounted for in any files whatsoever, and they will reappear when i reboot...
 

Shairel

Thread Starter
Joined
Jan 14, 2003
Messages
312
YES YES YES filemon picked up what is happening, but I still don't know how to solve it

1 0.00144320 System:4 IRP_MJ_WRITE C:\WINDOWS\system32\Logfiles\WMI\trace.log SUCCESS Offset: 533397504 Length: 65536

That's happening 4 times a second!
now what is trace.log, and how do I disable it
 

Shairel

Thread Starter
Joined
Jan 14, 2003
Messages
312
Alright the file was created roughly ten minutes after I had a failed bootvis operation..that's the only file created on that day that could have system level consequences
 

Shairel

Thread Starter
Joined
Jan 14, 2003
Messages
312
It's bootvis' tracing..but it's not solved yet!
every time I boot, the tracing is turned on...and I have to shut it off manually
 
Joined
Dec 9, 2000
Messages
45,855
Not real sure about this, but try going to Administrative Tools > Performance > Performance Logs and Alerts > Trace Logs.

Do you have anything showing there? The Help topics provides further info, but I don't know how helpful.
 

Shairel

Thread Starter
Joined
Jan 14, 2003
Messages
312
I found and eliminated the issue
the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger
has its start value defaulting to "1"
this had been set by bootvis
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top