1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: My System Is A Dirty Bird!

Discussion in 'Windows XP' started by tonkacat, May 28, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. tonkacat

    tonkacat Thread Starter

    Joined:
    Mar 7, 2005
    Messages:
    406
    The System Volume on my pc has been dirty for several days. I have tried System Restore. Ccleaner, Sypbot S&D, and Disk Cleanup. I have also reset the dirty bit several times following the diretions from MS. I need to fix my pc without losing all my files. Please help!:(
     
  2. The Hound

    The Hound

    Joined:
    May 27, 2007
    Messages:
    3,235
    I'm not quite sure what reset the dirty bit means, but a hijackthis log may help...
     
  3. tonkacat

    tonkacat Thread Starter

    Joined:
    Mar 7, 2005
    Messages:
    406
    Yes, I agree. I forgot to post one. However the HJT has been normal. I'll post it in a few minures. I'm running Spybot again.
     
  4. tonkacat

    tonkacat Thread Starter

    Joined:
    Mar 7, 2005
    Messages:
    406
    Logfile of HijackThis v1.99.1
    Scan saved at 11:49:35 AM, on 5/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Debbie\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C2A01687-989E-4F14-9230-D6816F0FF334}: NameServer = 205.152.37.23 205.152.144.23
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
     
  5. elicoten

    elicoten

    Joined:
    Sep 6, 2005
    Messages:
    92
    The Dirty Bit is a flag which can be set with the NTFS file system. I believe it means that your disk was flagged as "bad" by checkdisk.

    Have you tried running chkdsk /r? It will probably ask you to restart the and do the check (which can take a while, so be patient) when the computer restarts. After the restart, see if you can find the file called bootlog.txt (it will be a hidden file on the C: drive) and post its contents.

    To find it you might need to:
    1. Open My Computer
    2. Click on the Hard Drive (C:)
    3. Click the Tools Menu
    4. Click Options
    5. Click the View tab
    6. Select Show all Files and Folders
    7. Untick Hide Protected System files
    8. Click OK
    Then you should be able to find that file to open it. It might be advisable to reverse the procedure (steps 3 - 7) to hide the files again to make sure that in the future you do not accidentally damage system files.
     
  6. tonkacat

    tonkacat Thread Starter

    Joined:
    Mar 7, 2005
    Messages:
    406
    I have followed these directions about 10 times now:

    First click Start> Run> bring up a command prompt by typing in "CMD" and type " fsutil dirty query c: ". This queries the drive, and more than likely it will tell you that it is dirty. Next, type "CHKNTFS /X C:". The X tells Windows to NOT check that particular drive on the next reboot. At this time, manually reboot your computer, it should not do a Chkdsk and take you directly to Windows.

    Once Windows has fully loaded, bring up another CMD prompt and type and now you want to do a Chkdsk manually by typing "Chkdsk /f /r c:". This should take you through 5 stages of the scan and will unset that dirty bit. Finally, type "fsutil dirty query c:" and Windows will confirm that the dirty bit is not set on that drive.
    ------------------------------
    It resets to the dirty bit every time.

    There is not a bootlog.txt in C:
    There is a Boot.ini
    It must be located elsewhere.
     
  7. elicoten

    elicoten

    Joined:
    Sep 6, 2005
    Messages:
    92
    I don't think Windows resets the dirty bit unless it finds faults on the drive during a chkdsk operation. Certainly on my system the dirty bit is never set unless I set it or corrupt the file-system in some way.

    I could be mistaken but I believe that Bootlog.txt is only there if you do a CHKDSK on reboot. That might explain why you don't have it. Unless it only applies to removable drives (which I doubt).

    As far as I am aware you can't do a proper CHKDSK /r (implies /f) on the SYSTEM drive when Windows is running because it is in use?
     
  8. tonkacat

    tonkacat Thread Starter

    Joined:
    Mar 7, 2005
    Messages:
    406
    No you can't, I rebooted every time. Including while I was waiting for someone to repsond to my message.
     
  9. tonkacat

    tonkacat Thread Starter

    Joined:
    Mar 7, 2005
    Messages:
    406
    I have several event errors:

    Event Type: Warning
    Event Source: ImageMagick
    Event Category: None
    Event ID: 0
    Date: 5/28/2007
    Time: 9:29:53 AM
    User: N/A
    Computer:
    Description:
    The description for Event ID ( 0 ) in Source ( ImageMagick ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: UnableToOpenConfigureFile `magic.xml'.

    ---------------------------------------
    Event Type: Error
    Event Source: Ntfs
    Event Category: (2)
    Event ID: 55
    Date: 5/28/2007
    Time: 8:57:15 AM
    User: N/A
    Computer:
    Description:
    The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 0c 00 00 00 02 00 4e 00 ......N.
    0008: 02 00 00 00 37 00 04 c0 ....7..À
    0010: 00 00 00 00 32 00 00 c0 ....2..À
    0018: 18 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........
    ---------------------------------------------------

    Event Type: Warning
    Event Source: Tcpip
    Event Category: None
    Event ID: 4226
    Date: 5/28/2007
    Time: 10:02:56 AM
    User: N/A
    Computer:
    Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 00 00 00 00 01 00 54 00 ......T.
    0008: 00 00 00 00 82 10 00 80 ....?..?
    0010: 01 00 00 00 00 00 00 00 ........
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........
    --------------------------------------------------------
    Event Type: Error
    Event Source: Cdrom
    Event Category: None
    Event ID: 7
    Date: 5/28/2007
    Time: 8:43:49 AM
    User: N/A
    Computer:
    Description:
    The device, \Device\CdRom0, has a bad block.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 03 00 68 00 01 00 b8 00 ..h...¸.
    0008: 00 00 00 00 07 00 04 c0 .......À
    0010: 00 01 00 00 9c 00 00 c0 ....?..À
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 d8 09 28 00 00 00 00 .Ø.(....
    0028: 9c a2 00 00 00 00 00 00 ?¢......
    0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
    0038: 40 00 00 c4 02 00 00 00 @..Ä....
    0040: 00 20 0a 12 48 02 00 40 . [email protected]
    0048: 00 00 00 00 0a 00 00 00 ........
    0050: 00 00 00 00 a8 cf d5 81 ....¨ÏՁ
    0058: 00 00 00 00 18 15 07 82 .......?
    0060: 02 00 00 00 3b 01 05 00 ....;...
    0068: 28 00 00 05 01 3b 00 00 (....;..
    0070: 02 00 00 00 00 00 00 00 ........
    0078: f0 00 03 00 00 00 00 0a ð.......
    0080: 00 00 00 00 11 05 00 00 ........
    0088: 00 00 00 00 00 00 00 00 ........
    --------------------------------------------------
     
  10. The_Oracle

    The_Oracle

    Joined:
    May 20, 2007
    Messages:
    1,562
    What if the Dirty Bit won't go away ??

    More than a few people have encountered this:

    1. a drive partition has the dirty bit set
    2. so when they reboot, Windows insists on running Autochk to check a drive - it checks the drive and all is well. Just running that check is supposed to clear the dirty bit
    3. but the next time they reboot, again Windows checks the drive !! Again, all is well and the drive reports no errors
    4. they get into Windows and run "fsutil dirty query driver_letter:" and they are told that the dirty bit is set
    5. they try booting with a WinXP CD and go into "Repair" mode to run chkdsk /r (supposed to do a thorough check and also check the surface) - but it does not help


    There is no apparent way for them to clear the dirty bit. Microsoft has never released the location of the dirty bit, so they are stuck. Here is the only way to fix the problem:

    Method 1. if the drive in question is not your boot drive goto Start/Run . . . msconfig, click the "Starup" tab, and uncheck all items. Then reboot, hit CTRL-Alt-Delete to get into Windows Task Manager, and shut down as many tasks as possible. The point here is to free up your drive. Then Start/Run . . . cmd

    chkdsk /x /f drive:

    If it completes successfully this will usually remove the dirty bit. To check it, enter the following command:

    fsutil dirty query drive:

    reboot to test

    Method 2. run Kelly's reg edits to first Disable autochk from running upon reboot, then reboot, and run this reg file to or re-enable disk checking upon reboot - this will refresh the entries in your registry to make sure thewy are correct

    http://www.kellys-korner-xp.com/regs_edits/disablecheckdisk.reg
    http://www.kellys-korner-xp.com/regs_edits/enablecheckdisk.reg

    Method 3. run Partition Magic - try resizing the C: partition a little smaller, create another partition from the unallocated space, then delete this partition and reclaim the space back into C:

    Method 4. if all else fails - this WILL WORK !! move all the files off the drive, reformat the drive, and then move the files back

    p.s.: i don't think methods 1 & 4 are for you since it is your system drive. but you can try 2 & 3
     
  11. tonkacat

    tonkacat Thread Starter

    Joined:
    Mar 7, 2005
    Messages:
    406
    Thank you! I will try 3. I hope I don't have to try 4! I have been backing up images on cd's for 3 days now. I always forget to backup something and end up losing something I need.
     
  12. tonkacat

    tonkacat Thread Starter

    Joined:
    Mar 7, 2005
    Messages:
    406
    The first one did not stop chkdsk from running. If I reset the bios, will it delete my files?
     
  13. The_Oracle

    The_Oracle

    Joined:
    May 20, 2007
    Messages:
    1,562
    reset the bios? as in load factory or failsafe default?

    no, that will not delete your files.
     
  14. tonkacat

    tonkacat Thread Starter

    Joined:
    Mar 7, 2005
    Messages:
    406
    As in Open the pc, move the bios jack then move it back.
     
  15. elicoten

    elicoten

    Joined:
    Sep 6, 2005
    Messages:
    92
    In the event log posted it appeared CHKDSK encountered errors and that's why it doesn't reset the dirty bit.

    It looks like the hard drive could be faulty, if you have run CHKDSK more than once maybe you need a more powerful hard drive repair tool, or else replace the Hard drive.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/578165

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice