Hard drive grinding like a bugger with vista business

[cluberti]

I need you to do what I asked - when the hard disk thrashing is occurring on your box, run process monitor and double-click on one of the svchost.exe lines that seem to happen most frequently, and then click on the "Stack" tab. Please post the output of that.

[MarkJohnson]

ok, here is the stack list, of the first occurance, from the HP file 1189196448.ini:

0 ntoskrnl.exe ntoskrnl.exe + 0xd158 0x1c0d158 C:\Windows\system32\ntoskrnl.exe

1 PROCMON11.SYS PROCMON11.SYS + 0x14be 0x13ad34be C:\Windows\system32\Drivers\PROCMON11.SYS

2 PROCMON11.SYS PROCMON11.SYS + 0x18ec 0x13ad38ec C:\Windows\system32\Drivers\PROCMON11.SYS

3 PROCMON11.SYS PROCMON11.SYS + 0x3c60 0x13ad5c60 C:\Windows\system32\Drivers\PROCMON11.SYS

4 fltmgr.sys fltmgr.sys + 0x3699 0x74c699 C:\Windows\system32\drivers\fltmgr.sys

5 fltmgr.sys fltmgr.sys + 0x28dc 0x74b8dc C:\Windows\system32\drivers\fltmgr.sys

6 fltmgr.sys fltmgr.sys + 0x1d277 0x766277 C:\Windows\system32\drivers\fltmgr.sys

7 ntoskrnl.exe ntoskrnl.exe + 0x292343 0x1e92343 C:\Windows\system32\ntoskrnl.exe

8 ntoskrnl.exe ntoskrnl.exe + 0x290cf1 0x1e90cf1 C:\Windows\system32\ntoskrnl.exe

9 ntoskrnl.exe ntoskrnl.exe + 0x29d0f1 0x1e9d0f1 C:\Windows\system32\ntoskrnl.exe

10 ntoskrnl.exe ntoskrnl.exe + 0x2bdcb1 0x1ebdcb1 C:\Windows\system32\ntoskrnl.exe

11 ntoskrnl.exe ntoskrnl.exe + 0x299fc8 0x1e99fc8 C:\Windows\system32\ntoskrnl.exe

12 ntoskrnl.exe ntoskrnl.exe + 0x4d673 0x1c4d673 C:\Windows\system32\ntoskrnl.exe

13 ntdll.dll ntdll.dll + 0x507ca 0x77ca07ca C:\Windows\System32\ntdll.dll

Thanks a whole lot for taking the time to walk me through this. it is very much appreciated.

-=Mark=-

[cluberti]

Hmmm, no usermode data (only the ntdll.dll call-in to kernel)... If you could, double-click the svchost.exe line again and tell me what the "Command Line" is? I'm thinking we'll need to break this down to figure it out...

[MarkJohnson]

for some reason that HP file doesn't come up anymore. I have switched to the World in Conflict file. wic3.sdf. here is the stack info.

0 ntoskrnl.exe ntoskrnl.exe + 0xd158 0x1c0d158 C:\Windows\system32\ntoskrnl.exe

1 PROCMON11.SYS PROCMON11.SYS + 0x14be 0x3cbe4be C:\Windows\system32\Drivers\PROCMON11.SYS

2 PROCMON11.SYS PROCMON11.SYS + 0x18ec 0x3cbe8ec C:\Windows\system32\Drivers\PROCMON11.SYS

3 PROCMON11.SYS PROCMON11.SYS + 0x3c60 0x3cc0c60 C:\Windows\system32\Drivers\PROCMON11.SYS

4 fltmgr.sys fltmgr.sys + 0x3699 0x74c699 C:\Windows\system32\drivers\fltmgr.sys

5 fltmgr.sys fltmgr.sys + 0x28dc 0x74b8dc C:\Windows\system32\drivers\fltmgr.sys

6 fltmgr.sys fltmgr.sys + 0x1d277 0x766277 C:\Windows\system32\drivers\fltmgr.sys

7 ntoskrnl.exe ntoskrnl.exe + 0x292343 0x1e92343 C:\Windows\system32\ntoskrnl.exe

8 ntoskrnl.exe ntoskrnl.exe + 0x290497 0x1e90497 C:\Windows\system32\ntoskrnl.exe

9 ntoskrnl.exe ntoskrnl.exe + 0x29d0f1 0x1e9d0f1 C:\Windows\system32\ntoskrnl.exe

10 ntoskrnl.exe ntoskrnl.exe + 0x2bdcb1 0x1ebdcb1 C:\Windows\system32\ntoskrnl.exe

11 ntoskrnl.exe ntoskrnl.exe + 0x262b2a 0x1e62b2a C:\Windows\system32\ntoskrnl.exe

12 fltmgr.sys fltmgr.sys + 0x2a988 0x773988 C:\Windows\system32\drivers\fltmgr.sys

13 fileinfo.sys fileinfo.sys + 0xaf2d 0x73ff2d C:\Windows\system32\drivers\fileinfo.sys

14 ntoskrnl.exe ntoskrnl.exe + 0x3308e7 0x1f308e7 C:\Windows\system32\ntoskrnl.exe

15 ntoskrnl.exe ntoskrnl.exe + 0x3d6d47 0x1fd6d47 C:\Windows\system32\ntoskrnl.exe

16 ntoskrnl.exe ntoskrnl.exe + 0x3dcdc6 0x1fdcdc6 C:\Windows\system32\ntoskrnl.exe

17 ntoskrnl.exe ntoskrnl.exe + 0x3df0a9 0x1fdf0a9 C:\Windows\system32\ntoskrnl.exe

18 ntoskrnl.exe ntoskrnl.exe + 0x3df362 0x1fdf362 C:\Windows\system32\ntoskrnl.exe

19 ntoskrnl.exe ntoskrnl.exe + 0x3e1986 0x1fe1986 C:\Windows\system32\ntoskrnl.exe

20 ntoskrnl.exe ntoskrnl.exe + 0x3f21b2 0x1ff21b2 C:\Windows\system32\ntoskrnl.exe

21 ntoskrnl.exe ntoskrnl.exe + 0x4d673 0x1c4d673 C:\Windows\system32\ntoskrnl.exe

22 ntdll.dll ntdll.dll + 0x5194a 0x774e194a C:\Windows\System32\ntdll.dll

and here is the command line:

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

I looked at a few of the other command lines from other svchost lines and they seem to be the same command line.

-=Mark=-

[cluberti]

From the description of the activity, and the fact that the files change as to what it's reading, it's likely that this is being caused by the ReadyBoost and/or Superfetch services. If you stop and disable both of those services, does the problem stop?

[MarkJohnson]

From the description of the activity, and the fact that the files change as to what it's reading, it's likely that this is being caused by the ReadyBoost and/or Superfetch services. If you stop and disable both of those services, does the problem stop?

you're a genius!

I remembered I still had my USB stick in, so I powered down and removed it. Restarted and looked up ReadyBoost and how to disable it. it also listed other services to disabled and after reading them through decided to disable a few more things. Then I couldn't remember the superfetch name and decided to test the changes I made already before checking this message again. it seemed to help a little bit, but it was still grinding pretty good. I then looked up superfetch and disabled it and rebooted and it is now quite for once. Woot!!!!

Thanks once again for all your help and patience with me.

-=Mark=-

p.s. what exactlty does superfetch do? I just thought it was another name for readyboost and worked with the usb sticks. The services.msc just said something like it makes windows run faster - lol

[cluberti]

Superfetch is.... a little more than that . Check it out:

http://blogs.technet.com/askperf/archive/2...readyboost.aspx

[MrCobra]

Superfetch is.... a little more than that . Check it out:

http://blogs.technet.com/askperf/archive/2...readyboost.aspx

It's also a PITA as well when you get hit by out of memory errors while copying files because Superfetch doesn't release memory back to the system when it should.