cluberti Posted September 10, 2007 Share Posted September 10, 2007 I need you to do what I asked - when the hard disk thrashing is occurring on your box, run process monitor and double-click on one of the svchost.exe lines that seem to happen most frequently, and then click on the "Stack" tab. Please post the output of that. Link to comment Share on other sites More sharing options...
MarkJohnson Posted September 11, 2007 Share Posted September 11, 2007 ok, here is the stack list, of the first occurance, from the HP file 1189196448.ini:0 ntoskrnl.exe ntoskrnl.exe + 0xd158 0x1c0d158 C:\Windows\system32\ntoskrnl.exe1 PROCMON11.SYS PROCMON11.SYS + 0x14be 0x13ad34be C:\Windows\system32\Drivers\PROCMON11.SYS2 PROCMON11.SYS PROCMON11.SYS + 0x18ec 0x13ad38ec C:\Windows\system32\Drivers\PROCMON11.SYS3 PROCMON11.SYS PROCMON11.SYS + 0x3c60 0x13ad5c60 C:\Windows\system32\Drivers\PROCMON11.SYS4 fltmgr.sys fltmgr.sys + 0x3699 0x74c699 C:\Windows\system32\drivers\fltmgr.sys5 fltmgr.sys fltmgr.sys + 0x28dc 0x74b8dc C:\Windows\system32\drivers\fltmgr.sys6 fltmgr.sys fltmgr.sys + 0x1d277 0x766277 C:\Windows\system32\drivers\fltmgr.sys7 ntoskrnl.exe ntoskrnl.exe + 0x292343 0x1e92343 C:\Windows\system32\ntoskrnl.exe8 ntoskrnl.exe ntoskrnl.exe + 0x290cf1 0x1e90cf1 C:\Windows\system32\ntoskrnl.exe9 ntoskrnl.exe ntoskrnl.exe + 0x29d0f1 0x1e9d0f1 C:\Windows\system32\ntoskrnl.exe10 ntoskrnl.exe ntoskrnl.exe + 0x2bdcb1 0x1ebdcb1 C:\Windows\system32\ntoskrnl.exe11 ntoskrnl.exe ntoskrnl.exe + 0x299fc8 0x1e99fc8 C:\Windows\system32\ntoskrnl.exe12 ntoskrnl.exe ntoskrnl.exe + 0x4d673 0x1c4d673 C:\Windows\system32\ntoskrnl.exe13 ntdll.dll ntdll.dll + 0x507ca 0x77ca07ca C:\Windows\System32\ntdll.dllThanks a whole lot for taking the time to walk me through this. it is very much appreciated.-=Mark=- Link to comment Share on other sites More sharing options...
cluberti Posted September 11, 2007 Share Posted September 11, 2007 Hmmm, no usermode data (only the ntdll.dll call-in to kernel)... If you could, double-click the svchost.exe line again and tell me what the "Command Line" is? I'm thinking we'll need to break this down to figure it out... Link to comment Share on other sites More sharing options...
MarkJohnson Posted September 11, 2007 Share Posted September 11, 2007 for some reason that HP file doesn't come up anymore. I have switched to the World in Conflict file. wic3.sdf. here is the stack info.0 ntoskrnl.exe ntoskrnl.exe + 0xd158 0x1c0d158 C:\Windows\system32\ntoskrnl.exe1 PROCMON11.SYS PROCMON11.SYS + 0x14be 0x3cbe4be C:\Windows\system32\Drivers\PROCMON11.SYS2 PROCMON11.SYS PROCMON11.SYS + 0x18ec 0x3cbe8ec C:\Windows\system32\Drivers\PROCMON11.SYS3 PROCMON11.SYS PROCMON11.SYS + 0x3c60 0x3cc0c60 C:\Windows\system32\Drivers\PROCMON11.SYS4 fltmgr.sys fltmgr.sys + 0x3699 0x74c699 C:\Windows\system32\drivers\fltmgr.sys5 fltmgr.sys fltmgr.sys + 0x28dc 0x74b8dc C:\Windows\system32\drivers\fltmgr.sys6 fltmgr.sys fltmgr.sys + 0x1d277 0x766277 C:\Windows\system32\drivers\fltmgr.sys7 ntoskrnl.exe ntoskrnl.exe + 0x292343 0x1e92343 C:\Windows\system32\ntoskrnl.exe8 ntoskrnl.exe ntoskrnl.exe + 0x290497 0x1e90497 C:\Windows\system32\ntoskrnl.exe9 ntoskrnl.exe ntoskrnl.exe + 0x29d0f1 0x1e9d0f1 C:\Windows\system32\ntoskrnl.exe10 ntoskrnl.exe ntoskrnl.exe + 0x2bdcb1 0x1ebdcb1 C:\Windows\system32\ntoskrnl.exe11 ntoskrnl.exe ntoskrnl.exe + 0x262b2a 0x1e62b2a C:\Windows\system32\ntoskrnl.exe12 fltmgr.sys fltmgr.sys + 0x2a988 0x773988 C:\Windows\system32\drivers\fltmgr.sys13 fileinfo.sys fileinfo.sys + 0xaf2d 0x73ff2d C:\Windows\system32\drivers\fileinfo.sys14 ntoskrnl.exe ntoskrnl.exe + 0x3308e7 0x1f308e7 C:\Windows\system32\ntoskrnl.exe15 ntoskrnl.exe ntoskrnl.exe + 0x3d6d47 0x1fd6d47 C:\Windows\system32\ntoskrnl.exe16 ntoskrnl.exe ntoskrnl.exe + 0x3dcdc6 0x1fdcdc6 C:\Windows\system32\ntoskrnl.exe17 ntoskrnl.exe ntoskrnl.exe + 0x3df0a9 0x1fdf0a9 C:\Windows\system32\ntoskrnl.exe18 ntoskrnl.exe ntoskrnl.exe + 0x3df362 0x1fdf362 C:\Windows\system32\ntoskrnl.exe19 ntoskrnl.exe ntoskrnl.exe + 0x3e1986 0x1fe1986 C:\Windows\system32\ntoskrnl.exe20 ntoskrnl.exe ntoskrnl.exe + 0x3f21b2 0x1ff21b2 C:\Windows\system32\ntoskrnl.exe21 ntoskrnl.exe ntoskrnl.exe + 0x4d673 0x1c4d673 C:\Windows\system32\ntoskrnl.exe22 ntdll.dll ntdll.dll + 0x5194a 0x774e194a C:\Windows\System32\ntdll.dlland here is the command line:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedI looked at a few of the other command lines from other svchost lines and they seem to be the same command line.-=Mark=- Link to comment Share on other sites More sharing options...
cluberti Posted September 11, 2007 Share Posted September 11, 2007 From the description of the activity, and the fact that the files change as to what it's reading, it's likely that this is being caused by the ReadyBoost and/or Superfetch services. If you stop and disable both of those services, does the problem stop? Link to comment Share on other sites More sharing options...
MarkJohnson Posted September 12, 2007 Share Posted September 12, 2007 From the description of the activity, and the fact that the files change as to what it's reading, it's likely that this is being caused by the ReadyBoost and/or Superfetch services. If you stop and disable both of those services, does the problem stop?you're a genius! I remembered I still had my USB stick in, so I powered down and removed it. Restarted and looked up ReadyBoost and how to disable it. it also listed other services to disabled and after reading them through decided to disable a few more things. Then I couldn't remember the superfetch name and decided to test the changes I made already before checking this message again. it seemed to help a little bit, but it was still grinding pretty good. I then looked up superfetch and disabled it and rebooted and it is now quite for once. Woot!!!!Thanks once again for all your help and patience with me.-=Mark=-p.s. what exactlty does superfetch do? I just thought it was another name for readyboost and worked with the usb sticks. The services.msc just said something like it makes windows run faster - lol Link to comment Share on other sites More sharing options...
cluberti Posted September 12, 2007 Share Posted September 12, 2007 Superfetch is.... a little more than that . Check it out:http://blogs.technet.com/askperf/archive/2...readyboost.aspx Link to comment Share on other sites More sharing options...
MrCobra Posted September 14, 2007 Share Posted September 14, 2007 Superfetch is.... a little more than that . Check it out:http://blogs.technet.com/askperf/archive/2...readyboost.aspxIt's also a PITA as well when you get hit by out of memory errors while copying files because Superfetch doesn't release memory back to the system when it should. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now