vega55

Hello all,

Just got a Toshiba R200-126 laptop.

Have this problem that it access the HD every 2 second, I think its when the direct LAN connection is on, also happens when only the R200 and a router on the network, so its not communicating with a server somewhere.

My conclution is the XP is logging every single package it receives on the LAN. Did try to disable "event log" and "COM+ log" in MSCONFIG, but that didnt solve the problem.

Disinstalled Norton Internet Security and disabled XP Firewall too - still same problem.

How to disable this log ???

Any help on this is very much appreciated.

blackhawk

There is no log of every packet being received on a LAN in a normal Windows setup. Now if there is some error going on that would be logged, such as being denied access to something it is trying to access.

Do you have a virus scanner installed? They can be doing scans in the background and cause hard drive activity. Also are you sure that the system isn't infected with any kind of virus or worm? A lot of nasty things will communicate back home whenever possible sending some information from your PC to wherever.

vega55

I did disinstall Norton, XP firewall is deactivated. So far its either checking up against a security file when it receives a request, or logging every single request . The network is continuasly sending messsages "are you still there", "is this still your adress" etc., but this shouldnt make it access the HD each time it receives an ARP UDP package ?

blackhawk

There is a difference between hard drive activity and network activity. In a normally operating network there is tons of talk, especially a TCP/IP network with Microsoft machines on it. However this has nothing to do with hardrive activity, and for a typical modern PC it shouldn't require and HD access. There is something else causing the problem, not a log of every packet that is received. As I said before unless you have some specific utility running to trace network activity you won't.

So I ask again, is there any chance that you have an infected computer? By the fact that you removed all security applications from the PC I tend to think you are infected with something, and that is why you are having problems.

vega55

This is on clean installation, before I did connect to LAN I installed Norton Internet Security. When I discovered that it access the HD I started to disinstall program by program.

Did re-enable log in MSCONFIG, the log files shows no such log, so must be something else.

Will now make a full system restore from the restore-CD, and test again. Have also made an extra partition with PartitionMagic, and will try to install W2K proff - but need an USB CD-reader

Thanks so far - Ill return.

blackhawk

You don't need to run off and install for, it won't solve anything. Especially if from a clean install you already had the problem. First see what is causing your problem before using the dynamite solution, it is porbably something simple that could be solved without the need to format.

But whatever.

vega55

Hi Erik,

Did some more research. It appears as XP is logging in the dir
windows/system32/wbem/repository/FS
index.btr
index.map
mapping.ver
mapping1.map
mapping2.map
objects.dat
objects.map

The above files gets changed/updated every 2 seconds - which is when there is LAN activity.

A search on Google and Yahoo give very limited clues, something about prefecth ?

Also have a Acer C110 tablet PC, the FS dir have the index.* and object.* files, but not the mapping*.* files, and the files are quite old - so no logging here ( the C110 is connected LAN to the same switch ).

Any help on how to disable this prefetch/logging is very much appreciated.

heatwave

This is not a logging problem : )
You have a application running that is probably talking to a web based application. Prefetch is normal and helps speed up the machine. Mucking about with things you dont understand leads to very odd issues and impossible troubleshooting.

ARP requests are normal and happen constantly between a network device and a client. I assume your running packet sniffer (if your seeign arp requests). If so you can watch the requests for non-arp related issues. The problem you have is you have no baseline for normal, since you do not your looking at a snapshot and assuming an issue.
Laptops have special issues with power, turning on Hibernate can cause issues with the HD running more than normal. It could also simply be a connection based application that fires off when web activity is detected. It could be malignant or normal depending on what is going on. A packet sniffer would tell you all you need to know in about 60 seconds.

blackhawk

Also, did you try to see if it does the same HD access when you have no connection to a network? It could just be using the page file if you don't have enough RAM, and no amount of formating and playing around will stop that.

blackhawk

You seem to be set on the conclusion that it is a problem with Windows logging your every packet. It isn't, that just doesn't happen. As far as network traffic always going around, yeah that much is true, but that is just how it is. Stop those constant packets, and you lose the network. At a very basic level it is just each computer making sure it is aware of ny changes that might have occured. It doesn't get written to the hardrive or anything, and with a good NIC won't even use a processor cycle.

Don't mess with prefetch, if you do you will be sorry. As mentioned it is designed to help your computer run faster by "learning" your usage habits and load things from the HD that it thinks you will be using. It is to cut down on the bottleneck from HD to RAM to CPU. Again it isn't something that should be using excessive HD reads or writes.

Most likely it is as mentioned previously some application, either good or bad, that is sending/receiving data when connected to a network. It could be something like a trojan sending the contents of your hard drive off to its master. Or it could just be some application checking for updates or something innocent like that. Setup a firewall with no rules, and see what is trying to access the network. When you see something you don't know, it is a suspect. Or a packet sniffer would tell you too.

Just a thought, are Offline Files enabled? That would cause a lot of HD activity when on a network as it syncs up.