Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Disk spage agressively being chewed up by something

Posted on 2007-03-19
10
1,022 Views
Last Modified: 2012-06-21
Hi Experts,
   I really hope you can help me out on this one cause I've been banging my head  on it all weekend. I have a windows 2003 server running Exchange 2003 e also have ISA server installed. Everything was fine until last Thursday when the server reported it had no more disk space available. That sounded strange so I removed some log files and some unused files freeing up about 8gig of data. The whole sytem went back to normal when all of a sudden I noticed the disk space going out rapidly at a rate of 1 gig per min. I thought someone was in our network so I disconnected the server isolating him still the space was being chewed up. I did a seach on modified files but nothing came up. Needless to say the server became really slow. Any Idea what this can be ? I checked the ttask manager and everything looked normal. We aslo have AVG installed and it did not detect any viruses on the system.
0
Comment
Question by:Biju708
  • 9
10 Comments
 

Author Comment

by:Biju708
ID: 18748066
I am attaching the log from hijakthis maybe you can have a better idea.

Logfile of HijackThis v1.99.1
Scan saved at 3:03:55 PM, on 3/19/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GFI\MailSecurity\msecatt.exe
C:\Program Files\GFI\MailEssentials\msecatt.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Exchsrvr\bin\srsmain.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\GFI\Network Server Monitor\Server\iothrust.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\COM\logread.exe
C:\Program Files\GFI\MailSecurity\autdlsvc.exe
C:\Program Files\Microsoft SQL Server\80\COM\logread.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft ISA Server\isastg.exe
C:\WINDOWS\system32\wuauclt.exe
F:\WindowsServer2003-KB914961-SP2-x86-ENU.exe
e:\5d22ab50bde17113ac1da2795a2d\i386\update\update.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168697083281
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\Software\..\Telephony: DomainName = asp-consulting.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: GFI virusdef updater (autdlsvc) - GFI Software - C:\Program Files\GFI\MailSecurity\autdlsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GFI Content Security Attendant - GFI Software Ltd. - C:\Program Files\GFI\MailSecurity\msecatt.exe
O23 - Service: GFI MailEssentials Attendant - Unknown owner - C:\Program Files\GFI\MailEssentials\msecatt.exe" -service (file missing)
O23 - Service: GFI POP2Exchange - GFI Software Ltd. - C:\Program Files\GFI\MailEssentials\pop2exch.exe
O23 - Service: GFI Network Server Monitor (GfiNmSvc) - GFI Software Ltd. - C:\Program Files\GFI\Network Server Monitor\Server\GfiNmSvc.exe
O23 - Service: GFI List Server (listserv) - GFI Software Ltd - C:\Program Files\GFI\MailEssentials\ListServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: MSSQL$MSFW - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Binn\sqlservr.exe" -sMSFW (file missing)
O23 - Service: Persits Software EmailAgent - Unknown owner - C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe" /run (file missing)
O23 - Service: SQLAgent$MSFW - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Binn\sqlagent.EXE" -i MSFW (file missing)

0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 18748107
Have you backed up Exchange and cleared your transaction logs recently?
0
 

Author Comment

by:Biju708
ID: 18748132
no not recently KCTS
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:Biju708
ID: 18748276
I'm doing a backup right now KCTS the store and site replication services using NT backup. Will transaction logs automatically clear after backup ?
0
 

Author Comment

by:Biju708
ID: 18749248
did that but it did not help at all I still have the same problem. Any other ideas ?
0
 

Author Comment

by:Biju708
ID: 18750197
What I noticed now is that after a restart everything works fine, then after about 10 minutes Outlook clients will not update their emails from the server this will then start the disk consumpion on the server. I am really at a loss here since I have never seen anything like it. any help will really be appreciated.
0
 

Author Comment

by:Biju708
ID: 18758367
NOw I just cloned the drive and replaced it with a new one maybe it was a drive problem
0
 

Author Comment

by:Biju708
ID: 18765871
That did not do the trick either. I'm really at a loss now no idea what it could be.
0
 

Author Comment

by:Biju708
ID: 18766375
I am now checking the login logs and it seems that the server crashes evertime a particular user logs in via MAC entourage is it a possibility or that cannot be ?

0
 

Author Comment

by:Biju708
ID: 18769809
I think I found the solution here

http://msexchangetips.blogspot.com/2006/08/exchange-transaction-log-files-growing.html

I will test it out and see what happens.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question