Solved

Disk spage agressively being chewed up by something

Posted on 2007-03-19
10
1,013 Views
Last Modified: 2012-06-21
Hi Experts,
   I really hope you can help me out on this one cause I've been banging my head  on it all weekend. I have a windows 2003 server running Exchange 2003 e also have ISA server installed. Everything was fine until last Thursday when the server reported it had no more disk space available. That sounded strange so I removed some log files and some unused files freeing up about 8gig of data. The whole sytem went back to normal when all of a sudden I noticed the disk space going out rapidly at a rate of 1 gig per min. I thought someone was in our network so I disconnected the server isolating him still the space was being chewed up. I did a seach on modified files but nothing came up. Needless to say the server became really slow. Any Idea what this can be ? I checked the ttask manager and everything looked normal. We aslo have AVG installed and it did not detect any viruses on the system.
0
Comment
Question by:Biju708
  • 9
10 Comments
 

Author Comment

by:Biju708
ID: 18748066
I am attaching the log from hijakthis maybe you can have a better idea.

Logfile of HijackThis v1.99.1
Scan saved at 3:03:55 PM, on 3/19/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GFI\MailSecurity\msecatt.exe
C:\Program Files\GFI\MailEssentials\msecatt.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Exchsrvr\bin\srsmain.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\GFI\Network Server Monitor\Server\iothrust.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\COM\logread.exe
C:\Program Files\GFI\MailSecurity\autdlsvc.exe
C:\Program Files\Microsoft SQL Server\80\COM\logread.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft ISA Server\isastg.exe
C:\WINDOWS\system32\wuauclt.exe
F:\WindowsServer2003-KB914961-SP2-x86-ENU.exe
e:\5d22ab50bde17113ac1da2795a2d\i386\update\update.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168697083281
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\Software\..\Telephony: DomainName = asp-consulting.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = asp-consulting.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{276CD682-4C13-43FB-BE85-DCC1CFFC7335}: NameServer = 212.56.128.196,212.56.128.132
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: GFI virusdef updater (autdlsvc) - GFI Software - C:\Program Files\GFI\MailSecurity\autdlsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GFI Content Security Attendant - GFI Software Ltd. - C:\Program Files\GFI\MailSecurity\msecatt.exe
O23 - Service: GFI MailEssentials Attendant - Unknown owner - C:\Program Files\GFI\MailEssentials\msecatt.exe" -service (file missing)
O23 - Service: GFI POP2Exchange - GFI Software Ltd. - C:\Program Files\GFI\MailEssentials\pop2exch.exe
O23 - Service: GFI Network Server Monitor (GfiNmSvc) - GFI Software Ltd. - C:\Program Files\GFI\Network Server Monitor\Server\GfiNmSvc.exe
O23 - Service: GFI List Server (listserv) - GFI Software Ltd - C:\Program Files\GFI\MailEssentials\ListServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: MSSQL$MSFW - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Binn\sqlservr.exe" -sMSFW (file missing)
O23 - Service: Persits Software EmailAgent - Unknown owner - C:\Program Files\Persits Software\AspEmail\BIN\EmailAgent.exe" /run (file missing)
O23 - Service: SQLAgent$MSFW - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Binn\sqlagent.EXE" -i MSFW (file missing)

0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 18748107
Have you backed up Exchange and cleared your transaction logs recently?
0
 

Author Comment

by:Biju708
ID: 18748132
no not recently KCTS
0
 

Author Comment

by:Biju708
ID: 18748276
I'm doing a backup right now KCTS the store and site replication services using NT backup. Will transaction logs automatically clear after backup ?
0
 

Author Comment

by:Biju708
ID: 18749248
did that but it did not help at all I still have the same problem. Any other ideas ?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:Biju708
ID: 18750197
What I noticed now is that after a restart everything works fine, then after about 10 minutes Outlook clients will not update their emails from the server this will then start the disk consumpion on the server. I am really at a loss here since I have never seen anything like it. any help will really be appreciated.
0
 

Author Comment

by:Biju708
ID: 18758367
NOw I just cloned the drive and replaced it with a new one maybe it was a drive problem
0
 

Author Comment

by:Biju708
ID: 18765871
That did not do the trick either. I'm really at a loss now no idea what it could be.
0
 

Author Comment

by:Biju708
ID: 18766375
I am now checking the login logs and it seems that the server crashes evertime a particular user logs in via MAC entourage is it a possibility or that cannot be ?

0
 

Author Comment

by:Biju708
ID: 18769809
I think I found the solution here

http://msexchangetips.blogspot.com/2006/08/exchange-transaction-log-files-growing.html

I will test it out and see what happens.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now