Constant disk access on an nf4/msi k8n SLI the ticking is driving me mad :)
I've got a weird problem, something's accessing my harddrive constantly. I know it's not a problem with the drive as i dual boot to linux and drive behaves itself perfectly there.

I downloaded "filemon" from sysinternals and maanaged to track it down to "nSvcLog.exe" which seems to be part of the nforce4 drivers.

I closed all my apps and ran filemon and captured the stuff below, anyone please advise on what i can change to stop this process keep reading/writing to my disk, the ticking is driving me mad :)

Thanks


[code]23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\winlogon.exe SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\winlogon.exe SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\winlogon.exe SUCCESS Length: 502272
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\winlogon.exe SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\hnetcfg.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Length: 344064
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\hnetcfg.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\hnetcfg.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\hnetcfg.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\netshell.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Length: 18944
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemcomn.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemcomn.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemcomn.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Attributes: D
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Length: 43520
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Length: 472064
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\MSVCP60.dll FILE NOT FOUND Attributes: Error
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\MSVCP60.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\MSVCP60.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\MSVCP60.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\NTDSAPI.dll FILE NOT FOUND Attributes: Error
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\NTDSAPI.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\NTDSAPI.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\NTDSAPI.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\DNSAPI.dll FILE NOT FOUND Attributes: Error
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\DNSAPI.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\DNSAPI.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\DNSAPI.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\netcfgx.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\netcfgx.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\netcfgx.dll SUCCESS Length: 622080
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\netcfgx.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\netcfgx.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\netcfgx.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\netcfgx.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\CLUSAPI.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\CLUSAPI.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\CLUSAPI.dll SUCCESS  
23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 2026132 Length: 740
23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 0 Length: 4
23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 4 Length: 4
23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 8 Length: 4
23:23:29 nSvcLog.exe:1868 WRITE  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 2026872 Length: 740
23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 0 Length: 4
23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 4 Length: 4[/code]
I've got a weird problem, something's accessing my harddrive constantly. I know it's not a problem with the drive as i dual boot to linux and drive behaves itself perfectly there.



I downloaded "filemon" from sysinternals and maanaged to track it down to "nSvcLog.exe" which seems to be part of the nforce4 drivers.



I closed all my apps and ran filemon and captured the stuff below, anyone please advise on what i can change to stop this process keep reading/writing to my disk, the ticking is driving me mad :)



Thanks





23:23:27	nSvcIp.exe:1632	QUERY INFORMATION	C:\WINDOWS\system32\winlogon.exe	SUCCESS	Attributes: A	

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\winlogon.exe SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\winlogon.exe SUCCESS Length: 502272

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\winlogon.exe SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\hnetcfg.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Length: 344064

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\hnetcfg.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\hnetcfg.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\hnetcfg.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\netshell.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Length: 18944

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemprox.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemcomn.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemcomn.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemcomn.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Attributes: D

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Length: 43520

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\wbemsvc.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Length: 472064

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\wbem\fastprox.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\MSVCP60.dll FILE NOT FOUND Attributes: Error

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\MSVCP60.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\MSVCP60.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\MSVCP60.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\NTDSAPI.dll FILE NOT FOUND Attributes: Error

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\NTDSAPI.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\NTDSAPI.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\NTDSAPI.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\wbem\DNSAPI.dll FILE NOT FOUND Attributes: Error

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\DNSAPI.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\DNSAPI.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\DNSAPI.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\netcfgx.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\netcfgx.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\netcfgx.dll SUCCESS Length: 622080

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\netcfgx.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\netcfgx.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\netcfgx.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\netcfgx.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\System32\CLUSAPI.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\System32\CLUSAPI.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\System32\CLUSAPI.dll SUCCESS  

23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 2026132 Length: 740

23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 0 Length: 4

23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 4 Length: 4

23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 8 Length: 4

23:23:29 nSvcLog.exe:1868 WRITE  C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 2026872 Length: 740

23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 0 Length: 4

23:23:29 nSvcLog.exe:1868 WRITE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\nvdb02.adghz SUCCESS Offset: 4 Length: 4

#1
Posted 02/27/2005 11:41 PM   
I believe those processes belong to the nvidia firewall. The firewall logs events constantly, mine logged 75 thousands events in less than 24hours of uptime and then reset back to zero. Try disabling the logging features for the firewall.
I believe those processes belong to the nvidia firewall. The firewall logs events constantly, mine logged 75 thousands events in less than 24hours of uptime and then reset back to zero. Try disabling the logging features for the firewall.

#2
Posted 02/28/2005 11:29 PM   
[quote name='_Belial' date='Feb 27 2005, 07:41 PM']I've got a weird problem, something's accessing my harddrive constantly. I know it's not a problem with the drive as i dual boot to linux and drive behaves itself perfectly there.

I downloaded "filemon" from sysinternals and maanaged to track it down to "nSvcLog.exe" which seems to be part of the nforce4 drivers.

I closed all my apps and ran filemon and captured the stuff below, anyone please advise on what i can change to stop this process keep reading/writing to my disk, the ticking is driving me mad :)

Thanks
[code]23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\winlogon.exe SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\winlogon.exe SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\winlogon.exe SUCCESS Length: 502272
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\winlogon.exe SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Attributes: A
23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\hnetcfg.dll SUCCESS Options: Open  Access: Execute
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Length: 344064
23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\hnetcfg.dll SUCCESS  
23:23:27 nSvcIp.exe:1632 QUERY INFORMATION  [/code]
[right][post="20117"]<{POST_SNAPBACK}>[/post][/right][/quote]

I have the same problem: the disk is continuously flogged (many accesses per second according to Filemon) by NSVCIP.EXE -- Search finds this file is in the Program Files/nVidia Corporation/NAM folder and the Windows\Prefetch.

Setting Task Manager to display I/O Reads and I/O writes, SVCHOST and LSASS each show I/O activity but nVscip.exe shows no I/O.

I found this disk problem with the original nVidia drivers and firewall. I did a clean install of XP Home SP2 plus the 6.53 drivers and the ATI Catalyst driver -- the disk flogging persists.

I have turned firewall logging off; the disk activity persists.

I have turned the firewall off; the disk activity persists.

It is puzzling how the NSVCIP program can continue to access the disk with logging and the firewall off and not show activity in Task Manager... but it does. On my system, the activity seems to be dll's being accessed, many with wbem (probably Web Based Enterprise Management) which may be related to the Apache server?

Anyone else seeing this constant thrashing? Any ideas on how to stop it? Or what it is doing? /argh.gif' class='bbc_emoticon' alt=':argh:' />


The following is captured with SysInternals' FileMon - note the short time period:

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Attributes: A
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Options: Open Access: Execute
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Length: 18944
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Attributes: A
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Options: Open Access: Execute
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS Attributes: A
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS Options: Open Access: Execute
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Attributes: D
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\WBEM\Logs\ SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Attributes: A
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Options: Open Access: Execute
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Length: 43520
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Attributes: A
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Options: Open Access: Execute
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Attributes: A
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Options: Open Access: Execute
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Length: 472064
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Attributes: A
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Options: Open Access: Execute
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\MSVCP60.dll FILE NOT FOUND Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\MSVCP60.dll SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\MSVCP60.dll SUCCESS Attributes: A
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\MSVCP60.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\MSVCP60.dll SUCCESS Options: Open Access: Execute
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\MSVCP60.dll SUCCESS
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\NTDSAPI.dll FILE NOT FOUND Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\NTDSAPI.dll SUCCESS Options: Open Access: All
1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\NTDSAPI.dll SUCCESS Attributes: A
1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\NTDSAPI.dll SUCCESS
[quote name='_Belial' date='Feb 27 2005, 07:41 PM']I've got a weird problem, something's accessing my harddrive constantly. I know it's not a problem with the drive as i dual boot to linux and drive behaves itself perfectly there.



I downloaded "filemon" from sysinternals and maanaged to track it down to "nSvcLog.exe" which seems to be part of the nforce4 drivers.



I closed all my apps and ran filemon and captured the stuff below, anyone please advise on what i can change to stop this process keep reading/writing to my disk, the ticking is driving me mad :)



Thanks

23:23:27	nSvcIp.exe:1632	QUERY INFORMATION	C:\WINDOWS\system32\winlogon.exe	SUCCESS	Attributes: A	

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\winlogon.exe SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\winlogon.exe SUCCESS Length: 502272

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\winlogon.exe SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Attributes: A

23:23:27 nSvcIp.exe:1632 OPEN C:\WINDOWS\system32\hnetcfg.dll SUCCESS Options: Open  Access: Execute

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION C:\WINDOWS\system32\hnetcfg.dll SUCCESS Length: 344064

23:23:27 nSvcIp.exe:1632 CLOSE C:\WINDOWS\system32\hnetcfg.dll SUCCESS  

23:23:27 nSvcIp.exe:1632 QUERY INFORMATION  


[post="20117"]<{POST_SNAPBACK}>[/post]




I have the same problem: the disk is continuously flogged (many accesses per second according to Filemon) by NSVCIP.EXE -- Search finds this file is in the Program Files/nVidia Corporation/NAM folder and the Windows\Prefetch.



Setting Task Manager to display I/O Reads and I/O writes, SVCHOST and LSASS each show I/O activity but nVscip.exe shows no I/O.



I found this disk problem with the original nVidia drivers and firewall. I did a clean install of XP Home SP2 plus the 6.53 drivers and the ATI Catalyst driver -- the disk flogging persists.



I have turned firewall logging off; the disk activity persists.



I have turned the firewall off; the disk activity persists.



It is puzzling how the NSVCIP program can continue to access the disk with logging and the firewall off and not show activity in Task Manager... but it does. On my system, the activity seems to be dll's being accessed, many with wbem (probably Web Based Enterprise Management) which may be related to the Apache server?



Anyone else seeing this constant thrashing? Any ideas on how to stop it? Or what it is doing? /argh.gif' class='bbc_emoticon' alt=':argh:' />





The following is captured with SysInternals' FileMon - note the short time period:



1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Attributes: A

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Options: Open Access: Execute

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Length: 18944

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Attributes: A

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS Options: Open Access: Execute

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemprox.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS Attributes: A

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS Options: Open Access: Execute

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemcomn.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\WBEM\Logs\ SUCCESS Attributes: D

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\WBEM\Logs\ SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Attributes: A

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Options: Open Access: Execute

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Length: 43520

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Attributes: A

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS Options: Open Access: Execute

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\wbemsvc.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Attributes: A

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Options: Open Access: Execute

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Length: 472064

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Attributes: A

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS Options: Open Access: Execute

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\wbem\fastprox.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\MSVCP60.dll FILE NOT FOUND Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\MSVCP60.dll SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\MSVCP60.dll SUCCESS Attributes: A

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\MSVCP60.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\MSVCP60.dll SUCCESS Options: Open Access: Execute

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\MSVCP60.dll SUCCESS

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\wbem\NTDSAPI.dll FILE NOT FOUND Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 OPEN C:\WINDOWS\system32\NTDSAPI.dll SUCCESS Options: Open Access: All

1:12:29 PM NSVCIP.EXE:124 QUERY INFORMATION C:\WINDOWS\system32\NTDSAPI.dll SUCCESS Attributes: A

1:12:29 PM NSVCIP.EXE:124 CLOSE C:\WINDOWS\system32\NTDSAPI.dll SUCCESS

#3
Posted 04/26/2005 05:26 PM   
Hi,

I'm having the same problem as you. Small but constant disk access by nsvclog.exe
It also take a lot of memory.

I have a ECS mobo nf4-A939 can't find how to see the version of the Forceware instaled.
Hi,



I'm having the same problem as you. Small but constant disk access by nsvclog.exe

It also take a lot of memory.



I have a ECS mobo nf4-A939 can't find how to see the version of the Forceware instaled.

#4
Posted 06/04/2005 10:47 AM   
I removed NAM and installed the 7.12 Beta Intel SMB and Ethernet drivers plus NAM in my VNF4 (AMD 64) and it seems OK so far. I did not install the IDE or audio drivers.

OS = XP-SP2 Home, patched to latest as of 6/14/05.

Good news: The 7.12 installer worked properly, didn't have to re-load XP as I did with 6.53. Ethernet seems to work more smoothly now. /thumbup.gif' class='bbc_emoticon' alt=':thumbup:' />

Bad News: Same old crap with NSVCIP flogging my disk several times per second so NAM still has "issues". /thumbsdown.gif' class='bbc_emoticon' alt=':thumbsdown:' />
I removed NAM and installed the 7.12 Beta Intel SMB and Ethernet drivers plus NAM in my VNF4 (AMD 64) and it seems OK so far. I did not install the IDE or audio drivers.



OS = XP-SP2 Home, patched to latest as of 6/14/05.



Good news: The 7.12 installer worked properly, didn't have to re-load XP as I did with 6.53. Ethernet seems to work more smoothly now. /thumbup.gif' class='bbc_emoticon' alt=':thumbup:' />



Bad News: Same old crap with NSVCIP flogging my disk several times per second so NAM still has "issues". /thumbsdown.gif' class='bbc_emoticon' alt=':thumbsdown:' />

#5
Posted 06/15/2005 06:28 PM   
:magic: hi,
I am not an expert but I could stop this crazy thing .I have also K8N but didn't have this problem before upgrading.
Since I don't know exactly which function I stopped please don't blame me.

what I did :
msconfig "run"
then
services tag
then disabled the Forceware IP service.
restart

That stopped disk acsess and the NsvcIp.exe

good luck /w00t.gif' class='bbc_emoticon' alt=':w00t:' />
:magic: hi,

I am not an expert but I could stop this crazy thing .I have also K8N but didn't have this problem before upgrading.

Since I don't know exactly which function I stopped please don't blame me.



what I did :

msconfig "run"

then

services tag

then disabled the Forceware IP service.

restart



That stopped disk acsess and the NsvcIp.exe



good luck /w00t.gif' class='bbc_emoticon' alt=':w00t:' />

#6
Posted 01/13/2006 12:18 AM   
There are two issues here both of which can be easily resolved.

To stop the seemingly endless 'disk accesses', go to Device Manager --> IDE/ATAPI controllers --> nVidia nForce4 ADMA controller --> Primary Channel --> remove the checkmark from "Enable Command Queuing" --> Apply/OK.
There isn't anything trying to access your HD, it's just the NCQ technology trying to reorder the operating system commands. Unfortunately, NCQ (Native Command Queuing) evolved after Windows XP and the two technologies don't seem to talk to each other properly in my experience.

To troubleshoot the other one which is network related, go to Start --> Run, type: [b]CMD[/b] and hit Enter to get a command prompt. Then type this command: [color="blue"]netsh winsock reset[/color] Hit Enter and reboot.

For some unknown reason, installing the chipset drivers corrupts the OS Winsock2 file. It's most noticeable in multiplayer games where the ping to the server is out of all proportion to its location. In this first [url="http://img479.imageshack.us/img479/5032/badpings9ir.jpg"]screenshot[/url], pings to servers located in the UK and Germany are excessive at over 3000ms. After resetting the Winsock2 file via the above mentioned command, ping times drop to around 16ms as shown [url="http://img479.imageshack.us/img479/5655/goodpings7ex.jpg"]here[/url].
There are two issues here both of which can be easily resolved.



To stop the seemingly endless 'disk accesses', go to Device Manager --> IDE/ATAPI controllers --> nVidia nForce4 ADMA controller --> Primary Channel --> remove the checkmark from "Enable Command Queuing" --> Apply/OK.

There isn't anything trying to access your HD, it's just the NCQ technology trying to reorder the operating system commands. Unfortunately, NCQ (Native Command Queuing) evolved after Windows XP and the two technologies don't seem to talk to each other properly in my experience.



To troubleshoot the other one which is network related, go to Start --> Run, type: CMD and hit Enter to get a command prompt. Then type this command: netsh winsock reset Hit Enter and reboot.



For some unknown reason, installing the chipset drivers corrupts the OS Winsock2 file. It's most noticeable in multiplayer games where the ping to the server is out of all proportion to its location. In this first screenshot, pings to servers located in the UK and Germany are excessive at over 3000ms. After resetting the Winsock2 file via the above mentioned command, ping times drop to around 16ms as shown here.

#7
Posted 01/13/2006 02:32 PM   
Scroll To Top