Win XP page fil high usage and NTfs 55 ERROR

[vicky116]

hello, back after a long time. my hard drivw had crashed last november and the engineer got it repaired. i lost some data but mostly he managed to save it. The system was working fine till now i am having problems for 2-3 weeks now.

here are first my system details:

Microsoft Win XP professional
version 2002
SP 2
PENTIUM(R) 4 CPU 2.40 GHz
2.39 GHz, 240 MB RAM

I CHECKED SYS INFO, following was given:
total physical memory: 256.00 mb
available physical memory: 61.68 mb
total virtual memory: 2.00 gb
available virtual memory: 1.96 gb
page file: D:\pagefile.sys

i could not detect any hardware conflicts. ok so here are the problems:

whenever i startup the system always checks file system.
PC behaves normally at first but as soon as i run I.E. or firefox, google chrome or opera (i.e. any browser) and connect to the net, it works at first but say after 1 hour or so stops and hangs. so i ran Task Manager to end task and checked the usage and processes!

whenever the above happens the page file usage peaks alarmingly 600-700/1025m CURRETLY. (it was even higher before, i tried deleting files and moved some from D: to F: drive. still the problem has marginally improved. the processes get alarmingly slow and virtually halt unless i end process of which ever browser i am using.

even normally the usage is 250 MB like a straight line with absolutely no dips! its a constant value!

I had checked the event viewer before but it didnt show anything unusual but today i checked after a week and saw error messages.

Event Type: Error
Event Source: Ntfs
Event Category: Disk
Event ID: 55

so i read up on it, it says its a "The file system on the volume might be corrupt due to one or more of the following reasons:

The disk might have bad sectors.
I/O requests issued by the file system to the disk subsystem might not have been completed successfully."

here are me questions:

What seems to be the problem is it H/W or S/W related?
Do you think its related to temperature?
Is D: drive corrupted? and or page file corrupted/has errors?
Do you think i need to backup all my data ASAP? if so please tell me if there are some free online backup data options too for the video files especially.

what i need to do? chkdsk and how do i run it? what causes NTFS file system to become corrupt?

thanx

 

[Slaymate]

Upgrade your ram to 2GB. Your hard drive may also need the temp files cleaned out, and if it more than a few years old it (the hard drive) may need replacing.

 

[vicky116]

first of all some more info if this will help:
at startup its always D: drive thats checked for errors! and like i had posted in the other thread, D: drive space is always getting filled fast!

you dont think its some virus right? i have inly malware bytes on my comp. K7 has a firewall but now its outdated!

yes i will try to upgrade Ram by adding more memory.

how do i clean off "temp" files?


yes my comp is from 2003 so you think its the hard drive thats causing the problems now?
how do i go about replacing it?

and i will need to backup my data right?

thanx again.


P.S. i defragmented every drive i have but it wouldnt let me even analyze D drive!!! this the message i get.
"dist defragmenter has detected that Chkdsk is scheduled to run on the volume: (D).
Please run Chkdsk /f."

now what does this mean? how do i run?

 

[Slaymate]

chkdsk /f is telling Windows to check the disk and repair any errors it finds. The chkdsk command should be run from a command prompt outside of the Windows operating environment.

To clean out your temp files open My Computer, right click on the hard drive and choose Properties. You should see a box labeled Disk Cleanup.

Who is the manufacturer of your D: drive? What is the Model# of the D: drive?

Go to the manufacturers website and look for a downloadable diagnostic tool for your drive, it maybe model number specific.

 

[vicky116]

how do i run chkdsk /f from outside the windows environment?

how do i know who is the manufacturer? is there any place i can look?

 

[Kharn]

how do i run chkdsk /f from outside the windows environment?

how do i know who is the manufacturer? is there any place i can look?

Boot into safe mode with command prompt (keep pressing F8 after the BIOS screen) then you can run chkdsk /f.

 

[vicky116]

well i ran chkdsk /f from startup -> run and it asked me it will run next time on startup, so i pressed "y" and restarted.

it did run and didnt detect anything!

so now i tried to defrag the D: drive, but it wouldnt let, again i got the "same old" message!

"dist defragmenter has detected that Chkdsk is scheduled to run on the volume: (D).
Please run Chkdsk /f".

i have already defragmented every other drive now, C, E, F, G except D. And my windows software is installed on D itself!

actually previously when my comp had crashed last November, i had dual boot with WIN98 and WINXP. 98 was on C and XP was on E drive. After it crashed, the engineer guy removed the 98 system completely and reinstalled XP on D. although i think some components are divided between D and E. (not too sure what he did)

since my computer had come pre-installed when i bought it, i didnt get the windows CD, i only called him up whenever i had any problems.

but now i think my system might be reaching the end of its line after 9 years(using since 2003).

dont know whats happening with the D drive!

any suggestions? you dont think its some virus or something?


*****************************
AN UPDATE:

ok, i am editing this post only, cause one isnt allowed to post successively or so, i was warned officially long back, so so so...

Anways here's what happened meanwhile. I tried to run chkdsk from My Computer -> Properties-> Tools->Error Checking

so it said "it would check on restart" which it did manage to do.
ok file verification was completed.
index verification was completed.
security descriptor verification was completed.
file data verification was completed.
free space was verified.
Result: The file system is NTFS. the volume is clean. chkdsk has finished verifying volume.

Again i went to My Computer->Properties->Tools->Defrag

this time it actually worked and i managed to defrag although not all files could be defragmented!

Here is the report:

Volume (D
Volume size = 9.77 GB
Cluster size = 4 KB
Used space = 6.83 GB
Free space = 2.94 GB
Percent free space = 30 %

Volume fragmentation
Total fragmentation = 13 %
File fragmentation = 24 %
Free space fragmentation = 3 %

File fragmentation
Total files = 45,862
Average file size = 227 KB
Total fragmented files = 8
Total excess fragments = 13,193
Average fragments per file = 1.28

Pagefile fragmentation
Pagefile size = 800 MB
Total fragments = 122

Folder fragmentation
Total folders = 4,016
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 59 MB
MFT record count = 50,174
Percent MFT in use = 83 %
Total MFT fragments = 4

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
3 45 MB \System Volume Information\_restore{F913ADD7-0C6E-45E2-9A40-1A413684CB2E}\RP130\A0410619.exe
12 70 MB \WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\download\WindowsXP-SP3-x86fre-USA-5512.psf.blob
609 82 MB \Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\Installer\chrome.7z
2,799 232 MB \My document\a\reload2cam\devi2.avi
4,612 295 MB \My document\a\reload2cam\devi01.avi
5,063 316 MB \My document\a\reload2cam\mintak.avi

Additionally i moved many of the video files from D: to F: and also deleted tons and tons of files which were exact copies of my saved files on C:! (like *.txt, *.mp3, etc). I dont understand how there could be duplicate of saved files on C: to D: and these werent exactly the data the engineer had backed up during my crash but even some files i had saved last month!

how could files get saved to 2 drives? i will run Trend Micro later and see the results. meanwhile anyone can figure whats going on with this Sys???

 

[vicky116]

Trend Micro Found 1 rootkit (whatever that is) and 1 trojan( it says TSPY KATES.SMF).

THE TROJAN WAS FIXED AND THE ROOTKIT HAD TO BE FIXED ON RESTART, SO I DID THE RESTART AND SAW THE "BLUE SCREEN" WITH FOLLOWING MESSAGE:

"A problem has been detected and windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following file: rdbss.sys.

The driver unloaded without cancelling pending operations.

If this is the first time you've seen this stop error screen, restart you r computer. if this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

rdbss.sys
Beginning dump of physical memory.
Physical memory dump complete.
Contact your system administrator or tech support for further assistance."

The system then ran CHKDSK on all drives and the desktop showed up. I got following message too:

"The system has recovered from a serious error." (it gave some technical info on error report)

i check Trend Micro for previous scans, and it showed both those threats have been removed.

Ok so what just happened with my system????
can anyone please tell me whats going on here?

Sorry for putting new post successively, i dont know how many times i must edit my old post now!! done that 3 times already! That post looks like a thesis now!

 

[Joe C]

Ack... a rootkit!!
http://en.wikipedia.org/wiki/Rootkit
imho, when dealing with rootkits I believe the best and most secure option is a low level format. Others may be of another opinion here but if I were you I would start backing up my important data onto another medium and run killdisk or something similar to that
Active@ Kill Disk. Hard Drives Eraser. Free Download.

It's possible that someone may help you clean it up, but it has been compromised

Edit: running killdisk will remove everything from your pc, so before you consider this option, be sure you have your XP or recovery disk and all of your drivers