Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Vsmon.exe checked it with Procmon.exe - Any reason for the 24/7 read write of files listed below?

  1. #1
    madusmacus Guest

    Default Vsmon.exe checked it with Procmon.exe - Any reason for the 24/7 read write of files listed below?

    New VASS person here newest stable release 7.0.473Many clean installsMany resets of the database using Shift-Right click spells
    I have checked Vsmon.exe
    with sysinternals Procmon.exe and it shows continious read/write of these file
    ZALog.txt , IAMDB.RDB and <mycomputer>.ldb
    1) .... Is there any reason for this (over 130,000 reads and 43,000) writes in a few minutes?
    I have tried this with nothing running on my computer but the desktop and procmon.exe confirms nothing else running
    I am worried about the long term effects of this continual read/write cycle on my disk as it seems excessiveI cant see the reason for Not
    Buffering This IO.
    2) ..... Also has this behaviour become better in the beta?
    I read that none of you are emplyees its jsut a palce for users to talk but maybe someone knows whats going on
    Many thanks :
    )
    ------below is a <1 second snipet of whats going on24946
    14:40:39.7302445
    vsmon.exe
    1276
    FASTIO_WRITE
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    FAST IO DISALLOWED
    Offset: 267,776, Length: 512
    24947
    14:40:39.7302539
    vsmon.exe
    1276
    IRP_MJ_WRITE
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS
    Offset: 267,776, Length: 512
    24948
    14:40:39.7302693
    vsmon.exe
    1276
    FASTIO_ACQUIRE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS

    24949
    14:40:39.7304742
    vsmon.exe
    1276
    FASTIO_RELEASE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS

    24950
    14:40:39.7305045
    vsmon.exe
    1276
    FASTIO_WRITE
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    FAST IO DISALLOWED
    Offset: 1,671,680, Length: 512
    24951
    14:40:39.7305139
    vsmon.exe
    1276
    IRP_MJ_WRITE
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS
    Offset: 1,671,680, Length: 512
    24952
    14:40:39.7305296
    vsmon.exe
    1276
    FASTIO_ACQUIRE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS

    24953
    14:40:39.7307305
    vsmon.exe
    1276
    FASTIO_RELEASE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS

    24954
    14:40:39.7307607
    vsmon.exe
    1276
    FASTIO_WRITE
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    FAST IO DISALLOWED
    Offset: 282,624, Length: 512
    24955
    14:40:39.7307702
    vsmon.exe
    1276
    IRP_MJ_WRITE
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS
    Offset: 282,624, Length: 512
    24956
    14:40:39.7307855
    vsmon.exe
    1276
    FASTIO_ACQUIRE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS

    24957
    14:40:39.7309910
    vsmon.exe
    1276
    FASTIO_RELEASE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS

    24958
    14:40:39.7310211
    vsmon.exe
    1276
    IRP_MJ_FLUSH_BUFFERS
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS

    24959
    14:40:39.7310312
    vsmon.exe
    1276
    FASTIO_ACQUIRE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS

    24960
    14:40:39.7310543
    vsmon.exe
    1276
    FASTIO_RELEASE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\MADMAC.ldb
    SUCCESS

    25012
    14:40:39.9455825
    System
    4
    FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION
    C:\WINDOWS\system32\**bleep**.dat
    SUCCESS
    SyncType: SyncTypeOther
    25013
    14:40:39.9456389
    System
    4
    FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION
    C:\WINDOWS\system32\**bleep**.dat
    SUCCESS

    25014
    14:40:39.9458711
    System
    4
    FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION
    C:\WINDOWS\Internet Logs\ZALog.txt
    SUCCESS
    SyncType: SyncTypeOther
    25015
    14:40:39.9458985
    System
    4
    FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION
    C:\WINDOWS\Internet Logs\ZALog.txt
    SUCCESS

    25072
    14:40:41.1018882
    vsmon.exe
    1276
    IRP_MJ_CREATE
    C: SUCCESS
    Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
    25073
    14:40:41.1020535
    vsmon.exe
    1276
    IRP_MJ_CLEANUP
    C: SUCCESS

    25074
    14:40:41.1020729
    vsmon.exe
    1276
    IRP_MJ_CLOSE
    C: SUCCESS

    25075
    14:40:41.1021236
    vsmon.exe
    1276
    FASTIO_WRITE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Offset: 0, Length: 8,192
    25076
    14:40:41.1021325
    vsmon.exe
    1276
    FASTIO_CHECK_IF_POSSIBLE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Operation: Write, Offset: 0, Length: 8,192
    25077
    14:40:41.1021751
    vsmon.exe
    1276
    IRP_MJ_FLUSH_BUFFERS
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS

    25078
    14:40:41.1021879
    vsmon.exe
    1276
    FASTIO_ACQUIRE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS

    25079
    14:40:41.1024169
    vsmon.exe
    1276
    FASTIO_RELEASE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS

    25080
    14:40:41.1024317
    vsmon.exe
    1276
    FASTIO_ACQUIRE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS

    25081
    14:40:41.1031638
    vsmon.exe
    1276
    FASTIO_RELEASE_FOR_CC_FLUSH
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS

    25082
    14:40:41.1035577
    vsmon.exe
    1276
    FASTIO_WRITE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Offset: 1,430,528, Length: 512
    25083
    14:40:41.1035668
    vsmon.exe
    1276
    FASTIO_CHECK_IF_POSSIBLE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Operation: Write, Offset: 1,430,528, Length: 512
    25084
    14:40:41.1035972
    vsmon.exe
    1276
    FASTIO_WRITE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Offset: 1,431,040, Length: 512
    25085
    14:40:41.1036047
    vsmon.exe
    1276
    FASTIO_CHECK_IF_POSSIBLE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Operation: Write, Offset: 1,431,040, Length: 512
    25086
    14:40:41.1036299
    vsmon.exe
    1276
    FASTIO_WRITE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Offset: 1,431,552, Length: 512
    25087
    14:40:41.1036372
    vsmon.exe
    1276
    FASTIO_CHECK_IF_POSSIBLE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Operation: Write, Offset: 1,431,552, Length: 512
    25088
    14:40:41.1036620
    vsmon.exe
    1276
    FASTIO_WRITE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Offset: 1,388,544, Length: 512
    25089
    14:40:41.1036695
    vsmon.exe
    1276
    FASTIO_CHECK_IF_POSSIBLE
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS
    Operation: Write, Offset: 1,388,544, Length: 512
    25090
    14:40:41.1036986
    vsmon.exe
    1276
    IRP_MJ_FLUSH_BUFFERS
    C:\WINDOWS\Internet Logs\IAMDB.RDB
    SUCCESS



    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    madusmacus Guest

    Default Well My computer decided to answer this for me : ( Appli...

    Well My computer decided to answer this for me :
    (

    Application popup: vsmon.exe - Application Error : The instruction at "0x4d53565b" referenced memory at "0x4d53565b". The memory could not be "read".
    The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

    I tried so many security packages this was the only one that was 1/2 decent :
    ( now im stuffed

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Well My computer decided to answer this for me : ( Appli...

    Hi!
    try to remove ZASS with clean manual wipe out.

    This way:
    First remove ZASS from add/remove and then:
    01.) Restart your computer
    02.) When you see the screen go black and it starts booting back up keep
    tapping the "F8" key (at the top of your keyboard)
    03.) This should bring up a menu. Choose Safe Mode off the menu by
    using the arrow keys on the keyboard to highlight Safe Mode and press
    Enter
    04.) If you get a message asking to go to Safe Mode, choose Yes. If you
    get a help and support window, close this.
    05.) Once you are at the desktop, Click Start, My Computer
    06.) Click Tools, Folder Options, View Tab
    07.) Place a dot next to "Show Hidden Files and Folders"
    08.) Remove the check from "Hide Protected Operating System Files
    (Recommended)"
    09.) Choose Yes to the warning
    10.) Click OK
    11.) Double click C:

    Note: In the future steps if you do not see any files or folders, please click
    the "Show Files" link to view them.

    12.) Double Click the Program Files Folder
    13.) Right Click the Zone Labs Folder, click Delete, and choose Yes

    NOTE: If you cannot delete the entire folder, please open the Zone Labs -
    > ZoneAlarm folder and delete out as many of the files listed here as
    possible.

    14.) Close this window
    15.) Click Start, My Computer
    16.) Double Click the C:
    17.) Double Click the Windows Folder (It may also be WinNT)
    18.) Right Click the Internet Logs Folder, click Delete, and choose Yes
    19.) Double Click the System32 Folder
    20.) Right Click the Zone Labs Folder, click Delete, and choose Yes

    NOTE: If you cannot delete the entire folder, please open the Zone Labs
    folder and delete out as many of the files listed here as possible.

    21.) Locate and delete the following files in the System32 folder if they are
    present:

    - vsconfig.xml
    - vsxml.dll
    - vsregexp.dll
    - vsdata.dll
    - vsdata95.vxd
    - vsdatant.sys
    - vsmonapi.dll
    - vspubapi.dll
    - vsinit.dll
    - vsutil.dll
    - vswmi.dll
    - zlcommdb.dll
    - zlcomm.dll
    - z llictbl.dat
    - zpeng24.dll

    22.) Clear your Temp Directory per the instructions below.

    - Go to Start -> Run
    - Type %temp% and click OK
    - Select all of these files and delete them

    23.) Clear the Prefetch folder per the instructions below.

    - Go to Start -> Run
    - Type Prefetch and click OK
    - Select all of these files and delete them

    24.) Remove the following registry entries by going to Start -> Run and
    typing in regedit. Use the folders on the left side of the window to navigate
    to the specified directories.

    HKEY_LOCAL_MACHINE\Software\Zone Labs
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\vsmon
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\vsdatant

    *Important Advisory: Deleting registry entries incorrectly may cause
    serious problems to your operating system, which may necessitate the
    need to reinstall it. Please make sure you are able to perform these
    deletions correctly before you decide to edit the entries. If you are not
    sure, you should seek help from someone who is familiar with editing the
    registry.

    For information about how to edit the registry in Windows, from your
    desktop, click Start >> Run >> and type regedit. Click on Help >> Help
    Topics. Under the Contents tab, click Change Keys and Values (this may
    be found under the How to... section).

    Also, you should always make a backup of the registry before editing it.
    You can find this in the same section of the Help files.

    25.) Close this window, then empty your recycle bin.
    26.) Restart the computer.
    27.) Reinstall ZASS

    Then boot your system selectively. Only ZA and standard MS applications

    1.) Click Start -> Run
    2.) Type MSConfig in the run box and click OK
    3.) Once in MSConfig, click the Startup Tab
    4.) Remove the checks from everything except ZLClient
    5.) Click the Services Tab
    6.) Place a check in "Hide All Microsoft Services"
    7.) Now remove checks from everything other than TrueVector Internet
    Monitor, and click OK.
    8.) Restart your computer

    Still the same issues? You need to run it for some hours/days before making I/O tests.

    NOTE: You can place your computer back into a normal startup process by
    going back into msconfig and choosing the Normal Startup option on the
    General tab.

    Also note that ZA staff does not monitor this board, the best is to report the issue to ZA technical support at: www.zonealarm.com/tsform

    Double check your system drivers are up to date and you running XP FULLY patched.

    Cheers,
    Fax

    Message Edited by fax on 06-17-2008 02:39 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    madusmacus Guest

    Default Re: Well My computer decided to answer this for me : ( Appli...

    Thank you for the time taken to reply i will try all of this now

  5. #5
    madusmacus Guest

    Default Re: Well My computer decided to answer this for me : ( Appli...

    Ok thanks for the Clean install idea saddly ZASS is still the most crazy 24/7 disk io every nano second program i have ever seenNo change to the Constant I/O to those files. ZALog.txt , IAMDB.RDB and <mycomputer>.ldb
    I cant see any need for ZASS to do all this :
    (I write software and i would get shot if i had continous Read/Writing to files 24/7ok 1 or 2 a second i can live with but 140,000 reads 48,000 writes in
    5 mins its insane.
    Anyways I might try the beta if i get any feedback in that thread
    Thanks for trying...

    Message Edited by madusmacus on 06-17-2008 08:57 AM

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Well My computer decided to answer this for me : ( Appli...

    Hi!
    did you actually tried by running only ZA and Standard MS services/programs?
    As indicated in the end of my previous post?

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    madusmacus Guest

    Default Re: Well My computer decided to answer this for me : ( Appli...

    Hi :
    )
    I turned off all the rubish in msconfig but had to leave intel matrix raid system stuff
    but... even though i turned off this stuff and i checked after reboot that is was turned off.......Some of it didnt turn off (logitech
    stuff mainly) so i manualy killed all rubiush processes left
    i guess there is more than one way to start up things
    I might use hijack this and removethese things permenanty.but to be honest hothing is running on my system apart from this continous loop of read writes to log and idb filesthis is obvious from the procmon.exe logs
    Many thanks for taking time to help but its gonna be one of them things i think

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Well My computer decided to answer this for me : ( Appli...

    Uuhm..if you are not able to deselect all the non-MS/ZA related stafffrom MSconfig than it will be really difficult to troubleshoot.By the way, Intel storage should be only the monitor driver and boot... so it should work fine also without it(test at your own risk )Cheers,Fax

    Message Edited by fax on 06-17-2008 07:28 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    madusmacus Guest

    Default Re: Well My computer decided to answer this for me : ( Appli...

    I could deselect it but.... the logitech items still appeared in the taskmanager lsit even though i deselected them - (weird) i double checked msconfig had them deslected toooh well - i think i better not mess with tthe raid thing :
    )
    thanks anyways

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Well My computer decided to answer this for me : ( Appli...

    You're welcome!Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •