Dean, basically, nothing is wrong. As long as dirty went away.
.mdmp files are added to files that are sent to Microsoft when something
crashes, in this case Outlook. Part of Windows XP Error Reporting. I
am
not sure on .mdm, probably related to a crash dump files also.
When something crashes you get .dmp files, appcompat.txt files in a
temporary folder.
Error Reporting can be disabled.
Open System Properties...
Start | Run | Type: sysdm.cpl | Click OK |
Advanced tab | Error Reporting button | Check:
Disable Error Reporting | Check: But notify
me when critical errors occur | Click OK | Click Apply | Click OK
Disable Error Reporting
[[Select to disable error reporting. When this option is selected, error
reports will not be generated.]]
But notify me when critical errors occur
[[Select this option to have Windows notify you when a critical error
occurs, even if you have disabled Error Reporting.]]
OUTLOO~1 is the 8.3 or short name for the Outlook Express folder,
usually
C:\PROGRA~1\OUTLOO~1, the long name is C:\Program Files\Outlook Express.
The exe for Outlook Express is msimn.exe. OUTLOOK.EXE is already an 8.3
name.
Usn Journal. Aka $Usnjrnl or Change Journel.
[[Not all NTFS volumes contain a $UsnJrnl file. A $UsnJrnl file is
created on a volume only when a program that uses the file makes the
first write request.]]
SWAG: You have the Indexing Service running or had it running and it
created a change Journel. HIDDEN files; similar to
C:\$extend\$UsnJrnl:$J$DATA.
If you do not use the Indexing Service, which is a real resource hog, it
can be disabled.
Windows XP may run slowly and you may see multiple symptoms in Windows
Task
Manager
http://support.microsoft.com/kb/899869
cisvc.exe = Content Index SerViCe or Indexing service.
cidaemon.exe = Content Indexing service filter Daemon
The Indexing service uses the Cidaemon.exe process to index files. The
Cidaemon.exe process builds and updates the Index catalog.
Indexing Service starts automatically the first time you use Search,
unless it has been disabled.
Turn off the Indexing Service.
Start | Run | Type: services.msc | Click OK |
Scroll down to and double click: Indexing Service |
Click the Stop button | In the Startup Type field,
select Disabled | Click Apply | Click OK
After you restart your machine it will stay disabled.
Indexing Service
[[Indexes contents and properties of files on local and remote
computers;
provides rapid access to files through flexible querying language.]]
[[Indexing service is a small program that hogs HUGE amounts of RAM and
can
often make a computer endlessly loud and noisy. This system process
indexing and updates lists of the files on your system, so you can
search
for them quickly, but it's completely unnecessary.]]
Indexing Service
[[This service always has been a major resource hog. I NEVER recommend
having this service enabled. Remove the function via the "Add / Remove
Programs" icon in the control panel (Windows Setup Programs). It uses
about
500 K to 2 MB in an idle state, not to mention the amount of memory and
CPU
resources it takes to INDEX the drives. I have had people (and witnessed
it
on other people's computers) report to me that the Indexing Service
sometimes starts up EVEN while the system is NOT idle... as in the
middle
of
a game. You may feel, as I do, that this is unacceptable. If your
computer suddenly seems "sluggish," Indexing Service is usually the
cause of it. Safe Setting: Disabled
Service name (registry): cisvc ]]
http://www.blackviper.com/WinXP/service411.htm#Indexing_Service
More than you want to know about Usn Journal, from one of my previous
posts.
What is the significance of this file and the $ prefix?
Files with a dollar sign prefix ($) are usually hidden from the Windows
API
(Application Programming Interface). Like the Master File Table ($mft).
Can I delete it?
I would not. Maybe someone that knows more than I do will advise
differently.
[[NTFS includes several system files, all of which are hidden from view
on the NTFS volume. A system file is one used by the file system to
store its metadata and to implement the file system. System files are
placed on the volume by the Format utility.
$Extend is an NTFS system file. Used for various optional extensions
such as quotas, reparse point data and object identifiers.]]
from...
NTFS System Files
http://www.ntfs.com/ntfs-system-files.htm
[[Not all NTFS volumes contain a $UsnJrnl file. A $UsnJrnl file is
created on a volume only when a program that uses the file makes the
first write request.]]
from..
Error messages when you try to gain access to an NTFS volume
http://support.microsoft.com/kb/311724
$UsnJrnl
[[Update sequence number (USN) change journal, which provides a
persistent log of all changes made to files on the volume. As files,
directories, and other NTFS objects are added, deleted, and modified,
NTFS enters records into the USN change journal, one for each volume on
the computer. Each record indicates the type of change and the object
changed. Programs can consult the USN change journal to determine all
the
modifications made to a set of files. The USN change journal is much
more
efficient than checking time stamps or registering for file
notifications. The USN change journal is enabled and used by the
Indexing Service, File Replication Service (FRS), Remote Installation
Service (RIS), and Remote Storage.]]
from...
ntcmds.chm::/fsutil_usn.htm
What is $Usnjrnl?
[[The Windows 2000 Change Journal is a database that contains a list of
every change made to the files or directories on an NTFS 5.0 volume.
Each
volume has its own Change Journal database that contains records
reflecting
the changes occurring to that volume's files and directories.]]
Keeping an Eye on Your NTFS Drives: the Windows 2000 Change Journal
Explained
http://www.microsoft.com/msj/0999/journal/journal.aspx
SWAG: You have the Indexing Service running or had it running and it
created
C:\$extend\$UsnJrnl:$J$DATA.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Dean <
[email protected]> hunted and pecked:
I'm not sure if it is helpful but here is what was in that event log:
Thanks Wes, and everyone.
Checking file system on C:
The type of the file system is NTFS.
The volume is dirty.
Index entry A0053534.ini of index $I30 in file 0x817a points to unused
file 0x13d63.
Deleting index entry A0053534.ini in index $I30 of file 33146.
Index entry OUTLOOK.EXE.mdmp of index $I30 in file 0x13ac3 points to
unused file 0x13ad9.
Deleting index entry OUTLOOK.EXE.mdmp in index $I30 of file 80579.
Index entry OUTLOO~1.MDM of index $I30 in file 0x13ac3 points to unused
file 0x13ad9.
Deleting index entry OUTLOO~1.MDM in index $I30 of file 80579.
Cleaning up minor inconsistencies on the drive.
Cleaning up 128 unused index entries from index $SII of file 0x9.
Cleaning up 128 unused index entries from index $SDH of file 0x9.
Cleaning up 128 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
78075899 KB total disk space.
66388512 KB in 105802 files.
34368 KB in 7036 indexes.
0 KB in bad sectors.
199855 KB in use by the system.
65536 KB occupied by the log file.
11453164 KB available on disk.
4096 bytes in each allocation unit.
19518974 total allocation units on disk.
2863291 allocation units available on disk.
Internal Info:
90 d8 01 00 d1 b8 01 00 e5 44 02 00 00 00 00 00 .........D......
95 1f 00 00 00 00 00 00 a6 04 00 00 00 00 00 00 ................
42 25 86 12 00 00 00 00 86 45 87 89 00 00 00 00 B%.......E......
66 03 ba 18 00 00 00 00 00 00 00 00 00 00 00 00 f...............
00 00 00 00 00 00 00 00 64 5a 1f b8 00 00 00 00 ........dZ......
b0 ff b1 8e 00 00 00 00 90 38 07 00 4a 9d 01 00 .........8..J...
00 00 00 00 00 80 08 d4 0f 00 00 00 7c 1b 00 00 ............|...
Windows has finished checking your disk.
Please wait while your computer restarts.
For more information, see Help and Support Center at
Sorry, I thought that I posted that.
For a look at the chkdsk log.
Open the Event Viewer...
Start | Run | Type: eventvwr | Click OK |
Look in Application | Listed as Information |
Event ID: 1001
Source: Winlogon
[[Description: This includes file system type; drive letter or GUID,
and volume name or serial number to help determine what volume Chkdsk
ran against. Also included is whether Chkdsk ran because a user
scheduled it
or
because the dirty bit was set.]]
[[When Autochk runs against a volume at boot time it records its
output
to a
file called Bootex.log in the root of the volume being checked. The
Winlogon
service then moves the contents of each Bootex.log file to the
Application Event log.]]
[[This file states whether Chkdsk encountered any errors and, if so,
whether they were fixed.]]
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Dean <
[email protected]> hunted and pecked:
I don't know where to find the chkdsk log, but I did copy down the 3
things that showed up as being deleted - all 3 were indexes and two
were outlook, as I mentioned before.
Yes, you were right. I was typing it into the run box. When I do it
right it says Volume C is NOT dirty. So, I am fine now? I think you
are also saying chkdsk does not fix these errors (though I thought I
read otherwise in one of the links one of the other posters
supplied).
If so, I assume that something fixed the errors, assuming these 3
deleted indexes were "errors".
Thanks, Wes!
Dean
Hi Dean,
If chkdsk ran and the volume is no longer dirty then there is no
problem.
Did you type or paste fsutil dirty query C: into a command
prompt
or into the Run command? I think you typed it into the Run command.
Start
Run is the Run command.
Paste the following line into Start | Run and click OK...
cmd /K fsutil dirty query C:
Did a command prompt open and stay open? Look a the very first
line;
Volume - C: is....
To open a command prompt, click Start, click Run, type: cmd into
the Open box and click OK.
Then type: fsutil dirty query C: and hit your Enter key.
------------
In the chkdsk log if you see something similar to this...
Cleaning up 10 unused index entries from index $SII of file 0x9.
Cleaning up 10 unused index entries from index $SDH of file 0x9.
[[Chkdsk.exe just reclaims the unused security descriptors as a
housekeeping
activity, and it does not actually fix any kind of problem. ]]
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Dean <
[email protected]> hunted and pecked:
Thanks, Wes.
I tried both of the commands to see if it was still dirty though,
from
what I can figure out, chkdsk is supposed to have fixed it, I
think.
Unfortunately, with either command, the screen popped up and
disappeared
almost instantaneously, with no time to read it at all. Is there a
way to
alter the command so that the result stays in the command dos
prompt
box
so I can read it?
Your info plus all the links sent by others was a little more info
than I could process. I can't really tell from reading them if I
should expect I
have any problem now. More generally, I did reboot, after using
the
computer for a couple of hours with no problem, and the reboot was
fine too. Is there really any reason to be concerned about the hard
disk being almost dead or anything? Also Outlook seems fine and
two
of the three deleted indexes were associated with Outlook The
other
index deleted was A0053534.ini, in case that means anything to
anyone - a Google search with
that got zero hits.
Thanks so much.
Dean
Check Disk runs on every boot.
Open a command prompt...
Start | Run | Type: cmd | Click OK |
Type or paste the following line:
chkntfs /d
Hit the Enter key.
Chkntfs displays or modifies the checking of disks at boot time.
The /d switch restores the machine to the default behavior; all
drives are checked at boot time and chkdsk is run on those that
are
dirty. Autochk.exe is a version of Chkdsk that runs only before
Windows XP
starts. Autochk runs in the following situations:
Autochk runs if you try to run Chkdsk on the boot volume.
Autochk runs if Chkdsk cannot gain exclusive use of the volume.
Autochk runs if the volume is flagged as dirty.
This can happen if the drive's dirty bit is set.
When a drive's dirty bit is set, autochk automatically
checks the volume for errors the next time the computer is
restarted.
This will report whether the dirty bit is set.
Start | Run | Type: cmd | Click OK |
Type or paste the following line:
fsutil dirty query C:
Hit the Enter key.
Volume C: is not dirty
Volume C: is dirty
<quote>
If a volume's dirty bit is set, this indicates that the file
system
may
be in an inconsistent state. The dirty bit can be set because the
volume is online and has outstanding changes, because changes were
made to the volume
and the computer shutdown before the changes were committed to
disk, or
because corruption was detected on the volume. If the dirty bit is
set when
the computer restarts, chkdsk runs to verify the consistency of
the
volume.
Every time Windows XP starts, Autochk.exe is called by the Kernel
to scan
all volumes to check if the volume dirty bit is set. If the dirty
bit
is set, autochk performs an immediate chkdsk /f on that volume.
Chkdsk /f verifies file system integrity and attempts to fix any
problems with the volume
<quote>
-----
This will also report whether the dirty bit is set.
Start | Run | Type: cmd | Click OK |
Type or paste the following line:
chkntfs c:
Hit the Enter key.
C: is not dirty.
-----
If this is not the problem.....
Go here:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Read the instructions at the top of the page.
Scroll down to:
82. Disable or Enable Check Disk Upon Boot
Click on Disable.
-----
Additional information...
Chkdsk.exe or Autochk.exe starts when you try to shut down or
restart
your computer
http://support.microsoft.com/kb/831426
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Dean <
[email protected]> hunted and pecked:
This morning, I turned on my computer and, before I knew it, it
was doing a 5- minute chkdsk, saying my file system is NTFS and
the "volume is dirty". It deleted three indexes, one of which was
in Outlook.exe. I
have more details of index and file #'s if anyone wants them.
I don't recall that chkdsk is something one expects upon booting.
Though everything seems fine, I am curious why this happened. Is
this
just some sort of automatic maintenance when XP detects a problem
while trying to boot up?
Thanks!
Dean
