"c:\windows\system32\defrag.exe" trying to launch

[gkweb]

Hi,

today, Process Guard has asked me if i wanted to allow 'defrag.exe' to run.
Since it has never asked me that and since i use DiskKeeper and not the M$ defragmenter, i have answered "block always".
And thx to that, i see from time to time defrag.exe blocked from running.

First thing we can think of is the scheduler (service enabled indeed) but only the NAV 'NetDetect" task is listed there.

I have not allowed nor installed something lately, my AV and TDS3 are up to date, and i'm really confident that my system is clean (i do not use P2P currently too).
But now i'm thinking, i have installed the lastest Microsoft critical updates, can it be the cause ? where a modification has been made, and how to remove it ?
(no new entries listed in msconfig, no new service enabled).

My defrag.exe file information :

Size : 69Ko
MD5 : BF888C41662F03FFA8242E912513C975

on Windows XP Pro + SP1

Any idea ?

[Oremina]

Hi gkweb

My PG also informs me on occasion that defrag.exe wants to run, even though I do not use the Windows defragmenter as I use Norton Systemworks 2002 Optimizer and have always found that works well.

My understanding (and I am far from being as expert as you) is that XP likes, on occasion (Iwas told about every 3 days or so), to do a bit of "housekeeping", which includes a bit of windows defragmentation. I was told this by a "pro" who said that if windows is quiet, every now and then it will try and do a bit of "housekeeping". My PC is also clean and seeing the defrag.exe is, I believe, perfectly normal. No doubt more knowledgeable people than I may have something to say......But for the moment I do not worry and give it "Allow".

(By the way gk, have d/l the latest v1.2 of your wwdc - nice bit of kit).

Regards

[gkweb]

Thanks for your input Oremina.

However, as i said, XP has never tried to do that, even when i let it idle for hours (but i have disabled a ton of things on XP, may be due to that).
That's why too i'm thinking to Windows updates which often enable again things which are disabled, but i can't find where the modification was done.

Quote:

(By the way gk, have d/l the latest v1.2 of your wwdc - nice bit of kit).

Thanks you

[Oremina]

Hi again gkweb

Have just checked my Program Checksums and in fact I have two System 32 exe's concerning defragmentation:- defrag.exe and dfrgntfs.exe. In my case they both ran at exactly the same time yesterday, so it is my belief that they are perfectly normal... (j'espere)..

a bientot

[Pilli]

Hi GK, I noticed this on my previous installation of XP Pro, today I have done all the updates etc to my new installation and have not noticed the defrag as yet.
What I did notice before this new install was that I had SystemSuite installed and the silent defrag started after that installation.
I have a feeling that all third party defrag programmes use XP's defrag utilities in some way and that they use it to quietly clean up in the backround thus making their software appear more efficient than XP's basic Defrag.

Only guessing - Pilli

[Peter2150]

Check your "Scheduled Tasks" and make sure there is nothing there. On my XP pro, I have never seen this.

Pete

[gkweb]

As stated in my first post, i don't see anything related in my scheduled task, see attachment.

@Pilli
Diskeeper service is not started automatically at startup so can't do anything, and there is no new entries in registry run area.
Moreover, i use DK since a month now and it has never done that.

I highly suspect windows update, but even if it is that, where and how the schedule is set without i can see anything on my system ?

Quote:

15 Apr 14:20:41 - [EXECUTION] c:\windows\system32\defrag.exe with commandline "c:\windows\system32\defrag.exe" -p 2f4 -s 00000578 -b c: was BLOCKED from running

EDIT :
still, my feature request to be able to see the _parent_ application is valuable

[Tassie_Devils]

Hi gkweb.

I also checked mine, but in my case I have 3 instances of defrag.exe and 3 of dfrgntfs.exe

defrag.exe same size as yours 69kb.

But checksums differ. XP PRO SP1 + latest WU's.

The file <C:\WINDOWS\system32\defrag.exe> has the following Checksum(s)

MD2 - 590B1B7AFFAA0BE20BF6A74D18E3E69F
MD4 - 66CDDE01B8BE51723EFDC849A926B015
MD5 - 403363410418F65199E0B57E23EA5958

See pic where they all live.

Cheers, TAS

[gkweb]

Mine too is dated from 08 29 2002 (29 august 2002) and the file size is the same (as in your screenshot).

For the MD5 difference, may be it's because i have a french OS ?
A single differente letter or word and the whole MD5 fingerprint changes.

Now, i think the file is legitimate (however i can send it to someone who would want it for analyse) but i'm still a bit disapointed to not find how the file has magically tried to start by two time now.

May be i should let run SSM temporarly to know which is the parent launching it.

[Oremina]

Hi again gkweb

Possibly your MD5 differs bcause it is french OS. I have checked mine and it agrees with that of Tassie_Devils...

My own set up of XP HE is and always has been religiously updated. I updated it yesterday with the lastest 5 updates. But... defrag.exe and dfrgntfs.exe were running before that... I first noticed it on my PC a day or so after installing PG.

I am sure that it has always been running, at least every few days and I only noticed it because of PG.

It is definitely not a Schedule Task thing.

Sante

[Peter2150]

Hi GKWEB

That is really bizarre. I looked and the two windows defrag programs weren't in my checksum list, so just to confirm, I tried to run the windows defrag, and sure enough it was challenged by Process Guard. So clearly they haven't been run on this machine.

Pete

[TheQuest]

Hi, gkweb

Nice to see back, have not seen you for a week or so.

Had the same thing as You and the other people with defrag and dfrgntfs, I though it might be NOD32 as it defrag's it logs every 30 or what is set, so I turn it off and still and the same.

But the are a part of WindowsXP.
Two Image's [Two Post]:-

TheQuest

[TheQuest]

Hi, Post two

TheQuest

[gkweb]

I don't have NOD32 installed, but i'm still searching :-/

[linney]

Disk Efficiency Optimizations.

The physical placement, or layout, of files on the disk can have a considerable effect on performance, up to 10% for normal use.

Windows XP observes file usage patterns as the system is used. If deemed necessary, Windows XP will adjust the file layout at three day intervals. By placing files that are referenced together near each other on the disk, and towards the more dense outer edge of the disk, seek distances are reduced which results in shorter seek times and improved performance. The performance benefit of placing files becomes increasing important as the size of the disk increases.

The files moved for more efficient layout are also kept contiguous. Windows XP does not intentionally fragment files as was done by some earlier versions of Windows.
Even though the disk layout optimization does insure some files will be defragmented, it is not a complete substitute for fully defragmenting the disk. Users should still defragment their drives regularly. The built-in Windows XP defragmentation program
understands the file layout directives and will position the files if they aren't already placed properly. However, it will not update the layout file with new information gathered in the last three days. Without manual intervention, the layout file,
%windir%\Prefetch\Layout.ini, will only be updated once every three days. The contents of the Layout.ini file can be viewed with Notepad.

http://www.microsoft.com/whdc/hwdev/...benchmark.mspx

[gkweb]

so it could be since i have enabled the prefetch ?

i'll try to disable it so to see

thanks you