Vista 64 too many disk access: Lsass.exe & mcmscsvc.exe

P

pippocalo

New Member
I did read much about this problem ...also in this very very good forum.
But all the solutions suggested is not good for me.

I did tried to stop every Vista services that are not important and also try to stop by "task manager" services by services , but nothing help.
Also auto-insert notification of CD/DVD was disables, system restore, superfetch, indexing, search and many others.
Antivirus disabled services by services excluding core of Mcafee.
Disinstalling Mcafee is very intrusive action as you know.

My sistem is a Core i-7 920 asus p6t 6 Gb ram Vista 64 ultimate

The problem is : after one mounth from the installation vista is always trashing HD (C: where is S.O.) ; led is flashing every seconds.

I Did used two utilities to monitor what happens when the PC is idle:

1- the utility of Vista in task manager to observe all the access to HD. This utility shows continuos writing of these two file $MFT and $LOGFILE

2 - Another external utility I don't remeber name but was suggested also in this forum ....i suppose procmon or similar able to trace every action of CPU
In these case two program take 98% of activity whene the PC is idle :

LSASS
this program execute a sort of loop in the registry...this is one of the key involved
HKLM/software/policy/secdesc/....

and
MCMSCSVC.EXE from Mcafee that write in another part of registry.

I did tried to stop this componet of Mcafee Total protection, but .....
MCMSCSVC disappears but the activity was taken by "SERVICES.EXE" (always on registry).
If you re-enable MCMSCSVC.EXE SERVICES.EXE disappear.

Someone can help me to understand?

Thanks in advance

Pippo
 

My Computer

System One

If I understand correctly, your computer is constantly writing to the hard drive, and your hard drive activity light is constantly blinking. By trashing, do you mean the hard drive is no longer working, getting corrupted, or is getting filled up with garbage?

- i'm assuming you have done this, but have you scanned your drive with your virus scanner?

- please install malwarebytes and run this.

Was anything discovered?

You could temporarily disable indexing to see if this is what is writing when system is idle?

The process lsass.exe serves as the Local Security Authentication Server by Microsoft, Inc. It is responsible for the enforcement of the security policy within the operating system. This process checks whether a user’s supplied identification is valid or not whenever he or she tries to access the computer system.

mcmscsvc.exe is a User Management Application\r from McAfee, Inc.\r belonging to McAfee SecurityCenter\r
 

My Computer

System One

  • Manufacturer/Model
    Custom
    CPU
    AMD AM2 6000+
    Motherboard
    Nvidia M2N-E SLI
    Graphics Card(s)
    GeForce 7600GT
    Screen Resolution
    1280x1024
    Hard Drives
    WD
    Case
    Cooler Master
    Cooling
    Three fans
    Keyboard
    Dell Quietkey
    Mouse
    Dell Optical
    Internet Speed
    10 MBPS
Lemur
first of all, thanks for answer.
Excuse me for my bad english.
My HD is new and good at the moment. I did scan for virus with internal MCafee, with an external antivirus and antispyware. I also did scan it with scandisk: no problem.

I am afraid for the future of the hd due to this costant activity.

Indexing, like many many other services, was been disable. All that you can read in the tip & tricks for vista was been experimented but nothing help to eliminate this continuos blinking of led of HD

For the two process thanks for the explanation, i did read something of similar, But the problem remain....
Why this two application is continuos working?

P.S.
other information

1 - i try to start in safe mode; the problem is the same
2 - I disconnet lan cable: no change
3 - after 30 minutes the system go in Hybernate status without problem at the re-start; in other word the continuos activity is not able to keep alive the PC against power related policies
 

My Computer

System One

Pip,
You English is a million times better than my ... um ... what is your native language?

I should have asked this earlier, but do you have SP2 installed?
 

My Computer

System One

  • Manufacturer/Model
    Custom
    CPU
    AMD AM2 6000+
    Motherboard
    Nvidia M2N-E SLI
    Graphics Card(s)
    GeForce 7600GT
    Screen Resolution
    1280x1024
    Hard Drives
    WD
    Case
    Cooler Master
    Cooling
    Three fans
    Keyboard
    Dell Quietkey
    Mouse
    Dell Optical
    Internet Speed
    10 MBPS
Let's try the following fix and see if it clears up the problem.
First, let's create a restore point. If there are any problems, we can always load this restore point to erase any changes.
(from: How to back up and restore the registry in Windows)

  • Click Start orb.
  • Type systempropertiesprotection in the Start Search box, and then press ENTER.
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Wait for Windows to search for available disks and most recent restore points.
  • In the System Properties dialog box, on the System Protection tab, click Create.
  • Type a name for the restore point and then click Create.
  • After the restore point has been created successfully, click OK two times.

On this next group of instructions, we are going to change a value in the registry to stop the lastalive0.dat and lastalive1.dat from writing to the event log, thus the following disclaimer:
Modifying REGISTRY settings incorrectly can cause serious problems that may prevent your computer from booting properly. Microsoft cannot guarantee that any problems resulting from the configuring of REGISTRY settings can be solved. Modifications of these settings are at your own risk.


  • Click the Start orb.
  • Type regedit in the Start Search box and press ENTER.
  • Navigate to the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability

  • Double click on TimeStampInterval on the right side of window. Change the value to 0. (that's a zero not an O)
  • Click the x on the corner of the regedit window to close it.
  • Restart your computer.


Check your lights. Any better? If not, or only slightly, move on to this...

Follow the steps below to place your computer in “clean boot”

  • Click the Start orb on your Desktop
  • Type msconfig in the Start Search box, and then press ENTER.


If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.

  • On the General tab, click Selective Startup.
  • Under Selective Startup, click to clear the Load Startup Items check box.
  • Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.
  • Click OK.


When you are prompted, click Restart.


When the desktop loads, check for disk activity again.

If this does resolve the issue, then see the following Microsoft Article on “Clean boot” and the section “How to determine what is causing the problem” to determine which program or service maybe causing the issue.

http://support.microsoft.com/kb/331796
How to set your computer back, to boot normal:

  • Click the Start orb on your Desktop
  • In the Start Search box. Type msconfig, and then press ENTER.

If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.

Click the General tab.

  • Click Normal Startup - load all device drivers and services, and then click OK.
  • When you are prompted, click Restart to restart the computer.
 

My Computer

System One

  • Manufacturer/Model
    Custom
    CPU
    AMD AM2 6000+
    Motherboard
    Nvidia M2N-E SLI
    Graphics Card(s)
    GeForce 7600GT
    Screen Resolution
    1280x1024
    Hard Drives
    WD
    Case
    Cooler Master
    Cooling
    Three fans
    Keyboard
    Dell Quietkey
    Mouse
    Dell Optical
    Internet Speed
    10 MBPS
Lemur

your answer is very big; i will need a week-end to follow your suggestions.:D

However:

- I am italian
- I did never write of this problem before here; but there is many 3D similar in this forum

some little informations and questions.

1 -I have restore function disabled; so i can back-up registry for restoring. Is it enough a back-up of regisytry? or perhaps i can made an image of hard disk....
yes I think it is the best solution.... an image on an external HD.

2 - why do you speak about lastalive1.dat and lastalive0.dat writing? i see only lastalive0.dat...and seem a file written o continuously modified by "svchost.exe"; and not seem like the principal reason for flashing lamp of my HD. Only a few bytes ....respect the other file & process that i did indicated: $MFT e $LOGFILE the files where is more high the activity and LSASS and mcnasvc.exe the process that use the most of time of CPU...also if it is a very low CPU load

3 - I already tried to stop every service (non Microsoft) with the exclusion of Mcafeecore that is impossible to stop. No results...only some crashes of My PC when i stop a wrong service.

However thanks very much for your answer; i will try your suggestions, i will try to eradicate Mcafee.....and other thinghs. If i will find some intresting things i will inform you and the forum

Bye
 

My Computer

System One

Buona fortuna. Riuscirete!
 

My Computer

System One

  • Manufacturer/Model
    Custom
    CPU
    AMD AM2 6000+
    Motherboard
    Nvidia M2N-E SLI
    Graphics Card(s)
    GeForce 7600GT
    Screen Resolution
    1280x1024
    Hard Drives
    WD
    Case
    Cooler Master
    Cooling
    Three fans
    Keyboard
    Dell Quietkey
    Mouse
    Dell Optical
    Internet Speed
    10 MBPS
Lemur,

very good , due to your suggestion i remove the first little part of problem.

TimeStampInterval was at "1" and I change to "0".

Now the writing about lastalive0.dat did disappeared.

But this is a little part of the problem. The HD works again

I repeat that LSASS is the biggger part of problem

LSASS continues to write with pid 800 in this path
HKLM/software/policy/secdesc/....
path that it is not party of principal registry of windows


in addition there is MCMSCSVC.EXE from Mcafee that write in another part of registry.
The path more used is
HKLM\SOFTWARE\Wow6432Node\McAfee\MNA\Settings
or also
HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind

I did tried, another time, to stop this componet of Mcafee Total protection, but...another time .....
MCMSCSVC disappears but the activity was taken by "SERVICES.EXE" (always on registry).
If you re-enable MCMSCSVC.EXE SERVICES.EXE disappear.

Bye and good week-end
 

My Computer

System One

My Computer

System One

  • Operating System
    Win 10 Pro x64 x 2
    Manufacturer/Model
    Alienware ALX x58
    CPU
    Intel® Core™ i7-975 Extreme O/C to 4.02 GHz, 8MB Cache
    Motherboard
    Asus® P6T Deluxe V2 X58 LGA1366
    Memory
    24GB Corsair Vengeance DDR3 SDRAM at 1600MHz - 6 x 4096MB
    Graphics Card(s)
    1792 MB NVIDIA® GeForce® GTX 295 Dual Core
    Sound Card
    Onboard Soundmax® High-Definition 7.1 Performance Audio
    Monitor(s) Displays
    Samsung XL2370 HD LED backlit 23" W/S 2ms response time
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 x 500gb SATA II
    1 x 1TB SATA II
    1 external eSATA LaCie 3TB
    (Non-RAID)
    PSU
    Alienware® 1200 Watt Multi-GPU
    Case
    Unique
    Cooling
    4 case fans @ CPU water cooling.
    Internet Speed
    1gb/s up and down
I've been having the same problem, lsass thrashes my disk constantly. I'm a developer and it is really interfereing with my work. Sometimes my machine grinds to a hault. I have disabled prefetch, indexing, etc., but lsass keeps grinding my hard drives. I checked with Norton Security program to see if my lsass is the "Sasser" virus, but no virus was found.
I have Win7 on order, so I don't know how much time I'm willing to waste on this, but just in case, has anyone found a solution to this problem?

Thanks in advance!
 

My Computer

System One

  • CPU
    Quad Core, 2.6GHz
    Motherboard
    Asus
    Memory
    4 Gig
    Graphics Card(s)
    nVidia 8500
    Internet Speed
    100 Mb/s (microwave to fiber)
hmoazed said:
I've been having the same problem, lsass thrashes my disk constantly.

Thanks in advance!
Click to expand...

I read somewhere that by disabling Windows defender this should stop... Give it a go and post results
 

My Computer

System One

  • CPU
    Q6600
    Motherboard
    MSI P36 NEO2
    Memory
    4GB 5-5-5-12
    Graphics Card(s)
    8800GTS 512Mb Overclocked
    Sound Card
    5.1 surround sound
    Hard Drives
    500Gb Samsung SATAII XP
    500GB Samsung SATAII
    PSU
    1000W CoolerMaster power supply
    Case
    CoolerMaster Cosmos 1000 case
    Cooling
    120mm ThermalTake Big Typhoon CPU cooler, 3 x 120mm exhaust
    Keyboard
    Wireless Keyboard and mouse 3000
    Other Info
    1TB WD My Book Office edition external drive x 2, Dual layer LG DVD-Rom burner,
    15 in 1 card reader
    Triple boot: XP, Vista Ultimate 64 and Windows 7 Ultimate 64
You must log in or register to reply here.
Back
Top