When virtual memory is enabled, Windows insists on putting pagefile.sys on my D: drive, even though it is configured to go to C:. I have reason to believe there is a phantom pagefile.sys on the C drive, which may be causing this behavior.
So my essential questions are:
- Is there a tool for doing fairly low level NTFS directory cleanup?
- Is there something else that can be causing this?
- Permissions on C: not allowing system to write pagefile.sys in the root directory. I've ruled this out by inspecting the permissions.
- C: drive too fragmented to host pagefile.sys. I've used the windows defragmenter and JK Defrag to make this much, much better. There are vast clear openings on the C: drive now.
- C: drive corrupted. chkdsk has run automatically a few times recently leaving some "found" files and folders. Also, the JK Defrag log is reporting the existence of a C:pagefile.sys when it is not visible using Windows Explorer nor the DOS "dir" command.
Here are lots of additional details.
Problem Description and Illustration
The following windows illustrate the system with Virtual Memory disabled:
No pagefile.sys on C:, as expected
No pagefile.sys on D:, as expected
Turning on Virtual Memory looks like this (note size is restricted to 500 MB, more on that later):
After a reboot the Virtual Memory config looks like this:
Notice how the memory amount is incorrect (850 MB actual vs. 500 MB configured).
And, there is no pagefile.sys on C:
But there is a pagefile.sys on D:!
That illustrates the problem in a nutshell. I have repeated this behavior multiple times with multiple defrags.
But how did we get to this point?
Over this holiday break, I've been doing a lot of stuff on my laptop: Copied lots of files to a new external hard drive, used Media Monkey to catalog about 32 GB of music files, installed Exact Audio Copy and LAME to rip some CDs, etc.
Among all this, I also broke down and installed Windows XP Service Pack 3. That installation seemed to go OK. After the SP3 update was complete, Windows Update had me install the following additional updates:
- Broadcom - Network - Broadcom 802.11b/g WLAN
- Root Certificates Update
- Hewlett-Packard - Other hardware - HP Quick Launch Buttons
- Synaptics - Input - Synaptics PS/2 Port TouchPad
- CXT - Modems - HDAUDIO Soft Data Fax Modem with SmartCP
- Windows Genuine Advantage Validation Tool (KB892130)
- Update for Windows XP (KB951978)
- Security Update for Windows XP (KB954459)
At some point during or shortly after installing these updates and other software, the system started reporting that my D: drive was running low on space. But the D: drive is HP/Compaq's "recovery" partition, so nothing should be getting added to it. A quick look revealed that there was a pagefile.sys in the root directory, and it was large enough to leave just 32MB free on the partition.
Previous to all of this, I was getting errors loading the nVidia Systray applet libraries nvmctray.dll and nvcpl.dll. I believe this started after I loaded one of the following updates:
- Security Update for Internet Explorer 7 for Windows XP (KB960714)
- Security Update for Windows XP Service Pack 2 (KB952069)
- Update for Windows XP (KB955839)
- Cumulative Security Update for Internet Explorer 7 for Windows XP (KB958215)
- Windows Malicious Software Removal Tool - December 2008 (KB890830)
- Security Update for Windows XP (KB954600)
- Security Update for Windows XP (KB956802)
Here is the system summary as reported by msinfo32 when virtual memory is turned on and the problem is present. This is a Media Center PC. I'm not sure why it calls itself XP Pro, but it's always done it:
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name CRAIG-LAPTOP3
System Manufacturer Hewlett-Packard
System Model Presario V6000 (RG293UA#ABA)
System Type X86-based PC
Processor x86 Family 15 Model 72 Stepping 2 AuthenticAMD ~1607 Mhz
BIOS Version/Date Hewlett-Packard F.3D, 11/22/2007
SMBIOS Version 2.4
Windows Directory C:WINDOWS
System Directory C:WINDOWSsystem32
Boot Device DeviceHarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name CRAIG-LAPTOP3Craig Bosworth
Time Zone Pacific Standard Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 246.19 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.68 GB
Page File D:pagefile.sys
I've done lots of things in the last couple of days trying to solve this. Here is a list as best as I can remember:
- Got all latest Windows Updates
- Got nVidia drivers from HP web site, then updated with Windows update
- Several cycles of: Disable virtual memory, reboot into safe, delete D:pagefile.sys, defrag with JK Defrag, reboot, enable VM, reboot. One or two of these cycles was with Windows defrag and no safe mode. I also used PageDefrag at least once
- Tested the physical hard drive with Seagate SeaTools for DOS. SMART, Short, and Long tests all passed.
- At least once ran "Check Local Disk" on reboot
The first root cause I considered was whether the C: drive, which is NTFS, had somehow had its permissions restricted such that the system couldn't write a C:pagefile.sys.
Here is a screen grab of the current permissions:
As you can see, Administrator, Administrators and System all have Full Control access to C:. So I think this is not the cause of the problem.
The second root cause I considered was that the disk might be too fragmented for pagefile.sys to be written. After several cycles with JK Defrag and Windows defrag, some in Safe Mode, here is what the disk looks like now:
There should be more than enough defragmented clear space there.
The third root cause I am considering is some kind of disk corruption. There are two reasons I haven't ruled this out.
First, chkdsk has produced the a C:found.000 folder on the C drive which contains three subfolders containing the following files:
A0095555.dll - User CSA Library version 5.3.2600.2180
dpmodemx.dll - Modem and Serial Connection For DirectPlay version 5.3.2600.2180
dpnaddr.dll - Microsoft DirectPlay8 Address 5.3.2600.2180
spuninst.exe - Windows Service Pack Uninstall version 126.96.36.199
spuninst.inf - Hotfix for Windows XP (KB952287)
updspapi.dll - Windows Servicing Setup API version 188.8.131.52
I don't know how those files could be related to this behavior, but the fact they are there is troubling.
Second, the log file from JK Defrag includes the following:
14:10:21 The 25 largest items on disk:
14:10:21 Fragments Bytes Clusters Name
14:10:21 1 1560281088 380928 C:pagefile.sys
This C:pagefile.sys file is not visible in Windows Explorer nor does it appear when I run the DOS "dir" command. I am at a loss as to how JK Defrag is seeing it or how to make it go away.
That's about all the data I have on this right now.
My best guess at this point is that a corrupt c:pagefile.sys directory entry is preventing the system from writing a new c:pagefile.sys. If there were a way to look at and clean out that entry, I might have a chance to fix this.
I'd be delighted to collect and post any additional information that might be helpful.
Thanks in advance for any assistance.