Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Alternate Data Streams in NTFS on Win2K Pro computer

Status
Not open for further replies.
ShankarJ

ShankarJ

Programmer
Aug 9, 2003
856
Recently I noticed that the File Open & Save dialogs became very slow on my machine. I have Norton AntiSpyware (NIS) & Microsoft AntiSpyware on my machine for online protection. I have scanned my hard disks with these as well as
Ad-Aware, Spybot, Spyware Doctor & Spy Sweeper. All have come with a negative result with regards to a virus/spyware/adware/malware on my machine (AMD Athlon 3200+ 1GB RAM 2x80GB HDD - Win2K Pro). I have also defragmented using Perfect Disk from raxco.com.

Since the problem has not gone away, I loaded File Monitor from System Internals to check what's happenning when the directory is being scanned before the dialog appear. I noticed that other than the original file some other
Alternate Data Streams (information/sub-file) is also attempted to be opened. Given below is a File Monitor log for one of file being scanned. Note the FILE NOT FOUND errors on the :$DATA open's.

99 10:30:13 PM wincmp3.exe:1568 QUERY INFORMATION C:\FG\mina\nl\ACC_TRF.CLA SUCCESS FileStreamInformation
100 10:30:13 PM wincmp3.exe:1568 QUERY INFORMATION C:\FG\mina\nl\ACC_TRF.CLA SUCCESS FileBasicInformation
101 10:30:13 PM wincmp3.exe:1568 READ C:\FG\mina\nl\ACC_TRF.CLA SUCCESS Offset: 0 Length: 24
102 10:30:13 PM wincmp3.exe:1568 READ C:\FG\mina\nl\ACC_TRF.CLA SUCCESS Offset: 0 Length: 4096
103 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA:Raec25ph4sudbf0hAaq5ehw3Nf:$DATA FILE NOT FOUND
Options: Open Access: All
104 10:30:13 PM wincmp3.exe:1568 CLOSE C:\FG\mina\nl\ACC_TRF.CLA SUCCESS
105 10:30:13 PM wincmp3.exe:1568 OPEN C:\FG\mina\nl\ACC_TRF.CLA SUCCESS
Options: Open Access: All
106 10:30:13 PM wincmp3.exe:1568 OPEN C:\ SUCCESS Options: Open Directory Access: All
107 10:30:13 PM wincmp3.exe:1568 DIRECTORY C:\ SUCCESS FileDirectoryInformation: FG
108 10:30:13 PM wincmp3.exe:1568 CLOSE C:\ SUCCESS
109 10:30:13 PM wincmp3.exe:1568 OPEN C:\FG\ SUCCESS Options: Open Directory Access: All
110 10:30:13 PM wincmp3.exe:1568 DIRECTORY C:\FG\ SUCCESS FileDirectoryInformation: mina
111 10:30:13 PM wincmp3.exe:1568 CLOSE C:\FG\ SUCCESS
112 10:30:13 PM wincmp3.exe:1568 OPEN C:\FG\mina\ SUCCESS Options: Open
Directory Access: All
113 10:30:13 PM wincmp3.exe:1568 DIRECTORY C:\FG\mina\ SUCCESS
FileDirectoryInformation: nl
114 10:30:13 PM wincmp3.exe:1568 CLOSE C:\FG\mina\ SUCCESS
115 10:30:13 PM wincmp3.exe:1568 OPEN C:\FG\mina\nl\ SUCCESS Options: Open
Directory Access: All
116 10:30:13 PM wincmp3.exe:1568 DIRECTORY C:\FG\mina\nl\ SUCCESS
FileDirectoryInformation: ACC_TRF.CLA
117 10:30:13 PM wincmp3.exe:1568 CLOSE C:\FG\mina\nl\ SUCCESS
118 10:30:13 PM wincmp3.exe:1568 QUERY INFORMATION C:\FG\mina\nl\ACC_TRF.CLA
SUCCESS FileStreamInformation
119 10:30:13 PM wincmp3.exe:1568 QUERY INFORMATION C:\FG\mina\nl\ACC_TRF.CLA
SUCCESS FileBasicInformation
120 10:30:13 PM wincmp3.exe:1568 READ C:\FG\mina\nl\ACC_TRF.CLA SUCCESS
Offset: 0 Length: 24
121 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA:Raec25ph4sudbf0hAaq5ehw3Nf:$DATA FILE NOT FOUND
Options: Open Access: All
122 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}:$DATA FILE
NOT FOUND Options: Open Access: All
123 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:SummaryInformation:$DATA FILE NOT FOUND Options:
Open Access: All
124 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:Docf_SummaryInformation:$DATA FILE NOT FOUND
Options: Open Access: All
125 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:SummaryInformation:$DATA FILE NOT FOUND Options:
Open Access: All
126 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:Docf_SummaryInformation:$DATA FILE NOT FOUND
Options: Open Access: All
127 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:SummaryInformation:$DATA FILE NOT FOUND Options:
Open Access: All
128 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:Docf_SummaryInformation:$DATA FILE NOT FOUND
Options: Open Access: All
129 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:DocumentSummaryInformation:$DATA FILE NOT FOUND
Options: Open Access: All
130 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:Docf_DocumentSummaryInformation:$DATA FILE NOT
FOUND Options: Open Access: All
131 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:SummaryInformation:$DATA FILE NOT FOUND Options:
Open Access: All
132 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:Docf_SummaryInformation:$DATA FILE NOT FOUND
Options: Open Access: All
133 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:SummaryInformation:$DATA FILE NOT FOUND Options:
Open Access: All
134 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:Docf_SummaryInformation:$DATA FILE NOT FOUND
Options: Open Access: All
135 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:SebiesnrMkudrfcoIaamtykdDa:$DATA FILE NOT FOUND
Options: Open Access: All
136 10:30:13 PM wincmp3.exe:1568 OPEN
C:\FG\mina\nl\ACC_TRF.CLA\:Docf_SebiesnrMkudrfcoIaamtykdDa:$DATA FILE NOT
FOUND Options: Open Access: All
137 10:30:13 PM wincmp3.exe:1568 CLOSE C:\FG\mina\nl\ACC_TRF.CLA SUCCESS

What I have inferred so far:

- Not a Virus/Spyware/Adware/Malware - have searched with 6 different programs so far
- Not because of De-Fragmentation of Disk Clutter
- Some program has either changed the file attribute or registry setting to indicate that the file may contain ADS (Alternate Data Streams) and hence applications
are scanning for them.
- Most likely cause by the CHKDSK scan I did last week.
- Happens only in the OPEN & SAVE File dialogs. Exploring the disk directly does not cause the delay.
- I have tried copying the files to a FAT32 hard disk and back to reset the file attributes with no success. So it is most probably some other setting than a file attribute.

I have more or less pinpointed it to the CHKDSK /F scan I did a week back. It cannot be spyware. What I am looking is for a way to reset whatever has changed on my machine.

Appreciate any help.

Thanks & Regards
 
Sort by date Sort by votes
PROBLEM SOLVED !!!

What has happened is that I had by mistake asked for a column called CAPTION to be displayed as one of the columns to view in the EXPLORER and because of this whenever a folder was scanned for files, it used to scan for alternate data streams for the Caption. I just set it back to the normal columns and all is fine again.

Regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
555
spamjim
spamjim
Keyboy
  • Locked
  • Question
Computer freezing up
Replies
3
Views
2K
Rick998
Rick998
K
  • Locked
  • Question
Recover Data Windows 10 1
Replies
2
Views
4K
Rick998
Rick998
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
862
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top