What the?!?!

[bjfontai]

Ok.. I tried the tracelog.exe -x , but the file kept coming back when I restarted the system. For Those of you interested, here's a registry hack that works...

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/
Control/WMI/GlobalLogger

Change the Start Key from 1 to 0, this should stop it from running.

Good Luck!

[alligator_al]

I came to the same conclusion as bjfontai. The culprit seems to be the Global Logger Session, and is documented at:

http://msdn.microsoft.com/library/de...about_2lny.asp

and the relevant registry key is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WMI
Start REG_DWORD 0 = Off

It doesn't mention anything about colossal file sizes though. I suppose it must be logging the wrong things in some cases (even my keyboard entry was slower when it was logging)

This does the trick better than the temporary 'tracelog -x' fix.
Just out of interest, I also had a 'security' group under WMI in the registry, which looks suspect. I run Norton AV and Sygate personal firewall. I wonder if there's a conflict there?

(always remember to backup your registry first, kids ;-)

[EndobioticChaos]

So essentially what it's supposed to do is allow you to log everything that happens on your comp huh?

[Redwolf]

Spyware perhaps?

Just can't see a 2GBfile going over my cable modem though, must have a secret Microsoft burst transmitter in all PIVs

[alligator_al]

Yes it's a logging tool. By default it saves to \system32\logfiles\wmi\trace.log and in my case it was the NT Kernel Logger that was running. I haven't been able to check what it was logging yet, and I don't know how it was started (I didn't even have the necessary software).

Since then, I have also turned off windows error reporting (which, although pointless and irritating, could surely not have generated such huge logs?)

Another thing that occured to me is that I'm running XP home PREINSTALLED on a Dell 4100 laptop. Could this be a proprietary performance log to assist their support people? Is anyone else with this problem running a preinstall of XP?

I just can't understand why this isn't all over the web. There must be some pretty large HDDs out there if people don't miss the odd gigabyte or three!!!

[++Whiz++]

sounds like a virus to me but i have WinXP Pro and i don't even have that Logfiles folder in my system32 directory my system is a custom build also no proprietary stuff in it.

I don't understand this, but this link at M$ talks about this logger:

http://msdn.microsoft.com/library/de...h/wmi_3t7r.asp

Anyone explain what it means??

Cheers
Mick

[vass0922]

WMI = Windows Management Instrumentation
Allows you to quickly and easily access Windows system information through any scripting language or normal language.
Why its making a permanent log I dont know
I didn't read anything in that specified a reason to keep a continuous log in a file unless somebody wanted to write a script looking for a particular event and see how many time it comes up... probably most useful for debugging ... why its in a production system I don't know.

[Emc2]

Perhaps someone who's still having the problem could open it up while it's still small and tell us what's in there?

[alligator_al]

I just thought of a potential culprit.

Has anyone with these symptoms used microsoft's 'bootvis.exe' at any time? It's a tool designed to optimise boot times and uses logging to trace drivers, etc. It has the option to save the log as a .bin (in my case 28meg), but it must keep it somewhere first.

I used it a few months ago, and my suspicions were roused when i saw this new note on their website:

Note: This version of BootVis.exe is compatible with final release of Windows XP (build 2600) and resolves a compatibility issue when using third-party IDE drivers.

I have intel IDE drivers (does that count as third-party? ) Suppose it didn't stop logging?
BTW it's here if anyone's interested (it did shave a few valuable seconds off my boot time )