Hard drive being accessed even when computer is idle

Discussion in 'Software' started by MadameButterfly, Sep 20, 2006.

  1. MadameButterfly

    MadameButterfly Private E-2

    I've received help here before (much appreciated), so I was hoping someone could give me some advice on this.

    Basically, my hard drive is constantly being accessed. Even when the screen saver is on (standard Windows one) or screen is shut down (with no programs running), the hard drive light blinks on intermittently about every 3-5 seconds. I can also hear that the hard drive is being accessed. It doesn't matter if I'm hooked up to the Internet or not. It keeps doing it, even if the computer has not been touched for hours.

    I am really wondering what is causing this (hopefully not spyware or a virus!), and whether this could be damaging to the hard drive in the long run. :confused:

    The computer is brand new. AMD X2 3800+, 2Gb Corsair memory, 250 Gb WD Hard drive, Asus M2N 32 SLI Deluxe motherboard. I have Windows XP Pro SP2 installed with all the latest updates.

    I have turned off system restore and disabled indexing - read somewhere that this might be causing it, but nothing has changed. I have virus software installed that I constantly update. I run virus and spyware scans (using Spybot and Ad-Aware) on a weekly basis. I also use ZoneAlarm as my firewall. I think I'm clean as a chicken, or whatever the expression is.

    I have been monitoring the Windows Task Manager as this has been going on, and for the most part System Idle Process is at 99%. Once in a while explorer.exe will take up 1%, but that's it.

    Does anyone have any idea what's causing this, and what can be done with it? It doesn't seem to interfere with the functioning of the computer, but I'm just worried that this could be damaging in the long term. I'm open to all input and all suggestions! :)

    Btw, I have no idea if my old computer had this problem. The fans in it were so noisy that I could never hear the hard drive anyway. Not so with this new computer which runs as quietly as a firecracker in space!
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Open taskmanager and see what processes are running ...report back.
     
  3. erikske

    erikske Sergeant

    Run this command from the start->run box:
    Code:
    Rundll32.exe advapi32.dll,ProcessIdleTasks
    The command may take a while to complete (15min or so), your disk will be active during execution. See if your hard drive is still being accessed.
    Have you defragmented lately? Defragmenting your drive is an idle task, iirc. This means windows will defragment when you are not using the computer. On heavily fragmented systems, it can take a long time.
     
  4. MadameButterfly

    MadameButterfly Private E-2

    OK, first of all, here are the processes that are running:

    alg.exe LOCAL SERVICE
    apdproxy.exe User
    ATKKBService.exe SYSTEM
    csrss.exe SYSTEM
    ctfmon.exe User
    daemon.exe User
    explorer.exe User
    fpavupdm.exe SYSTEM
    F-StopW.exe User
    jusched.exe User
    KHALMNPR.exe User
    lsass.exe SYSTEM
    nvsvc32.exe SYSTEM
    PhotoshopElementsFileAgent.exe SYSTEM
    rundll32.exe User
    rundll32.exe User
    services.exe SYSTEM
    SetPoint.exe User
    smax4pnp.exe User
    smss.exe SYSTEM
    spoolsv.exe SYSTEM
    svchost.exe SYSTEM
    svchost.exe NETWORK SERVICE
    svchost.exe SYSTEM
    svchost.exe NETWORK SERVICE
    svchost.exe LOCAL SERVICE
    svchost.exe SYSTEM
    System SYSTEM
    System Idle Process SYSTEM
    taskmgr.exe User
    vsmon.exe SYSTEM
    wdfmgr.exe LOCAL SERVICE
    winlogon.exe SYSTEM
    zlclient.exe User
     
  5. MadameButterfly

    MadameButterfly Private E-2

    I did fragment the C: drive about a week ago, but I didn't touch the computer while the Windows defrag utility was running. Besides, the accessing problem was still ongoing before that.

    I'll try that piece of code you provided. What does it do exactly?
     
  6. erikske

    erikske Sergeant

    The command tells windows to immediately process all idle tasks (tasks performed when you are not using the computer). If an idle task is causing hard drive activity, it should stop after the command completes.
    More info here.

    You can also try Filemon NT to monitor file activity on your system. It should be easy to determine the cause of the activity with this tool.
     
  7. MadameButterfly

    MadameButterfly Private E-2

    OK, so if I understand you correctly, that will stop all idle tasks. But, I assume those idle tasks will simply start up again as soon as I restart the computer? I would really like to do something that takes care of this once and for all. I have downloaded Filemon. We'll see if that will provide some answers.

    Thanks so far, though!
     
  8. MadameButterfly

    MadameButterfly Private E-2

    Wooha! This is definitely information overload! I'm sitting here watching FileMon, and it's bombarding me with stuff, even if I'm not even touching the computer, and even when I disconnect my network connection.

    vsmon.exe is very active. So is svchost.exe. zlclient.exe, fpavupdm.exe, and explorer.exe are also doing stuff. I'm also noticing that in the right hand column under the heading of 'Result' it will sometimes say 'NOT FOUND' and beside it it will say 'Error'.

    Where do I even start to digest this information?
     
  9. erikske

    erikske Sergeant

    Google is a start :)
    vsmon.exe is the True Vector internet service, a ZoneAlarm component.
    svchost.exe is the Microsoft Service Host Process, a system process.
    zlclient.exe is the ZoneAlarm client.
    fpavupdm.exe is the F-Prot Antivirus Update Monitor.
    and you know explorer.exe.

    Add those programs to the FileMon exclude filter, this is normal background activity (as you can probably see, a lot of explorer.exe entries are explorer getting info on FileMon).
     
  10. MadameButterfly

    MadameButterfly Private E-2

    Thanks again. I've just been bogged down with work and haven't had time to monitor this forum.

    I did what you said, and the processes that are left are as follows:

    winlogon.exe
    WebColct.exe
    SetPoint.exe
    csrss.exe

    However, when I don't touch the computer Filemon shows no activity. The hard drive is still being accessed though (HD light comes on, and I hear hard drive activity), which leads me to believe that it is one of the processes that I excluded that are constantly accessing the drive.

    I figured I'd go by the process of elimination to find out which process it is that is contsnatly accessing the HD.

    What I found was that vsmon.exe and zlclient.exe where the biggest culprits. I shut down ZoneAlarm, and the HD was being accessed a lot less, however it hadn't gone completely idle.

    What I found was that svchost.exe would frequently do something in Windows\system32\wbem\Repository.

    In addition, winlogon.exe would access something in Windows\Debug, and explorer.exe would jump in to do query information on all partitions on my HD.

    I don't know if any sense can be made out of this. All I know is that my HD is constantly being accessed by the processes mentioned above, and this is not supposed to happen. When the computer is idle, no activity should take place on the HD.

    Any help would be greatly appreciated!
     
  11. MadameButterfly

    MadameButterfly Private E-2

    Oh, and btw, I ran that command you asked me to run earlier, and it made no difference. The accessing of the HD was still the same.
     
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    WebColct.exe
    SetPoint.exe

    Both are related to logitech and could be disabled ...the other two are ms processes neccesary for windows.
     
  13. plastidust

    plastidust Command Sergeant Major

    Just an idle thought here and I know the subject has been covered en mass but what is your virtual memory size?
     
  14. mgpower0

    mgpower0 Corporal

    does the computer have PowerToys for xp installed as this has a setting that will optimise the hard drive at idle (moving files around etc) Should be off by default but if someone else set up the new comp it may be enabled
     
  15. MadameButterfly

    MadameButterfly Private E-2

    Thanks a lot for your replies guys.

    I don't have PowerToys installed. The shop where I bought the computer had set everything up for me, but I wiped it clean when I got home and reinstalled Windows.

    My virtual memory size is 2046 Mb. Regular memory is 2 Gb, so I don't expect the virtual memory to be used much.

    Yeah, Tim, I looked up those two processes you mentioned and found they were related to my Logitech setup. However, they are not the ones accessing the HD all the time.

    This is driving me nuts!
     
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Have you gone into msconfig and deselected all the start up items> Then tried restarting the computer and checking each one by one on progressive restarts to see if any of those are triggering the harddrive usage?
     
  17. MadameButterfly

    MadameButterfly Private E-2

    I'll go ahead and try that right now!
     
  18. MadameButterfly

    MadameButterfly Private E-2

    OK, I deselected all the startup items, restarted the computer, and the intermittent accessing problem was still there. I noticed that I was not able to deselect something called NvCpl from the startup list. When I deselected it, it would be selected again after startup.
     
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    My guess is that if it is in your startup config ...it's an exe file and therefore a nasty ...to be sure ....in Internet Explorer ...run either of these two :
    http://www.bitdefender.com/scan8/ie.html

    http://www.activescan.com

    Here are some directions for the bitscan:
    Bitdefender agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

    Click-on the Detected Problems tab. Then select Click here to export the scan report

    When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
     
  21. MadameButterfly

    MadameButterfly Private E-2

    Yeah, it's there as a dll, so I assume everything is as it should be. I'm still completely stumped.
     
  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Well, crapola ...I thought we might be getting somewhere ....oh, just run the bitscan anyway ....hate to have to have done all that for naught.:) :)
     
  23. MadameButterfly

    MadameButterfly Private E-2

    My reply was to your previous post. I'll try to do what you said with Bitdefender. Thanks again!
     
  24. MadameButterfly

    MadameButterfly Private E-2

    I ran the scan, and it told me that no problems were found. I still saved the scan report. Would it still be useful in any way?
     
  25. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No ....if it found nothing ....not sure where to go next ....thinking ...thinking ....
     
  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Catch me up to speed .....you've defraged the drive to no avail?
    You've run run the hard drive manufacturers diagnostic tools to no avail?
    You've halted all startup items in msconfig?
    You've run memtest?
    You've stopped or disabled any firewall and anti-virus to no avail?
    You've killed unneccessary processes in task manager to no avail?
    There is no virus acting on the system.
    Hummmm .......anything I've missed that has been done?
     
  27. mgpower0

    mgpower0 Corporal

    Automatic Boot Disk Optimization ?


    [Start] [Run] [Regedit]
    Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction
    Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
    Data Type: REG_SZ [String Value] // Value Name: Enable
    Setting for Value Data: [N = Disabled / Y = Enabled]
    Exit Registry and Reboot
     
  28. MadameButterfly

    MadameButterfly Private E-2

    Thanks again to you guys putting your thinking caps on trying to ficgure out this problem!

    Now, I believe I've come closer to solving this. Tim, you mentioned ending unneccessary processes in task manager, and I had not done this previously. I went ahead and did that, being very patient for each process I ended to see if there would be any change. I got to the bottom of the list, and I was unable to end the zlclient.exe process from TaskManager. Instead I shut down ZoneAlarm from the taskbar, as I had done a few days ago. First the accessing of the HD seemed to be the same, but then I waited a bit longer, and lo and behold, the intermittent accessing stopped! :D

    I restarted the computer and shut down ZoneAlarm. Waited a while, and then noticed that the intermittent accessing was not happening so much, but it was still there. I opened Filemon, and noticed that it was the F-Prot update monitor that was to blame for the accessing. I shut down that process. Result? Silence! Yay! :)

    Now, I'll talk to Frisk Software about how to disable the update monitor (I run the updater about twice a week anyway). However, as much as I've been searching, I have yet to come across a firewall that is free and is as good as ZoneAlarm. I would be open to any suggestions! I would be willing to pay (like I do for F-Prot) if the product is top-notch, but I'm not going near Norton...

    Now, that being said, could it be that ZA could be fixed? Should I reinstall it? Are there any settings I should change?

    As always, all suggestions are very much appreciated!
     
  29. MadameButterfly

    MadameButterfly Private E-2

    Well, here's what I did. I shut down ZA, uninstalled it, ran CCleaner, installed Comodo, and voila, the internittent accessing is gone! Well, almost, that is. F-Prot Update Monitor still accesses the HD once in a while, but only about once a minute or so - not at all as annoying as ZA. I've been a loyal ZA user for about 6 years, but no more... :(
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds