Hard drive constantly active

[Guest]

I am using Windows XP Home with SP2 in a new computer. My boot drive is
constantly in action (the three RAID 5 data drives are not affected).
Millions of seek, read, close actions take place in an hour or so (checked
with Sysinternals' System Monitor), which is annoying, and will lead to early
drive failure I am sure. Has anybody any ideas on what is causing all this
activity, and how to stop it?

 

[R. McCarty]

Use SysInternals "FileMon" utility to watch disk activity in real time.
Usually, the disk activity is associated with the Indexing service. There
are other maintenance activities ( Prefetch/Defrag ) that occur in "Idle"
periods, but those wouldn't account for such a high I/O count.

 

[Pedro Lerma]

Runn a antispyware then run next script:
copy and paste in a notepad the next text, then save it whit add.vbs.

This script has a spanish text however you only should have click in OK or
ACEPTAR Button:

' from here
' Complemento Antiespías
' Versión 1.5 Daniel Martín (MVP)
' 2006
'
' Este pequeño script restablece la configuración original de ciertos
parámetros
' de Windows una vez ha tenido lugar una infección de archivos espías
(spyware) o virus.
'
' Nota: Utilice este programa *siempre* después de que haya limpiado su PC
' con una aplicación apropiada, esta aplicación no sustituye a
' su programa contra los archivos espías o a su antivirus.


On Error Resume Next ' Si hay claves que no existen, prosigue

Dim WshShell, clave1, clave2, clave3, clave4, respuesta

Set WshShell = WScript.CreateObject("WScript.Shell")

Set fso = CreateObject("Scripting.FileSystemObject")

clave1 = "HKCU\Software\Microsoft\"
clave2 = "HKLM\Software\Microsoft\"
clave3 = "HKCU\Software\Policies\Microsoft\Internet Explorer\"
clave4 = "HKLM\Software\Policies\Microsoft\Internet Explorer\"
clave5 = "HKLM\Software\Policies\Microsoft\"

respuesta = Msgbox ("Complemento Antiespías 1.5, por Daniel Martín" &
Chr(13) & Chr(13) & "Pulse Aceptar para eliminar todo tipo de restricciones
que pueda experimentar en Windows debido a una infección de 'spyware' o
virus." & Chr(13) & Chr(13) & "NOTA: Utilice este programa *siempre* después
de que haya limpiado su PC con una aplicación apropiada; esta aplicación no
sustituye a su programa contra los archivos espías o a su antivirus." &
Chr(13) & Chr(13) & "Sistemas", 1 , "Complemento Antiespías")

If respuesta = 2 then ' El usuario aprieta Cancelar

WScript.Quit ' Sal

Else ' Restablecemos ciertos parámetros

fso.DeleteFile(WshShell.ExpandEnvironmentStrings("%WinDir%\System32\GroupPolicy\User\Registry.pol"))

fso.DeleteFile(WshShell.ExpandEnvironmentStrings("%WinDir%\System32\GroupPolicy\Machine\Registry.pol"))

WshShell.RegDelete clave3 & "Control Panel\ResetWebSettings"

WshShell.RegDelete clave3 & "Control Panel\HomePage"

WshShell.RegWrite clave1 & "Internet Explorer\Main\Start Page",
"www.google.com/"

WshShell.RegWrite clave1 & "Internet Explorer\Main\Search Page",
"www.google.com/"

WshShell.RegWrite clave2 & "Internet Explorer\Main\Start Page",
"www.google.com"

WshShell.RegWrite clave2 & "Internet Explorer\Main\Search Page",
"www.google.com/"

WshShell.RegWrite clave2 & "Internet Explorer\Main\Default_Page_URL",
"www.google.com/"

WshShell.RegWrite clave2 & "Internet Explorer\Main\Default_Search_URL",
"www.google.com/"

WshShell.RegWrite clave2 & "Internet Explorer\Main\Local Page",
"%SystemRoot%\system32\blank.htm"

WshShell.RegDelete clave1 &
"Windows\CurrentVersion\Policies\Explorer\NoThemesTab"

WshShell.RegDelete clave1 & "Windows\CurrentVersion\Policies\Explorer\NoRun"

WshShell.RegDelete clave1 &
"Windows\CurrentVersion\Policies\System\NoDispBackgroundPage"

WshShell.RegDelete clave1 &
"Windows\CurrentVersion\Policies\System\NoDispAppearancePage"

WshShell.RegDelete clave1 &
"Windows\CurrentVersion\Policies\System\NoDispScrSavPage"

WshShell.RegDelete clave1 &
"Windows\CurrentVersion\Policies\System\DisableTaskMgr"

WshShell.RegDelete clave1 &
"Windows\CurrentVersion\Policies\System\Wallpaper"

WshShell.RegDelete clave1 &
"Windows\CurrentVersion\Policies\System\WallpaperStyle"

WshShell.RegDelete clave1 &
"Windows\CurrentVersion\Policies\System\DisableRegistryTools"

WshShell.RegDelete clave3 & "Restrictions\NoBrowserOptions"

WshShell.RegDelete clave3 & "Control Panel\AdvancedTab"

WshShell.RegDelete clave3 & "Control Panel\ConnectionsTab"

WshShell.RegDelete clave3 & "Control Panel\ContentTab"

WshShell.RegDelete clave3 & "Control Panel\GeneralTab"

WshShell.RegDelete clave3 & "Control Panel\PrivacyTab"

WshShell.RegDelete clave3 & "Control Panel\ProgramsTab"

WshShell.RegDelete clave3 & "Control Panel\SecurityTab"

WshShell.RegDelete clave4 & "Control Panel\AdvancedTab"

WshShell.RegDelete clave4 & "Control Panel\ConnectionsTab"

WshShell.RegDelete clave4 & "Control Panel\ContentTab"

WshShell.RegDelete clave4 & "Control Panel\GeneralTab"

WshShell.RegDelete clave4 & "Control Panel\PrivacyTab"

WshShell.RegDelete clave4 & "Control Panel\ProgramsTab"

WshShell.RegDelete clave4 & "Control Panel\SecurityTab"

WshShell.RegDelete clave2 &
"Windows\CurrentVersion\Policies\Explorer\NoThemesTab"

WshShell.RegDelete clave2 & "Windows\CurrentVersion\Policies\Explorer\NoRun"

WshShell.RegDelete clave2 &
"Windows\CurrentVersion\Policies\System\NoDispBackgroundPage"

WshShell.RegDelete clave2 &
"Windows\CurrentVersion\Policies\System\NoDispAppearancePage"

WshShell.RegDelete clave2 &
"Windows\CurrentVersion\Policies\System\NoDispScrSavPage"

WshShell.RegDelete clave2 &
"Windows\CurrentVersion\Policies\System\DisableTaskMgr"

WshShell.RegDelete clave2 &
"Windows\CurrentVersion\Policies\System\Wallpaper"

WshShell.RegDelete clave2 &
"Windows\CurrentVersion\Policies\System\WallpaperStyle"

WshShell.RegDelete clave2 &
"Windows\CurrentVersion\Policies\System\DisableRegistryTools"

WshShell.RegDelete clave5 & "WindowsFirewall\StandardProfile\"

WshShell.RegDelete clave5 & "WindowsFirewall\DomainProfile\"

WshShell.RegDelete clave5 & "WindowsFirewall\"

Msgbox "Los parámetros por defecto se han establecido en su sistema, por
favor reinicie el sistema a continuación. Si aún tiene alguna restricción
aplicada, le agradecería que lo comunicara al area de sistemas para mejorar
las futuras versiones de esta herramienta. Gracias.", , "Complemento
Antiespías"

End If

Set WshShell = nothing






____________________
Good luck
Pedro


Daniel Martin's web page:
http://rinconwindows.blogspot.com/

 

[Pop`]

I am using Windows XP Home with SP2 in a new computer. My boot drive
is constantly in action (the three RAID 5 data drives are not
affected). Millions of seek, read, close actions take place in an
hour or so (checked with Sysinternals' System Monitor), which is
annoying, and will lead to early drive failure I am sure. Has
anybody any ideas on what is causing all this activity, and how to
stop it?

It may well be anti-virus software scanning, indexing, all kinds of things.
If it's new, give it a few days of powered-on, say overnight, and see if it
stops or catches up.

Kill your internet connection; see if it stops.

Look at tasks running in Task Manager; see if there's a hint there.
Also check Event Viewer; might be ahint there.

If you've been on the internet without antivirus and a firewall, then all
bets are off.

Pop`

 

[Guest]

As I said, I have run File Monitor, and found the number of disk accesses
running into millions an hour. The log tells me little, other than files are
opened and closed but only applications. No data files are being accessed.

 

[Guest]

I'm sorry Pedro, but I do not understand what you are suggesting here. How
do I run this script, and what is it designed to do?