Whizzing HD: nothing to see in Process Explorer?

[Guest]

Is there any Process Explorer like tool that can tell me what a hard drive
is doing when it is whizzing away at full blast? Latest occurrence of this
was when Outlook Express froze midway through writing a draft, and the plug
had to be pulled. I hadn't clicked any internet links personally on this,
but possibly OE of IE may have been looking for something itself.

Nothing to see in the various error logs of course.
I notice IE (6) has a tendency to hang on starting too: with several threads
'waiting user request', but no indication of what it is they are waiting
for.

The latter would probably benefit from a better understanding of Process
Explorer, but the former would benefit from some other utility that would
tell me what the hard drive is occupied with when it is not something that
shows up in PE.

Any suggestions?

Cheers,

S

 

[Daave]

Is there any Process Explorer like tool that can tell me what a hard
drive is doing when it is whizzing away at full blast? Latest
occurrence of this was when Outlook Express froze midway through
writing a draft, and the plug had to be pulled. I hadn't clicked any
internet links personally on this, but possibly OE of IE may have
been looking for something itself.
Nothing to see in the various error logs of course.
I notice IE (6) has a tendency to hang on starting too: with several
threads 'waiting user request', but no indication of what it is they
are waiting for.

The latter would probably benefit from a better understanding of
Process Explorer, but the former would benefit from some other
utility that would tell me what the hard drive is occupied with when
it is not something that shows up in PE.

Any suggestions?

The first thing you need to rule out is a malware infection. See:

http://www.elephantboycomputers.com/page2.html#Viruses_Malware

More information would also be helpful:

What Service Pack level? Is your system patched? (I wonder since you are
still running IE6.)

Process Explorer can actually tell you a lot. Here is an in-depth
tutorial that should help you get more out of it:

http://www.bleepingcomputer.com/tutorials/tutorial129.html

Does this behavior persist if you configure a clean boot? See:

http://support.microsoft.com/kb/310353

 

[JS]

Try using Process Monitor to track down the problem.
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

It has an option to monitor file activity.

 

[Guest]

Thanks to you both: plenty to be going on with there.

I'm still on IE6 and SP2, and have been franticly clearing space on my main
drive, and generally tidying up loose ends before updating. Seems a never
ending process!

Cheers,

S

 

[Daave]

Thanks to you both: plenty to be going on with there.

I'm still on IE6 and SP2, and have been franticly clearing space on
my main drive, and generally tidying up loose ends before updating.

Do you mean updating to SP3 or IE7 or both? It is best to upgrade to
SP3, *then* to IE7. If you don't have the best-practice guides, just ask
us and we'll post them for you.

You still need to answer the other questions:

Is your system patched? Go to Control Panel | Add or Remove Programs.
Make sure the box next to "Show updates" is checked. Scroll down. What
is the date of the most recent Security Update or Hotfix?

What is the malware status of your PC?

And have you seen the Process Explorer tutorial?

 

[Guest]

Thanks Daave,

I did read a bit about PE some time ago when I first installed it, but I
have not felt the need to go into it in depth up until now - mainly just
using it to keep a weather eye on what was using the processor, and to
cancel the occasional hung prog - for example IE hangs for the user who uses
Outlook, with a popup 'ending prog autocomplete' unless one shuts the
occurrence of IE that persists in PE after it has ostensibly been 'closed'.
(Various registry fixes suggested for this have not made any difference, so
I was hoping it would go away with the update.)

My most recent update was today, but Belarc and add/remove progs show the
last one as 11/2/2009.

I have Avast free version, and SpyBot's TeaTimer running all the time. And
then there's the regular MS malicious removal tool updates. Still only use
MS's basic firewall, and I'm a bit vague on our wireless router as it's a
long time since I looked at it, but it was set on a high encryption level
when I did.

Only rarely have I seen virus's detected, and then they are usually in
obvious fake emails.

Thanks for the tip to do SP3 before IE7. I did see look at some of the
guidelines a while ago - there seemed to be an overwhelming lot of provisos,
which is one reason I still haven't updated! If you have any nice concise
update guides this would be helpful I am sure.

Thanks very much,

S

 

[Daave]

Thanks Daave,

I did read a bit about PE some time ago when I first installed it, but
I have not felt the need to go into it in depth up until now - mainly
just using it to keep a weather eye on what was using the processor,
and to cancel the occasional hung prog - for example IE hangs for the
user who uses Outlook, with a popup 'ending prog autocomplete' unless
one shuts the occurrence of IE that persists in PE after it has
ostensibly been 'closed'. (Various registry fixes suggested for this
have not made any difference, so I was hoping it would go away with
the update.)

My most recent update was today, but Belarc and add/remove progs show
the last one as 11/2/2009.

I have Avast free version, and SpyBot's TeaTimer running all the time.
And then there's the regular MS malicious removal tool updates. Still
only use MS's basic firewall, and I'm a bit vague on our wireless
router as it's a long time since I looked at it, but it was set on a
high encryption level when I did.

Only rarely have I seen virus's detected, and then they are usually in
obvious fake emails.

Sounds like you're probably malware-free. Assuming that is the case, I
still think you should configure a clean boot:

http://support.microsoft.com/kb/310353

and let us know if the behavior persists.

Thanks for the tip to do SP3 before IE7. I did see look at some of
the guidelines a while ago - there seemed to be an overwhelming lot of
provisos, which is one reason I still haven't updated! If you have
any nice concise update guides this would be helpful I am sure.

SP3 info first:

Two major problems with SP3 have been reported. However, with
preparation on your part, though, you won't (more than likley)
experince *any* problems whatsoever. Still, it is always wise to
image your hard drive before undertaking any major change like a
Service Pack upgrade.

Problem #1: On certain PCs that come with a factory-imaged hard
drive erroneously assuming the CPU is Intel rather than AMD (e.g.,
HPs), upgrading to SP3 without applying a particular patch first is
problematic. See this page for more information and for the fix:

http://msinfluentials.com/blogs/jes...ed-computer-boot-after-installing-xp-sp3.aspx

(or http://tinyurl.com/6zs52d )

Problem #2: The installation will fail if there are devices connected to
the PC. Therefore,it is best to disconnect all perpipheral devices
(e.g., USB external hard drives, printers, etc.) and configure a Clean
Boot environment (because certain anti-malware programs that run in the
background can interfere with the upgrade). See:

http://support.microsoft.com/kb/310353

Personally, I have had best results *not* using Automatic Updates.
Instead, I recommend that people download the entire .iso file of SP3
from Microsoft and burn an SP3 CD:

http://www.microsoft.com/downloads/...ce-b5fb-4488-8c50-fe22559d164e&displaylang=en

(or http://tinyurl.com/5h8cw6 )

More reading material regarding the Best Practices method of upgrading
to SP3:

http://www.iaps.com/windows-xp-sp3-installation-guidelines.html

http://msmvps.com/blogs/harrywaldro...requisites-for-a-successful-installation.aspx

(or http://tinyurl.com/6nf4k4 )

Currently, there is free support specifically for issues related to
upgrading
to SP3:

"Free unlimited installation and compatibility support is available for
Windows XP, but only for Service Pack 3 (SP3). This support for SP3 is
valid until April 14, 2009."

The above is from:

http://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11273&gprid=522131

(or http://tinyurl.com/6cw2xk )

IE7 info:

http://www.ie-vista.com/known_issues.html

I would download the complete installation files for both SP3 and IE7
rather than use Automatic Updates:

WindowsXP-KB936929-SP3-x86-ENU.exe (that is an alternative to the .iso
mentioned above; it's just the installation executable) can be
downloaded from here:

http://www.microsoft.com/DownLoads/...a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en

IE7-WindowsXP-x86-enu.exe can be downloaded from here:

http://www.microsoft.com/downloads/...BE-3385-447C-8A30-081805B2F90B&displaylang=en

Finally, XP SP3: Post Installation Cleanup:
http://aumha.net/viewtopic.php?f=62&t=33827

Once you have removed all the files (make sure you clean out all your
temp files, too!), defrag the hard drive.

Last bit of advice:

It is always good practice to image your hard drive regularly,
especially before a major upgrade. If you don't have Acronis True Image
or something else similar, at the very least use DriveImageXML to be
safe.

 

[Guest]

Plenty to look into there thanks Daave:

It'll take me a while to look at it, but I will let you know how I get on
(At the first inst, I'd say the prospect of daring to try a clean boot is
frightening, as this equipment came ready loaded a long time ago, and we
have very few discs...) Still, will have to read and let you know.

Cheers,

S

 

[Daave]

Plenty to look into there thanks Daave:

It'll take me a while to look at it, but I will let you know how I get
on (At the first inst, I'd say the prospect of daring to try a clean
boot is frightening, as this equipment came ready loaded a long time
ago, and we have very few discs...) Still, will have to read and let
you know.

Sounds good.

A clean boot is very simple and safe! All you are doing is starting
without all the usual third-party startup programs and other processes.
When you are ready to upgrade to SP3, a clean boot is recommended, too.
It's just as easy to reverse, too.

The reason you should configure a clean boot is to see whether or not
your CPU still runs out of control. If it doesn't, then all you need to
do is use process of elimiation to identify the offending program or
process.

 

[Guest]

Sounds good.

A clean boot is very simple and safe! All you are doing is starting
without all the usual third-party startup programs and other processes.
When you are ready to upgrade to SP3, a clean boot is recommended, too.
It's just as easy to reverse, too.

The reason you should configure a clean boot is to see whether or not your
CPU still runs out of control. If it doesn't, then all you need to do is
use process of elimiation to identify the offending program or process.

Ah, I was mixing up with a clean install.

Actually it is not generally a problem at start up, but I think is something
(usually within IE but not exclusively) within IE, which makes it go on
forever trying to find something but giving no indication of what. One can
gradually whittle away at the threads in Process Explorer's 'Properties' for
IE until it shuts down, but the thread descriptions don't tell me anything
about what the problem really was. Ideally, I'd like a simple prog that
just identified the process or call that the hard drive was looking for, and
provided a simple kill button to stop it.

The Process Monitor download was interesting. Certainly gives one an eye
opener into just how fast things are going on behind the scenes! Not sure
how I could use this, other than to wow the unaware though!

Cheers,

S

 

[Daave]

Ah, I was mixing up with a clean install.

Actually it is not generally a problem at start up, but I think is
something (usually within IE but not exclusively) within IE, which
makes it go on forever trying to find something but giving no
indication of what.

The fact that there is no problem at startup is irrelveant. What is
relevant is that there may be a program running in the background (which
of course will run from startup) that will *eventually* cause your
excessvie hard drive activity. If you configure a clean boot and if the
problem goes away, then you can use process of elimination to detemine
the program/process. If not, then you know you have a different problem.

Another troubleshooting technique is to run IE in no add-ons mode. If
that fixes your problem, then you know the problem lies with one of your
add-ons, which you can easily manage.

Did you clear your browser cache?

 

[Guest]

The fact that there is no problem at startup is irrelveant. What is
relevant is that there may be a program running in the background (which
of course will run from startup) that will *eventually* cause your
excessvie hard drive activity. If you configure a clean boot and if the
problem goes away, then you can use process of elimination to detemine the
program/process. If not, then you know you have a different problem.

Another troubleshooting technique is to run IE in no add-ons mode. If that
fixes your problem, then you know the problem lies with one of your
add-ons, which you can easily manage.

Did you clear your browser cache?

My 'whizzing hard drive' is not a reliably, reproducible phenomenon for me
to be able to use this method - I would need something to pin it down when
it was actually happening. However, you have given me a useful way of
following up my earlier noted problem of the 'autocomplete' running on after
IE has ostensibly closed.

I still have a lot of reading to do.

Cheers,
S

 

[Daave]

My 'whizzing hard drive' is not a reliably, reproducible phenomenon
for me to be able to use this method - I would need something to pin
it down when it was actually happening.

How often does it happen? Any kind of pattern (for instance, at
startup)?

However, you have given me a
useful way of following up my earlier noted problem of the
'autocomplete' running on after IE has ostensibly closed.

I still have a lot of reading to do.

I assume you're looking at the tutorial for Process Explorer. You may
also want to check out Process Monitor:

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

 

[PA Bear [MS-MVP]]

My 'whizzing hard drive' is not a reliably, reproducible phenomenon for me
to be able to use this method - I would need something to pin it down when
it was actually happening.  However, you have given me a useful way of
following up my earlier noted problem of the 'autocomplete' running on after
IE has ostensibly closed.

I still have a lot of reading to do.

[cf. http://groups.google.com/group/micr..._frm/thread/d1436da6bc975cb8/60c4f0714c41459a
et al.]

There is a very good chance are that you are seeing the affects of a
hijackware infection.

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

2. Run the Windows Live Safety Center's 'Protection' scan (only!) in
Safe Mode with Networking, if need be: http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the
requested logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22, http://aumha.net/viewforum.php?f=30,
or other appropriate forums.**

If the procedures look too complex - and there is no shame in
admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Guest]

If Daave and, any of those who helped me here are still tracking this...
Just to say thanks and I've now apparently gone through the SP3 process
cleanly, and have skipped IE7 and gone straight in to IE8 as it came in to
Windows Update during the time I was getting ready with backups and tidying.

IE8 told me my security settings needed beefing up, which I let it do.
Now - whereas previously I had to click 'yes/no' pop ups a few times except
on high advertising content sites - I am having to click up to 20 such
boxes. It is a shame they don't say what is actually trying to load, so one
could decide which to allow and which not...

Anyhow, thanks to all who helped, and I'll let you know if the 'whizzing
drive' business continues now I am up to date.

Cheers,

S

 

[JS]

Still here.

Adobe Flash - How to disable and enable in IE 7 or IE 8
http://msmvps.com/blogs/harrywaldro...ow-to-disable-and-enable-in-ie-7-or-ie-8.aspx

Also: http://www.snapfiles.com/get/turnflash.html

 

[Guest]

Cheers for the extra tip JS.

I do have a thing called FlashSwitch which is supposed to turn Macromedia
flash player on or off from the system tray.

Turnflash looks similar, but does not say which flashplayer it is turning on
or off. Is one switching add on able to toggle them all?

However, in following up your link for the tools section of the new IE, I
notice the flash players were still set as
'enabled' even when the system tray icon was set to off.

I also found the google toolbar updater and notifier had reappeared yet
again, so have now turned them off (I'll believe it when I don't see it!),
and have turned off the Shockwave player as well.


I suspect this may give me even more yes/no messages to tick, but will wait
and see.

Since the SP3 update -- may be a coincidence -- I have been having trouble
with USB devices not being recognised once they have been unplugged and
plugged back. As yesterday this included both my external back up hard
drives and my wireless adaptor, and a camera full of pics that needed
downloading, it got quite scary! Strangely, they all started being
recognised again after I had reinstalled the wireless adaptor's set up prog
from its cd?

It may be a coincidence, as I have noticed a tendency building for some USB
sockets to work more reliably than others so perhaps they are all getting a
bit low on volts as the system ages.

Anyhow, thanks once again,
Regards,

S

 

[JS]

You're welcome.

--
JS
http://www.pagestart.com

Cheers for the extra tip JS.

I do have a thing called FlashSwitch which is supposed to turn Macromedia
flash player on or off from the system tray.

Turnflash looks similar, but does not say which flashplayer it is turning
on or off. Is one switching add on able to toggle them all?

However, in following up your link for the tools section of the new IE, I
notice the flash players were still set as
'enabled' even when the system tray icon was set to off.

I also found the google toolbar updater and notifier had reappeared yet
again, so have now turned them off (I'll believe it when I don't see it!),
and have turned off the Shockwave player as well.


I suspect this may give me even more yes/no messages to tick, but will
wait
and see.

Since the SP3 update -- may be a coincidence -- I have been having trouble
with USB devices not being recognised once they have been unplugged and
plugged back. As yesterday this included both my external back up hard
drives and my wireless adaptor, and a camera full of pics that needed
downloading, it got quite scary! Strangely, they all started being
recognised again after I had reinstalled the wireless adaptor's set up
prog
from its cd?

It may be a coincidence, as I have noticed a tendency building for some
USB
sockets to work more reliably than others so perhaps they are all getting
a
bit low on volts as the system ages.

Anyhow, thanks once again,
Regards,

S