Something is "ticking" my hard drive LED.

2456711

Comments

  • squeaky
    squeaky Posts: 14,129 Forumite
    10,000 Posts Combo Breaker
    Logfile of HijackThis v1.98.2
    Scan saved at 15:21:25, on 06/06/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\AlfaClock\AlfaClock.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\mrfshl.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\mfsyncsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Innovative Solutions\DriverMax\devices.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Hijack this\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [100% Clock] C:\Program Files\AlfaClock\AlfaClock.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MirrorFolderShell] C:\WINDOWS\system32\mrfshl.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O11 - Options group: [INTERNATIONAL] International
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    Hi, I'm a Board Guide on the Old Style and the Consumer Rights boards which means I'm a volunteer to help the boards run smoothly and can move and merge posts there. Board guides are not moderators and don't read every post. If you spot an inappropriate or illegal post then please report it to forumteam@moneysavingexpert.com. It is not part of my role to deal with reportable posts. Any views are mine and are not the official line of MoneySavingExpert.
    Never ascribe to malice that which is adequately explained by incompetence.
    DTFAC: Y.T.D = £5.20 Apr £0.50
  • squeaky
    squeaky Posts: 14,129 Forumite
    10,000 Posts Combo Breaker
    daily wrote: »
    Run procmon.
    I got a screen of 5,000+ events out of 23,000+ events and the helpfile doesn't work.

    So what am I supposed to do with it?
    Hi, I'm a Board Guide on the Old Style and the Consumer Rights boards which means I'm a volunteer to help the boards run smoothly and can move and merge posts there. Board guides are not moderators and don't read every post. If you spot an inappropriate or illegal post then please report it to forumteam@moneysavingexpert.com. It is not part of my role to deal with reportable posts. Any views are mine and are not the official line of MoneySavingExpert.
    Never ascribe to malice that which is adequately explained by incompetence.
    DTFAC: Y.T.D = £5.20 Apr £0.50
  • spud17
    spud17 Posts: 4,431 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    Your HijackThis is out of date, now on v2.02, but may not be relevant in this case.
    Move along, nothing to see.
  • daily_2
    daily_2 Posts: 309 Forumite
    edited 6 June 2009 at 3:52PM
    Do it in safe mode (or with everything closed that you can, including antivirus etc), hit control E after a couple of ticks to stop the capture, Tools, process activity summary, look for file events, that should identify any processes hitting the disk, then look for that process in the log to see what files are being accessed.
  • squeaky
    squeaky Posts: 14,129 Forumite
    10,000 Posts Combo Breaker
    To shortcut things a bit - here's my hijack log from when in Safe Mode and my drive is STILL "ticking"...

    Logfile of HijackThis v1.98.2
    Scan saved at 15:44:49, on 06/06/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hijack this\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [100% Clock] C:\Program Files\AlfaClock\AlfaClock.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MirrorFolderShell] C:\WINDOWS\system32\mrfshl.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O11 - Options group: [INTERNATIONAL] International
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    Hi, I'm a Board Guide on the Old Style and the Consumer Rights boards which means I'm a volunteer to help the boards run smoothly and can move and merge posts there. Board guides are not moderators and don't read every post. If you spot an inappropriate or illegal post then please report it to forumteam@moneysavingexpert.com. It is not part of my role to deal with reportable posts. Any views are mine and are not the official line of MoneySavingExpert.
    Never ascribe to malice that which is adequately explained by incompetence.
    DTFAC: Y.T.D = £5.20 Apr £0.50
  • squeaky
    squeaky Posts: 14,129 Forumite
    10,000 Posts Combo Breaker
    daily wrote: »
    Do it in safe mode (or with everything closed that you can, including antivirus etc), hit control E after a couple of ticks to stop the capture, Tools, process activity summary, look for file events, that should identify any processes hitting the disk, then look for that process in the log to see what files are being accessed.

    No go. I get the error message "Unable to open Process Monitor device driver"
    Hi, I'm a Board Guide on the Old Style and the Consumer Rights boards which means I'm a volunteer to help the boards run smoothly and can move and merge posts there. Board guides are not moderators and don't read every post. If you spot an inappropriate or illegal post then please report it to forumteam@moneysavingexpert.com. It is not part of my role to deal with reportable posts. Any views are mine and are not the official line of MoneySavingExpert.
    Never ascribe to malice that which is adequately explained by incompetence.
    DTFAC: Y.T.D = £5.20 Apr £0.50
  • daily_2
    daily_2 Posts: 309 Forumite
    Is that in safe mode (won't be able to load the driver), if so, do it in normal mode, but make sure you shut everything (applications) down first to limit the trace size.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    ~
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    :idea:
  • squeaky
    squeaky Posts: 14,129 Forumite
    10,000 Posts Combo Breaker
    daily wrote: »
    Is that in safe mode (won't be able to load the driver), if so, do it in normal mode, but make sure you shut everything (applications) down first to limit the trace size.
    That's what I did the first time, ran it in normal mode and got 5,000 entries.
    Hi, I'm a Board Guide on the Old Style and the Consumer Rights boards which means I'm a volunteer to help the boards run smoothly and can move and merge posts there. Board guides are not moderators and don't read every post. If you spot an inappropriate or illegal post then please report it to forumteam@moneysavingexpert.com. It is not part of my role to deal with reportable posts. Any views are mine and are not the official line of MoneySavingExpert.
    Never ascribe to malice that which is adequately explained by incompetence.
    DTFAC: Y.T.D = £5.20 Apr £0.50
  • squeaky
    squeaky Posts: 14,129 Forumite
    10,000 Posts Combo Breaker
    aliEnRIK wrote: »
    ~
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    You think? OK I'll take a shotgun to it :)
    Hi, I'm a Board Guide on the Old Style and the Consumer Rights boards which means I'm a volunteer to help the boards run smoothly and can move and merge posts there. Board guides are not moderators and don't read every post. If you spot an inappropriate or illegal post then please report it to forumteam@moneysavingexpert.com. It is not part of my role to deal with reportable posts. Any views are mine and are not the official line of MoneySavingExpert.
    Never ascribe to malice that which is adequately explained by incompetence.
    DTFAC: Y.T.D = £5.20 Apr £0.50
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.9K Banking & Borrowing
  • 252.7K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 242.9K Work, Benefits & Business
  • 619.8K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture