Overactive hard drive

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bobber

Thread Starter
Joined
Mar 1, 2004
Messages
136
Recently I've noticed my hard drive is chattering all the time. Everything runs fine but I can hear it slowly chirping continuously. It never stops. System idle process is 98% so I know that's ok but it keeps on chattering. Is this a possible indication of a problem soon to happen?
Thanks!
 

bobber

Thread Starter
Joined
Mar 1, 2004
Messages
136
I've tried to get help from the Dell forums but no go. So let me clarify my problem here.
I notice that the connection icon in the lower right hand corner of my taskbar (the pair of computer terminals icon) is always lit up continuously. When I check
the status of the connection by right clicking on it I notice that the the activity section is very busy even though I'm not doing anything. By busy I mean that the amount of packets received and sent are both continually increasing quite fast. I would guess each number increases at the rate of 25-30 units per second. Is this normal?
If I remember right the number of packets sent should be very small and increase only slowly and the amount of packets received only increase when using the internet.
My pcseems to be very active even though I'm not doing anything.
I regularly use AVG antivirus, SpywareBlaster, AdAware, Microsft AntiSpyware all religiously and keep up with all updates.
Right now for example the internet icon is solid and my hard drive sounds like it is always on like when it downloads.
When I went into windows task manager I disabled the process Explorer.exe which stopped all activity including my taskbar and desktop icons resulting in a necessary reboot. My system idle process is between 96-98% and explorer.exe would be 2-3%.
I can't figure out what activity is actually taking over my hard drive...
Thanks again for your help.
 
Joined
Jun 13, 2005
Messages
1,023
Ok, lets try some tests.

First, when the drive is active, unplug the network cable (or modem cable or whatever), and see if the activity stops. If it doesnt, then something else is going on. If it does stop, then I would suggest you get a fierwall (zonealarm or similar) to see what is going on.

If the activity doesnt stop, then it could be that XP (I assume its xp youre running) is doing its disk management thing (I heard about this a while ago, but have yet to come across documentation for it). Apparently, it cleans up the disk while you are not using the machine...although how much of that I believe, I dont know...lol.

Do you have anything running that could make this happen? Im sure youve thought about it, but I have to ask.

Oh, and if you kill explorer exe, just click File>(New Task) run in task manager and type explorer...itll start right up.

Scorp.
 
Joined
Mar 18, 2005
Messages
3,390
Good Morning Bobber, that sounds awfully like you are being used or your machine has been hijacked.
You might try going to this site and obtaining their free A/Virus program. http://www.s-cop.com/free-scanner.html
It is a simple standalone type and is very useful for viral confirmation, but probably won't pickup altered files that are probably causing your problem.

In view of the potential system integrity loss and probably never knowing what has actually happened, I would be inclined to clean the system and reload Windows. Using Firefox as an explorer would probably also help.
There are means of identifying files that probably have been altered but the extent is complex and for peace of mind and your other operations banking or whatever you will never be sure.
See http://www.analogzone.com/col_0606.htm
and http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=581549

By the way, three guesses why I am using Linux!
Others will have different ideas.

All the best, qldit.
 

bobber

Thread Starter
Joined
Mar 1, 2004
Messages
136
Thanks for the replies. When I disconnect the cable modem all of the activity ceases and everything returns to normal. When I connect the cable modem the drive starts chattering away again. Oh, and I do have Windows XP running.
I will try the other suggestions too. Thanks.
 

jiml8

Guest
Joined
Jul 2, 2005
Messages
2,634
If the machine is connected directly to the internet without an intervening router or hardware firewall, then you need to turn off file and print sharing, and you need to password protect your computer and all shares. - at an absolute minimum.

You also need to be running a software firewall. The one provided with XPSP2 is better than nothing, but a third party product such as zone alarm is better.

If you have been connected with a "naked" machine - that is, lacking firewall protection and with no explicit security precautions taken - then you should assume your machine is corrupted with trojans, viruses, and spyware. You should obtain a copy of Hijack this, install it and run it, and post a log here. Well, actually, open a new thread on the security forum and post it.
 

bobber

Thread Starter
Joined
Mar 1, 2004
Messages
136
I am using the built in windows XP firewall and am connected through a Linksys router. Will a program like ZoneAlarm actually tell me what is causing my hard drive's activity and how to correct it?
 
Joined
Jun 13, 2005
Messages
1,023
Zonealarm may well tell you what is going on. It usually indicates where the connection is coming from.

Well, at least you are behind the nat firewall on the router. Also, the XP firewall only stops outgoing connections, not incoming, so beware. I'd definately run Hijack This, and post the results. Sounds like you might have some dial home additions that you don't want, like malware. Also, might want to d/l, install and run Spybot S&D, and fix the points IT checks.

Scorp.
 

jiml8

Guest
Joined
Jul 2, 2005
Messages
2,634
CS.Scorpion said:
Also, the XP firewall only stops outgoing connections, not incoming, so beware.
You said that backwards. XP firewall blocks inbound, not outbound.
 

bobber

Thread Starter
Joined
Mar 1, 2004
Messages
136
Ok, I guess I should move the thread over to security issues but for now I'll keep it here so as to not duplicate topics.
Here is the log from HiJack This. Could you folks take a look at it for me. I don't see anything obvious which is causing my problem. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 8:26:51 AM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\utilities\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: All - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeIeX\closeIeX.exe
O9 - Extra 'Tools' menuitem: Close ALL IEx's - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeIeX\closeIeX.exe
O9 - Extra button: Others - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeIeX\closeIeY.exe
O9 - Extra 'Tools' menuitem: Close OTHER IEx's - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeIeX\closeIeY.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092949978593
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129114665578
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} - http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top