Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why is My HDD Being Accessed So Much?


  • Please log in to reply
7 replies to this topic

#1 HaterSlayer

HaterSlayer

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 10 November 2010 - 04:21 PM

As of late my HDD has been constantly getting accessed and it slows down my PC by making thinks stutter a bit. I just looked at the Resource Monitor and the 3 big culprits seem to be:

Windows/System32/config/REGBACK/Components
/pagefile.sys
$Mft (NTFS MASTER FILE TABLE)

Is there any way to limit how much they are access the HDD? One of them seems to come and go, but usually 2 of them are reading to the HDD 40-70 million B per minute

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:56 PM

Posted 10 November 2010 - 11:48 PM

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#3 hamluis

hamluis

    Moderator


  • Moderator
  • 43,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:56 AM

Posted 11 November 2010 - 12:47 PM

Appears that malware is at work (REGBACK).

I'll move this to Am I Infected.

Louis

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:56 PM

Posted 11 November 2010 - 06:24 PM

Windows/System32/config/REGBACK

It looks to me like a legit Windows folder.
I have very same one on my Vista.

REGBACK trojan files look different: http://www.2-spyware.com/remove-regback-trojan.html

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#5 HaterSlayer

HaterSlayer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 16 November 2010 - 07:08 AM

Ok here is what the thing says, thanks for the help! I'm not sure how to make attachments so I put it in a code box. If someone can let me know how then I'll edit it if I did something wrong. Anyway here it goes...

Process	PID	CPU	Private Bytes	Working Set	Description	Company Name	Command Line
System Idle Process	0	98.57	0 K	24 K			
 Interrupts	n/a	0.78	0 K	0 K	Hardware Interrupts		
 DPCs	n/a	0.78	0 K	0 K	Deferred Procedure Calls		
 System	4		0 K	139,244 K			
  smss.exe	396		296 K	556 K			
csrss.exe	508		1,720 K	4,484 K			
wininit.exe	560		1,256 K	3,528 K			
 services.exe	612		2,692 K	6,464 K			
  svchost.exe	880		3,196 K	6,172 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k DcomLaunch
   unsecapp.exe	1896		2,340 K	4,524 K	Sink to receive asynchronous callbacks for WMI client application	Microsoft Corporation	C:\Windows\system32\wbem\unsecapp.exe -Embedding
   WmiPrvSE.exe	2112		3,204 K	5,864 K			
   hpqbam08.exe	1100		1,476 K	4,636 K	HP CUE Alert Popup Window Objects	Hewlett-Packard Co.	"C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
   hpqgpc01.exe	3792		2,544 K	7,076 K	GPCore COM object	Hewlett-Packard	"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
  svchost.exe	944		3,604 K	6,192 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k rpcss
  MsMpEng.exe	984		157,676 K	74,588 K	AntiMalware Service Executable	Microsoft Corporation	"c:\Program Files\Microsoft Security Essentials\MsMpEng.exe"
  svchost.exe	1116		15,048 K	11,288 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
   audiodg.exe	1332		14,060 K	6,800 K			
  svchost.exe	1156		51,784 K	53,508 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
   dwm.exe	1764		57,844 K	37,272 K	Desktop Window Manager	Microsoft Corporation	"C:\Windows\system32\Dwm.exe"
  svchost.exe	1168	0.78	57,964 K	64,904 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k netsvcs
   taskeng.exe	604		9,184 K	8,568 K	Task Scheduler Engine	Microsoft Corporation	taskeng.exe {F414172B-9CE3-4F9F-9B95-15D81E049EC4}
   taskeng.exe	3388		1,984 K	5,640 K			
   wuauclt.exe	2052		2,676 K	5,600 K	Windows Update	Microsoft Corporation	"C:\Windows\system32\wuauclt.exe"
  svchost.exe	1356		1,988 K	3,888 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k GPSvcGroup
  SLsvc.exe	1372		6,092 K	3,712 K	Microsoft Software Licensing Service	Microsoft Corporation	C:\Windows\system32\SLsvc.exe
  svchost.exe	1400		5,776 K	8,816 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k LocalService
  svchost.exe	1536		19,708 K	18,580 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k NetworkService
  aawservice.exe	1688		87,824 K	1,600 K	Ad-Aware Service	Lavasoft	"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
  spoolsv.exe	556		5,656 K	7,612 K	Spooler SubSystem App	Microsoft Corporation	C:\Windows\System32\spoolsv.exe
  svchost.exe	816		11,180 K	9,676 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  avgwdsvc.exe	828		5,980 K	2,212 K	AVG Watchdog Service	AVG Technologies CZ, s.r.o.	C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
   avgrsx.exe	2024		28,104 K	7,168 K			
   avgnsx.exe	1028		2,184 K	1,688 K			
  svchost.exe	196		4,648 K	7,912 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k hpdevmgmt
  Intuit.Spc.Map.EntitlementClient.Server.Service.exe	308		17,880 K	19,240 K	Intuit.Spc.Map.EntitlementClient.Server.Service	Intuit, Inc.	"C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe"
  svchost.exe	2044		896 K	2,536 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\System32\svchost.exe -k HPZ12
  svchost.exe	2068		856 K	2,368 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\System32\svchost.exe -k HPZ12
  svchost.exe	2116		2,180 K	4,472 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
  QBPOSDBService.exe	2368		3,576 K	4,936 K	QB POS V8 Database Manager Service	Intuit Inc.	"C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBPOSDBService.exe"
   QBDBMgrN10.exe	2448		26,552 K	5,444 K			
  RoxWatch9.exe	2432		5,820 K	8,312 K	RoxSniffer9 Module	Sonic Solutions	"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
  SeaPort.exe	2500		4,232 K	7,476 K	Microsoft SeaPort Search Enhancement Broker	Microsoft Corporation	"C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
  svchost.exe	2536		3,552 K	5,016 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\system32\svchost.exe -k imgsvc
  ViewpointService.exe	2564		1,328 K	3,476 K	ViewMgr	Viewpoint Corporation	"C:\Program Files\Viewpoint\Common\ViewpointService.exe"
  svchost.exe	2592		540 K	1,720 K	Host Process for Windows Services	Microsoft Corporation	C:\Windows\System32\svchost.exe -k WerSvcGroup
  WLIDSVC.EXE	2620		4,212 K	7,200 K			"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
   WLIDSVCM.EXE	3064		848 K	2,288 K			
  SearchIndexer.exe	2704		39,788 K	10,300 K	Microsoft Windows Search Indexer	Microsoft Corporation	C:\Windows\system32\SearchIndexer.exe /Embedding
  XAudio.exe	2788		772 K	1,968 K	Modem Audio Service	Conexant Systems, Inc.	C:\Windows\system32\DRIVERS\xaudio.exe
  avgemc.exe	2804		5,320 K	1,484 K	AVG E-Mail Scanner	AVG Technologies CZ, s.r.o.	C:\PROGRA~1\AVG\AVG8\avgemc.exe
   avgcsrvx.exe	2924		9,204 K	2,484 K			
  RoxMediaDB9.exe	3756		6,928 K	9,912 K	RoxMediaDB9 Module	Sonic Solutions	"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
  IntuitUpdateService.exe	3992		19,888 K	592 K	Intuit Update Service	Intuit Inc.	"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"
 lsass.exe	628		3,224 K	2,200 K	Local Security Authority Process	Microsoft Corporation	C:\Windows\system32\lsass.exe
 lsm.exe	640		1,784 K	3,248 K			
csrss.exe	572		1,584 K	4,672 K			
winlogon.exe	700		2,020 K	3,996 K			
explorer.exe	1800		30,568 K	37,096 K	Windows Explorer	Microsoft Corporation	C:\Windows\Explorer.EXE
 hpwuSchd2.exe	280		920 K	2,540 K	hpwuSchd Application	Hewlett-Packard	"C:\Program Files\HP\HP Software Update\hpwuSchd2.exe" 
 GrooveMonitor.exe	2092		1,984 K	5,516 K	GrooveMonitor Utility	Microsoft Corporation	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" 
 sttray.exe	676		4,336 K	5,264 K	Sigmatel Audio system tray application	SigmaTel, Inc.	"C:\Windows\sttray.exe" 
 msseces.exe	2284		5,116 K	10,188 K	Microsoft Security Essentials User Interface	Microsoft Corporation	"C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
 aim.exe	2356		31,388 K	11,868 K	AOL Instant Messenger	AOL Inc.	"C:\Program Files\AIM\aim.exe" /d locale=en-US
  firefox.exe	1592		260,144 K	276,008 K	Firefox	Mozilla Corporation	"C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "https://my.screenname.aol.com/_cqr/login/login.psp?entryType=client2Web&authToken=%2FBcAG0zia1gAAK80DId%2B9kzibIQIj3j2saY4prYAAA%3D%3D&lang=en&locale=US"
   WinRAR.exe	3520		9,576 K	17,012 K	WinRAR archiver	Alexander Roshal	"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\chad\AppData\Local\Temp\ProcessExplorer.zip"
    procexp.exe	4088		19,544 K	29,056 K	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com	"C:\Users\chad\AppData\Local\Temp\Rar$EX16.105\procexp.exe" 
 DLG.exe	2324		2,156 K	3,540 K	Digital Line Detection	Avanquest Software 	"C:\Program Files\Digital Line Detect\DLG.exe" 
 ObjectDock.exe	1288		17,212 K	3,052 K	ObjectDock	Stardock	"C:\Program Files\Stardock\ObjectDock\ObjectDock.exe" 
rundll32.exe	2776		2,652 K	3,364 K	Windows host process (Rundll32)	Microsoft Corporation	rundll32.exe NVSVC.DLL,nvsvcInitialize
hpqste08.exe	1672		5,220 K	6,528 K	HP CUE Status Root	Hewlett-Packard Co.	"C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4200 series#1282932721" -Startup



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:56 PM

Posted 16 November 2010 - 06:18 PM

It looks perfect.
How much RAM do you have and what Windows version is it?
How big is your hard drive and how much of a free space left?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#7 HaterSlayer

HaterSlayer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 17 November 2010 - 08:40 PM

RAM 2GB
Windows Version: Vista Home Premium (6.0 Build 6002)
HDD Size - 288 GB and 104 GB free

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:56 PM

Posted 17 November 2010 - 09:07 PM

That looks good...

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

AVG 8 is rather outdated AV program and it's also known for hogging computers.
I suggest, you uninstall it, using this tool: http://www.avg.com/us-en/download-tools and go for one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users