This is an old XP Media Center PC, dual core Athlon 4200+ with 2 GB RAM.
It has been running ok, it's connected to a tv and is used mostly to stream media. Light web surfing. I am posting this from it.
It has always gone into sleep mode regularly and is easily brought back to life by moving the Logitech Bluetooth Mouse. Or matching Bluetooth keyboard.
About 2 or 3 weeks ago it stopped going to sleep. It never seemed to go idle.
I have been looking into it for all that time and I am getting nowhere. As I type this the hdd is being accessed constantly. It sounds like it's indexing, but that was the first thing I shut off, indexing. Kind of obvious.
The next thing I tried was system restore, just rolling it back to before this started. None of the restore points worked. Suspicious.
I am not really aware of it being "slow" or anything like that, though these kind of activities always do take their toll.
I downloaded and ran a program called "what's my computer doing" and I see a lot of MSMPengine and a lot of SVCHOST.exe and Services.exe.
I shut down the realtime protection in MS Security Essentials, but that didn't stop the accesses. No change. I thought that would be it.
I ran sysinternals process monitor and used the tools menu to sort by file accesses.
A lot of data there, I have to say nothing looks suspicious to me. Lots of MSMPengine and SVChost.
I went through the services and disabled them one by one. No difference.
I went into msconfig and disabled all the startups. No difference.
These problems are often malware related so that's why I came here. But I can't find malware!
I ran TDSSkiller and it didn't find anything.
I ran Rkil and it didn't find anything.
I ran ComboFix and it didn't find anything.
I ran Chkdisk and it found some irregularities, fixed them, but that didn't resolve anything.
So it's still banging away. Since this is in the living room and with the TV I don't really want it clanging away all the time.
I am going to reboot into safe mode and see what happens.
OK, this is pretty suspicious. I pressed F8, got the menu offering safe mode, etc. While that screen was up and the computer had not booted yet, the HDD accesses are still constant.
What would account for that? I expected silence before boot. But it's the same. That seems suspicious.
I rebooted and ran TCPView, if there was malware it's usually connected out. There were no outbound connections after a reboot until I started firefox. Nothing. So not malware, I'd have to say.
Ah, it could be the Logitech Bluetooth Mouse. But it didn't used to do this and that's been around a long time. That can't be it. I did take out Logitech Setpoint, it works just fine without it. No change.
Any ideas as to how to find what's going on here? Steps to isolate?
Thanks in advance.
Edited by hamluis, 22 January 2014 - 07:57 AM.
Moved from XP to Internal Hardware, moved back to XP - Hamluis.