Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Diagnose And Stop Apparently Excessive Hard Drive Accessing


  • Please log in to reply
12 replies to this topic

#1 Frankie321

Frankie321

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 27 January 2007 - 08:07 PM

I知 wondering why there is such frequent hard drive usage, even when little is happening.

There seems to be almost constant hard drive writing, with a few second gap in between, except for when left idle the hard drive writing eventually stops, but then after some there will be another write though infrequent.

I知 concerned that all this hard drive writing will lead to a greater chance of hard drive crash, which is a big pain.

Computer system: new, specs below:

1 Intel ATX E6400 CORE 2 DUO /2.13GHz/2MB CACHE/1066FSB/LGA775
1 Gigabyte GA-965P-DS3 P965 PCIE16, DualDDRII SATAII Glan
1 DDR2 1024MB (2X512Mb,1G Kit) PC4300 DDR2 RAM Kingmax/Kingston
1 DDR2 1024MB (2X512Mb,1G Kit) PC4300 DDR2 RAM Kingmax/Kingston
1 Asus EN7900GS-2DHT 256M DDR3 HDTV Dual DVI
1 Samsung 931B 19 inch TFT Black 5ms DVI
1 Pioneer DVR-111DBK 16X DVD-/+R/RW Dual Layer(OEM Black)
1 Creative Sound Blaster Audigy Value Sound Card 7.1
1 Antec SLK1650 Solution Series ATX MiniTower Case 350W Black
1 Seagate SATAII NCQ 320GB 7200RPM 16mb Cache
1 Microsoft Windows XP Home (OEM)
1 Microsoft Wireless Optical Desktop 3000
Award BIOS

I can hear the hard drive usage, see the hard drive light flicker on the system case, and I知 using SpeedUpMyPC3 hard drive usage monitoring software. I also note that rarely is much RAM used, rarely is the CPU used at a high level, but the one hour graph of hard drive usage shows incredible usage. The one minute graph separates usage into read versus write, and while read usage goes up when loading a program, it is disk writing which is regular.

The program I use most often is Firefox (for web browsing).

The start up programs are: EZ trust antivirus (with real time protection, from Computer Associates), NVidia NVCplDaemon, P17Helper, JMRaidTool.exe, and Spampal (for Thunderbird).

Let me know if there is any other information needed for diagnosis, and I will post it.

Regards,

Frank

BC AdBot (Login to Remove)

 


#2 Frankie321

Frankie321
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 27 January 2007 - 08:32 PM

I was just shown how to use Windows Task Manager to add an I/O Writes column to the Processes window.

With only Firefox and SpeedUpMyPC monitoring running (after maybe 5 hours of computer on this morning), the main culprits are:

svchost.exe 9730
lsass.exe 5185
system 2183

The lsass.exe looks like the main offender, as it is constantly going up. In 5 minutes it is now at 6052, as I write this sentence it has gone to 6115. Five minutes later, it is 7433.

There is an lsass.exe file in Windows\System32 directory dated 02/28/2006 of 13kb size.

Is there any way I can reduce the frequent, regular hard drive writing?

Frank

#3 gavinseabrook

gavinseabrook

  • Members
  • 773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:El Paso
  • Local time:08:43 AM

Posted 28 January 2007 - 12:11 AM

I would say go online and get the Yahoo toolbar with antispy, and windows defender (both are free) and run full scans. If not there might be a corruption in windows. If that is the case I would recommend a Reformat.

Gavin Seabrook

 


#4 resp

resp

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 28 January 2007 - 12:21 AM

You miiight be infected

and while windows defender and yaho toolbar are great, they might not resolve the issues

One of the more popular downloads that I would recommend you get is spybot, if you don't alreayd have it, it tends to weasle out most of the culprits of said activity

that and adding AVG Free 7.5 edition I believe its at, will help you in determining what's up

lsass.exe is a clean windows file normally but if infected could be the reason

also

SCVhost.exe is basically your internet connection, and the many portals that it uses, so seeing increased activity in that, Is not so bad, Unless of course its infected as well, Choices choices lol...

Do a couple of scans, with spybot and with AVG, And if anything pops up that you dont' recognize or want a second opinion on, Feel free to post back

Spybot1.4
Download spybot S&D here.
Be sure and update it .Heres how if you need help.

and I don't have a canned on AVG, however Ill give you the link

AVG 7.5
just click download free version let it download and install

if you the latest IE it might prompt you that a file tried to download just click the yellow box and click allow or download file, Let it run, Update it before you do anythign with it and then do the scan

run both of those and if it comes back clean, then i will go on a limb and assume its your internet connection acting fuzzy in which case theres a whole wack of possibilities


toolbars while Great additions to browsers are more often than not a PITA and sometimes cause more problems than they fix, And windows defender in my experience and roaming of this and a differnet forum, Has proven to be faulty in the way its run or such and can cause problesm in itself

#5 Guest_uhaligani_*

Guest_uhaligani_*

  • Guests
  • OFFLINE
  •  

Posted 28 January 2007 - 01:30 AM

Lsass.exe is a MS system file. It is also subject to attack by various trojans or virus,'s. This may be the problem in your case. If you have the orignal installation disk, try firste erasing and then copying the new file over. (Its in the System32 folder)
The backup copy of Lsass.exe can be found on your original Windows install disk in the folder F:\i386\lsass.ex_ (I'm guessing that "F:" is the identification of your CDROM drive. If not, use "E:" or similar as required). Because the backup copy is compressed, you need to copy the .ex_ file into your System32 folder, You should decompress it with Winzip, then rename it from ".ex_" to ".exe". Do a search on the whole installation for any other instances of the file, as the virus can sometimes plant itself in other directories. If deperate, try merely deleting the file, or copy it to another, harmless, location.

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA

Posted 28 January 2007 - 02:49 AM

Do you have SP2 installed on your system? Without it, lsass.exe is an unpatched exploit waiting to happen.

Try using this free program to see what's running under the svchost.exe process (just hover your cursor over it and it'll list the sub-processes): http://www.microsoft.com/technet/sysintern...ssExplorer.mspx

You should also be able to look at the threads running under lsass.exe there - to get a better idea of what's causing this.

The system process can be a bit misleading - but with the chance of a virus or spyware this shouldn't be discounted.

I'd suggest a free, online scan at these sites (requires IE):
http://safety.live.com/
http://housecall.trendmicro.com/
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 Frankie321

Frankie321
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 28 January 2007 - 06:56 AM

I have installed Microsoft Defender and done a full system scan. It found no problems. I have had EZ Antivirus scan lsass.exe, and no virus was found. (I also have run SpyBot.)

Is there some program that logs disk access (reads and writes)? That would be the definitive diagnostic tool for what is what is causing frequent drive access.

My new computer has always had this problem, of excessive hard drive usage, from the first day we set it up.

I don稚 want to jump to conclusions, but it is still the case that when the rest of my computer appears idle, Windows Task Manager reports that only lsass.exe is doing I/O writes, which is very suspicious.

I guess I値l have to find out what conditions determine the degree of lsass.exe activity. Perhaps there are configuration options for it somewhere.

Any advice welcomed.

Thanks.

Frank

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:43 AM

Posted 28 January 2007 - 09:15 AM

Here's some articles that may have some helpful hints for you (even though it might not be your same situation):
http://support.microsoft.com/kb/902058
http://support.microsoft.com/kb/828297
http://support.microsoft.com/default.aspx/kb/308356
http://support.microsoft.com/kb/842382
http://support.microsoft.com/kb/884591
http://support.microsoft.com/kb/810585
http://support.microsoft.com/kb/843557
http://support.microsoft.com/kb/327076

Edited by usasma, 28 January 2007 - 09:15 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 TheTerrorist_75

TheTerrorist_75

  • Members
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fulton, NY &gt; Snow country.
  • Local time:11:43 AM

Posted 28 January 2007 - 11:32 AM

I would say go online and get the Yahoo toolbar with antispy, and windows defender (both are free) and run full scans. If not there might be a corruption in windows. If that is the case I would recommend a Reformat.


The Yahoo toolbar is not an answer to fixing anything. Yahoo is in bed with Claria/GAIN/Gator. Toolbars are bad. They can cause more problems than most malware.
I am a transplant survivor.

Get Your Donor Card

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 29 January 2007 - 03:45 AM

Try turning off disk indexing and see if that helps:

1. Open My Computer
2. Right click on one of your hard drive icons and then select Properties.
3. Uncheck Allow indexing service to index this disk for faster searches then click Ok.
4. Then select Apply to all folders and subfolders.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 gavinseabrook

gavinseabrook

  • Members
  • 773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:El Paso
  • Local time:01:43 AM

Posted 29 January 2007 - 10:53 PM

What do your mean yahoo toolbar is like GAIN? It dosnt send someone your history and pop up adds as it goes. It infact also removes the Claria/Gain. The reason I recommended it was one of my Clients computers had this problem, but it had found over 50 objects just on a "Quick Scan" after the full scan with 100 objects, it has been working fine.

Gavin Seabrook

 


#12 resp

resp

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 30 January 2007 - 01:28 AM

Yahoo and many other internet toolbars have been known to carry and in fact harbor spyware or adaware unknowingly to the user, I used yahoo for many years for games and such and when I finally learned to scan and detect malware I found nothing but GAIN and various adaware on my computer

Just becuase it works once, doesnt' mean its a proven method, Many toolbars in general add more problems then they fix, which is why standalone scanners work better than built in scanners

Ive been down the toolbar ally, And that's why I don't keep or download any anymore, I learned mylesson fast

#13 MilesAhead

MilesAhead

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 30 August 2008 - 04:37 PM

I have installed Microsoft Defender and done a full system scan. It found no problems. I have had EZ Antivirus scan lsass.exe, and no virus was found. (I also have run SpyBot.)

Is there some program that logs disk access (reads and writes)? That would be the definitive diagnostic tool for what is what is causing frequent drive access.

My new computer has always had this problem, of excessive hard drive usage, from the first day we set it up.

I don稚 want to jump to conclusions, but it is still the case that when the rest of my computer appears idle, Windows Task Manager reports that only lsass.exe is doing I/O writes, which is very suspicious.

I guess I値l have to find out what conditions determine the degree of lsass.exe activity. Perhaps there are configuration options for it somewhere.

Any advice welcomed.

Thanks.

Frank


Did you ever find a solution? I have a similar problem only on Vista.
On my XP Pro SP2 PC, lsass.exe explorer.exe do their file open and close
routine, but the HD light doesn't flicker. On my Vista machine, these same
file accesses monopolize the HD for 20 to 30 minutes!! It seems like the disk
writes are going right to the hardware. I've been trying to quiet the HD on
this Vista machine for over a year. lsass.exe seems to be the last hurdle
(at least I hope so.)

I've already checked and it's not the lsass.exe virus/Sasser Worm.
The same accesses are going on in XP but they're harmless on that
PC.

"I don't want to belong to any club that would have me as a member."
- Groucho Marx





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users