Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Repeated Intermittent Episodes of Runaway Disk Activity


  • Please log in to reply

#61
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

I got that once on my Windows 8.  Click on the Avast ball and then Settings.  Uncheck the Web Shield and the Mail Shield and then see if you still have a problem.  

 

I have just downloaded the latest version of Process Explorer.  Did not get a signature warning and it ran OK.  You were right that it should run without right click and Run As Admin.  Never tried it.  Just seemed like it should need admin rights to work.


  • 0

Advertisements


#62
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

Just accepting the "non-secure" Avast security certificates for their e-mail scanner did the trick with Zimbra.

 

Nothing is doing the trick with Process Explorer.   It simply will not run.  Just tried it again and you get the very briefest "flash" of it trying to paint its screen and then it's gone.


  • 0

#63
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Right click on the clock and select Task Manager.  Then Processes.  Make sure there are no procexp.exe or procexp64.exe entries.  

 

Right click on the Avast ball and then select Shields Control and turn all shields off for 10 minutes and then try it.


  • 0

#64
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

Ron,

 

        Still no dice.  Latest VEW Application Log attached and you see the latest error, just like all the rest, at the beginning of the list.  The Avast shields were off (and still are for a couple of minutes - actually just turned themselves back on as I was attaching the file).

 

        Also, as an aside, Avast also screws up outgoing mail, at least with Zimbra, with its default settings.   I had to turn off scanning for outgoing mail in order for anything in my Outboxes to actually leave my Outboxes.  Things had been piling up there since this morning and it was coincidence I checked something else and saw that.

Attached Files


  • 0

#65
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

OK.  Don't know why it's not working for you. This was just an experiment anyway.  If you look at Task Manager, Processes, Show Processes From All users and click on CPU twice you should get about the same info.  Just no way other than a screen shot to send it to me.  Have you had any more bouts of hyperactivity since we switched?  Can we try AVG now?


  • 0

#66
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

Do you want to try AVG to see if it changes something?  I'm game if that's the case.  But if you're doing it "for me" then I'd just a soon stay with Avast! after having gotten things to settle down (with the exception of Process Explorer).

 

I'm perfectly fine, though, with uninstalling and then installing AVG, too.  I know that sometimes seeing what stays the same versus what changes is a valuable exercise.

 

I've had several bouts of hyperactivity surrounding startup, but nothing of the duration of the first restart after Avast! was installed.  Today's been much smoother in that regard because if you wait a couple of minutes things just settle into a groove [and, so far, stay there.  I haven't been running long enough for one of the previously usual episodes of runaway disk activity.]


  • 0

#67
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

If you can live with Avast and the hyperactivity has not come back then that's great.  I'm just concerned because Process Explorer is MIA.  Also you said the builtin memory test is not working.

 

Will Process Monitor work?  download Process Monitor http://live.sysinter...com/Procmon.exe

 
Save it to your desktop.  Right click and Run As Admin.  The logs are incredibly large so can't be posted on the forum.  Just wondered if it worked.  If it did you could try to start Process Explorer and then set a filter for just processes called procexp.exe or procexe64.exe.  Might make a log we could use.  Might be able to see why it crashed.

  • 0

#68
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

Procmon works.   Here are the screenshots of the Windows Security Warning I get on first run (and I uncheck the box) and then the Procmon screen itself (not full screen, of course, but it's running fine).

 

But, wait, now there's a more bizarre development.  I did as you suggested with Procmon and then started procexp and it worked.  See the screen shot with both Procmon windows and the procexp window above my desktop.  This is just too strange!!  Now even stranger:  If I remove that filter, close both Procmon and procexp and try to start procexp again - it won't.

Attached Thumbnails

  • Win_Security_Warning_Procmon.jpg
  • Procmon_Running.jpg
  • Procexp_Bizarre.JPG

Edited by britechguy, 05 February 2015 - 02:54 PM.

  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

I get that warning.  Didn't realize that was what you meant.  

 

 

OK if Proc Mon works then let it run while you try to run Process Explorer.  After it fails, go to Proc Mon and File then uncheck Capture Events.  Once it stops,

 
Click on Filter, change the first box to Process Name, second box stays at IS thirdbox changes to procexp.exe fourth box stays at Include.  Hit Add then OK.  Repeat for procexp.64.exe.
 
Should should now see just the process explorer files.  Let's see how big the log will be.  File, Save, All Events, Format: Comma-Separated Values (CSV) then OK.  It should save the file to logfile.csv which should be on your desktop.  Close Process Monitor.   zip up the logfile.csv (and then check the properties to see the size.  I think the forum limits you to 2 Meg)  if it's smaller then attach it to a Reply.  

  • 0

#70
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

Curiouser and Curiouser . . .

 

Started up ProcMon.  Tried to Start Up Procexp after having set up the filters to show only procexp and procexp64.  Process Explorer has never shown up on the screen this time like it did last (but last time I did not have the filter in place before triggering it).  But have a look at the screenshot of the ProcMon Log file in Excel (the real thing is too large to attach).

ProcMon_Log_Partial.jpg


Edited by britechguy, 05 February 2015 - 03:06 PM.

  • 0

Advertisements


#71
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Looks like it is running happily in the screenshot.  Maybe you can upload the full log to one of the file hosting services like dropbox filedropper http://www.filedropper.com/ and then send me a link to the file?


  • 0

#72
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

Change of plan.  I just couldn't stand that process explorer would no longer start and simply had to see if uninstalling Avast! and installing AVG instead made a difference:  It has - process explorer starts precisely as it did when Panda was used as my anti-virus, independent of anything Procmon is or is not doing and whether it's running or not.

 

Sorry if this throws a monkey wrench into anything, but this is the kind of change in behavior, an inexplicable one, that I just have to see if backing out the latest change corrects it.  The disk use at startup seems to be much better now when compared to what it was when Panda or Avast! were installed.

 

After removing Avast I rebooted and ran CCleaner for files and a registry cleanup.  There wasn't much trash that it found in the registry, though there were two Panda entries that didn't get cleaned up along with two or three for Avast!  Then I cleared the system and application logs and rebooted again.  They're so short I'm going to include them here:

 

VEW System Log:

-------------------------------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/02/2015 5:23:00 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/02/2015 10:16:18 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Realtek DHCP Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 05/02/2015 10:16:07 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-Time-Service
The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/02/2015 10:13:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/02/2015 10:13:17 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\Rtlihvs.dll
-------------------------- End System Log -------------------------------------------

 

VEW Application Log:

-------------------------------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/02/2015 5:24:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/02/2015 10:13:09 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001:
Process 1748 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
-------------------------- End Application Log --------------------------------------


  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

No problem.   Now let's wait and see if the disk activity comes back.


  • 0

#74
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

Well, the runaway disk activity is still happening.

 

I am going to attach a number of process explorer logs.

 

The one from 12:10 PM was an incident that eventually "cleared itself" but that went on for at least 30 minutes, maybe more.

 

The three from the 6:50 PM range were an incident that just completely slowed the computer to almost a stop.  Even as I closed out programs (which will probably be indicated in the logs) nothing was changing with the disk activity.  There was a "phantom" Windows Photo Viewer window that would not disappear even though it appeared that the program itself was closed.  At first I was chalking this up to a screen repainting issue, but I opened maximized and minimized Chrome several times and it persisted.

 

The 7:23 PM log was what I experienced immediately after a full shutdown and restart from powered down.  Note there is a really weird svchost.

 

The 7:30 PM log was after a full shutdown and restart from powered down.  There was lots of disk activity but it settled out moments after I did the "Save as" in Process Explorer.  I am never certain whether Process Explorer takes the snapshot the moment I do the Save As command or when I actually hit the Save button in the dialog.

 

 

Attached Files


  • 0

#75
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

The first one shows

 

PDFXCview.exe 43.87

 

Not much on it on the web.  Is this really something you use?

 

 

 

Is there a reason for having both Chrome and Firefox open?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP