On Sat, 2 Jul 2005 16:19:15 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "John Latter" <jorolat RemoveThis @tiscali.co.uk>
>
>
>|
>| I just tried to use Trend but my antivirus (Avast) came up with an
>| alert saying "C:\AV-CLS\Trend\sysclean.exezz - VBS:Redlof". I don't
>| know how to bypass this.
>|
>| Jorolat
>|
>| --
>|
>| John Latter
>|
>| Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking
>| Stationary-Phase Mutations to the Baldwin Effect. http://members.aol.com/jorolat/TEM.html
>|
>| 'Where Darwin meets Lamarck?' Discussion Egroup
>| http://groups.yahoo.com/group/evomech
>
>
>Disable AVAST. It is a well known and often noted False Positive declaration by AVAST.
>
>BTW: Based upon the time that has lapsed, one would think this would have been corrected by
>now !

Okay Dave and thankyou =)

Its nearly 10.30 pm now so I'll continue in the morning.

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

On Sat, 2 Jul 2005 16:19:15 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "John Latter" <jorolat.RemoveThis@tiscali.co.uk>
>
>
>|
>| I just tried to use Trend but my antivirus (Avast) came up with an
>| alert saying "C:\AV-CLS\Trend\sysclean.exezz - VBS:Redlof". I don't
>| know how to bypass this.
>|
>| Jorolat
>|
>| --
>|
>| John Latter
>|
>| Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking
>| Stationary-Phase Mutations to the Baldwin Effect. http://members.aol.com/jorolat/TEM.html
>|
>| 'Where Darwin meets Lamarck?' Discussion Egroup
>| http://groups.yahoo.com/group/evomech
>
>
>Disable AVAST. It is a well known and often noted False Positive declaration by AVAST.
>
>BTW: Based upon the time that has lapsed, one would think this would have been corrected by
>now !

Okay Dave and thankyou =)

Its nearly 10.30 pm now so I'll continue in the morning.

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

On Sat, 2 Jul 2005 18:05:53 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "John Latter" <jorolat RemoveThis @tiscali.co.uk>
>
>| I'm just starting to run sofos now. This is the kind of thing that
>| McAfee picked up at the beginning of its scan:
>|
>| Could not open c:\WINDOWS\system32\config\system.LOG
>|
>| The above line is all that sofos has displayed so far, the cursor is
>| spinning but nothing else is happening - I'll give it a few more
>| minutes!
>|
>| Jorolat
>|
>
>Ther File Handle is held open by the operting system and thus can't be scanned.
>
>Normal operation.

Hi David,

I've done the sophos scan in normal mode & these are the results:

Full Scanning

Could not open c:\WINDOWS\system32\config\system.LOG
Could not open c:\WINDOWS\Temp\_avast4_\Webshlock.txt
Could not open c:\WINDOWS\Temp\JET7908.tmp
Could not open c:\WINDOWS\Temp\JET82FB.tmp
Scan aborted by user.

8861 files swept in 10 minutes and 24 seconds.
4 errors were encountered.
No viruses were discovered.
Ending Sophos Anti-Virus.

I've ended up having less spare time than I expected this weekend but
I should be able to do the trend scan in a couple of hours.

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

On Sat, 2 Jul 2005 18:05:53 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "John Latter" <jorolat.RemoveThis@tiscali.co.uk>
>
>| I'm just starting to run sofos now. This is the kind of thing that
>| McAfee picked up at the beginning of its scan:
>|
>| Could not open c:\WINDOWS\system32\config\system.LOG
>|
>| The above line is all that sofos has displayed so far, the cursor is
>| spinning but nothing else is happening - I'll give it a few more
>| minutes!
>|
>| Jorolat
>|
>
>Ther File Handle is held open by the operting system and thus can't be scanned.
>
>Normal operation.

Hi David,

I've done the sophos scan in normal mode & these are the results:

Full Scanning

Could not open c:\WINDOWS\system32\config\system.LOG
Could not open c:\WINDOWS\Temp\_avast4_\Webshlock.txt
Could not open c:\WINDOWS\Temp\JET7908.tmp
Could not open c:\WINDOWS\Temp\JET82FB.tmp
Scan aborted by user.

8861 files swept in 10 minutes and 24 seconds.
4 errors were encountered.
No viruses were discovered.
Ending Sophos Anti-Virus.

I've ended up having less spare time than I expected this weekend but
I should be able to do the trend scan in a couple of hours.

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

Here is the results of the Trend scan in normal mode:



/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-07-03, 15:43:01, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2005-07-03, 15:43:13, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished
running.
2005-07-03, 15:43:13, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Sun Jul 03 2005 15:43:02

Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version
618) [success]

Complete time : Sun Jul 03 2005 15:43:13
Execute pattern count(3678), Virus found count(0), Virus clean
count(0), Clean failed count(0)

2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\DEFAULT": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\SOFTWARE": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\SYSTEM": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM": Access is denied.
2005-07-03, 15:45:28, An error occurred while scanning file
"C:\WINDOWS\Temp\JET8DC8.tmp": Access is denied.
2005-07-03, 15:47:24, An error occurred while scanning file
"C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is
denied.
2005-07-03, 15:47:24, An error occurred while scanning file
"C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is
denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is
denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-03, 15:47:28, An error occurred while scanning file
"C:\Documents and Settings\John Robert\ntuser.dat.LOG": Access is
denied.
2005-07-03, 15:47:28, An error occurred while scanning file
"C:\Documents and Settings\John Robert\ntuser.dat": Access is denied.
2005-07-03, 15:47:29, An error occurred while scanning file
"C:\Documents and Settings\John Robert\Local
Settings\Temp\Perflib_Perfdata_b08.dat": Access is denied.
2005-07-03, 15:47:37, An error occurred while scanning file
"C:\Documents and Settings\John Robert\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-03, 15:47:37, An error occurred while scanning file
"C:\Documents and Settings\John Robert\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-03, 15:57:38, Running scanner
"c:\AV-CLS\Trend\VSCANTM.BIN"...
2005-07-03, 16:14:19, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/3/2005 15:57:38
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 711 (104126 Patterns) (2005/06/30) (271100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND
/LD /LC /LCF /NM /NB C:\*.* /P=c:\AV-CLS\Trend

63883 files have been read.
63883 files have been checked.
50311 files have been scanned.
121689 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/3/2005 16:14:19
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-03, 16:14:19, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/3/2005 15:57:38
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 711 (104126 Patterns) (2005/06/30) (271100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND
/LD /LC /LCF /NM /NB C:\*.* /P=c:\AV-CLS\Trend

63883 files have been read.
63883 files have been checked.
50311 files have been scanned.
121689 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/3/2005 16:14:19 16 minutes 41 seconds (1000.41
seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-03, 16:14:19, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/3/2005 15:57:38
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 711 (104126 Patterns) (2005/06/30) (271100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND
/LD /LC /LCF /NM /NB C:\*.* /P=c:\AV-CLS\Trend

63883 files have been read.
63883 files have been checked.
50311 files have been scanned.
121689 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/3/2005 16:14:19 16 minutes 41 seconds (1000.41
seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-03, 16:14:19, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has
finished running.

Should I do safe mode now? Also, I've just looked at the help file
again and I'm not too sure what's involved in a boot scan - mind you,
I'm pushed for time again & I might understand it better later!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

From: "John Latter" <jorolat RemoveThis @tiscali.co.uk>


| Should I do safe mode now? Also, I've just looked at the help file
| again and I'm not too sure what's involved in a boot scan - mind you,
| I'm pushed for time again & I might understand it better later!
|
| --
|
| John Latter
|
| Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking
| Stationary-Phase Mutations to the Baldwin Effect. http://members.aol.com/jorolat/TEM.html
|
| 'Where Darwin meets Lamarck?' Discussion Egroup
| http://groups.yahoo.com/group/evomech

No. I think you have proven that your PC is clean and it is definitely not a virus !

That's good

However, now the original probelm needs exploration. That problem noted....

"In Windows Task Manager an instance of svchost.exe (with a PID number
of 972) is continuously accessing my hard drive at a frequency of just
under once per second."

The question -- What is the causitive factor in all this activity ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "John Latter" <jorolat.DeleteThis@tiscali.co.uk>


| Should I do safe mode now? Also, I've just looked at the help file
| again and I'm not too sure what's involved in a boot scan - mind you,
| I'm pushed for time again & I might understand it better later!
|
| --
|
| John Latter
|
| Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking
| Stationary-Phase Mutations to the Baldwin Effect. http://members.aol.com/jorolat/TEM.html
|
| 'Where Darwin meets Lamarck?' Discussion Egroup
| http://groups.yahoo.com/group/evomech

No. I think you have proven that your PC is clean and it is definitely not a virus !

That's good

However, now the original probelm needs exploration. That problem noted....

"In Windows Task Manager an instance of svchost.exe (with a PID number
of 972) is continuously accessing my hard drive at a frequency of just
under once per second."

The question -- What is the causitive factor in all this activity ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Here is the results of the Trend scan in normal mode:



/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-07-03, 15:43:01, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2005-07-03, 15:43:13, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished
running.
2005-07-03, 15:43:13, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Sun Jul 03 2005 15:43:02

Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version
618) [success]

Complete time : Sun Jul 03 2005 15:43:13
Execute pattern count(3678), Virus found count(0), Virus clean
count(0), Clean failed count(0)

2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-07-03, 15:44:11, An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\DEFAULT": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\SOFTWARE": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\SYSTEM": Access is denied.
2005-07-03, 15:44:12, An error occurred while scanning file
"C:\WINDOWS\system32\config\SAM": Access is denied.
2005-07-03, 15:45:28, An error occurred while scanning file
"C:\WINDOWS\Temp\JET8DC8.tmp": Access is denied.
2005-07-03, 15:47:24, An error occurred while scanning file
"C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is
denied.
2005-07-03, 15:47:24, An error occurred while scanning file
"C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is
denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is
denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-03, 15:47:25, An error occurred while scanning file
"C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-03, 15:47:28, An error occurred while scanning file
"C:\Documents and Settings\John Robert\ntuser.dat.LOG": Access is
denied.
2005-07-03, 15:47:28, An error occurred while scanning file
"C:\Documents and Settings\John Robert\ntuser.dat": Access is denied.
2005-07-03, 15:47:29, An error occurred while scanning file
"C:\Documents and Settings\John Robert\Local
Settings\Temp\Perflib_Perfdata_b08.dat": Access is denied.
2005-07-03, 15:47:37, An error occurred while scanning file
"C:\Documents and Settings\John Robert\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-03, 15:47:37, An error occurred while scanning file
"C:\Documents and Settings\John Robert\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-03, 15:57:38, Running scanner
"c:\AV-CLS\Trend\VSCANTM.BIN"...
2005-07-03, 16:14:19, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/3/2005 15:57:38
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 711 (104126 Patterns) (2005/06/30) (271100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND
/LD /LC /LCF /NM /NB C:\*.* /P=c:\AV-CLS\Trend

63883 files have been read.
63883 files have been checked.
50311 files have been scanned.
121689 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/3/2005 16:14:19
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-03, 16:14:19, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/3/2005 15:57:38
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 711 (104126 Patterns) (2005/06/30) (271100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND
/LD /LC /LCF /NM /NB C:\*.* /P=c:\AV-CLS\Trend

63883 files have been read.
63883 files have been checked.
50311 files have been scanned.
121689 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/3/2005 16:14:19 16 minutes 41 seconds (1000.41
seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-03, 16:14:19, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/3/2005 15:57:38
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 711 (104126 Patterns) (2005/06/30) (271100)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND
/LD /LC /LCF /NM /NB C:\*.* /P=c:\AV-CLS\Trend

63883 files have been read.
63883 files have been checked.
50311 files have been scanned.
121689 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/3/2005 16:14:19 16 minutes 41 seconds (1000.41
seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-03, 16:14:19, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has
finished running.

Should I do safe mode now? Also, I've just looked at the help file
again and I'm not too sure what's involved in a boot scan - mind you,
I'm pushed for time again & I might understand it better later!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

On Sun, 3 Jul 2005 13:34:47 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "John Latter" <jorolat.RemoveThis@tiscali.co.uk>
>
>
>| Should I do safe mode now? Also, I've just looked at the help file
>| again and I'm not too sure what's involved in a boot scan - mind you,
>| I'm pushed for time again & I might understand it better later!
>|
>| --
>|
>| John Latter
>|
>| Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking
>| Stationary-Phase Mutations to the Baldwin Effect. http://members.aol.com/jorolat/TEM.html
>|
>| 'Where Darwin meets Lamarck?' Discussion Egroup
>| http://groups.yahoo.com/group/evomech
>
>No. I think you have proven that your PC is clean and it is definitely not a virus !
>
>That's good
>
>However, now the original probelm needs exploration. That problem noted....
>
>"In Windows Task Manager an instance of svchost.exe (with a PID number
>of 972) is continuously accessing my hard drive at a frequency of just
>under once per second."
>
>The question -- What is the causitive factor in all this activity ?

Thanks for helping me eliminate malware Dave =)

Still stuck with the original problem though. I haven't had much time
over the weekend and I'm facing a busy week!

My original post said:

"In Windows Task Manager an instance of svchost.exe (with a PID number
of 972) is continuously accessing my hard drive at a frequency of just
under once per second.

With the help I got on a related post I've used tasklist.exe to
establish that svchost.exe (PID 972) has the following components:

AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC

Bearing in mind I'm a novice what I would like to do (subject to
advice!) is disable each service one by one in an attempt to narrow
down the source of the problem?"

Apparently therre's a way to access services via the commandline (cos
not all are listed in windows) but before I follow that path
(disabling) I ought to find out whether I can do so safely, do I need
to reboot each time, so if anyone has any ideas I'ld love to hear
them!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

On Sun, 3 Jul 2005 13:34:47 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "John Latter" <jorolat.RemoveThis@tiscali.co.uk>
>
>
>| Should I do safe mode now? Also, I've just looked at the help file
>| again and I'm not too sure what's involved in a boot scan - mind you,
>| I'm pushed for time again & I might understand it better later!
>|
>| --
>|
>| John Latter
>|
>| Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking
>| Stationary-Phase Mutations to the Baldwin Effect. http://members.aol.com/jorolat/TEM.html
>|
>| 'Where Darwin meets Lamarck?' Discussion Egroup
>| http://groups.yahoo.com/group/evomech
>
>No. I think you have proven that your PC is clean and it is definitely not a virus !
>
>That's good
>
>However, now the original probelm needs exploration. That problem noted....
>
>"In Windows Task Manager an instance of svchost.exe (with a PID number
>of 972) is continuously accessing my hard drive at a frequency of just
>under once per second."
>
>The question -- What is the causitive factor in all this activity ?

Thanks for helping me eliminate malware Dave =)

Still stuck with the original problem though. I haven't had much time
over the weekend and I'm facing a busy week!

My original post said:

"In Windows Task Manager an instance of svchost.exe (with a PID number
of 972) is continuously accessing my hard drive at a frequency of just
under once per second.

With the help I got on a related post I've used tasklist.exe to
establish that svchost.exe (PID 972) has the following components:

AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC

Bearing in mind I'm a novice what I would like to do (subject to
advice!) is disable each service one by one in an attempt to narrow
down the source of the problem?"

Apparently therre's a way to access services via the commandline (cos
not all are listed in windows) but before I follow that path
(disabling) I ought to find out whether I can do so safely, do I need
to reboot each time, so if anyone has any ideas I'ld love to hear
them!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

i haven't seen anything of significance in the event log viewer but
remembering those log files that couldn't be opened during the scans -
are there any that can be viewed that might give some clues?

Jorolat

On Sun, 3 Jul 2005 13:34:47 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "John Latter" <jorolat.TakeThisOut@tiscali.co.uk>
>
>
>| Should I do safe mode now? Also, I've just looked at the help file
>| again and I'm not too sure what's involved in a boot scan - mind you,
>| I'm pushed for time again & I might understand it better later!
>|
>| --
>|
>| John Latter
>|
>| Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking
>| Stationary-Phase Mutations to the Baldwin Effect. http://members.aol.com/jorolat/TEM.html
>|
>| 'Where Darwin meets Lamarck?' Discussion Egroup
>| http://groups.yahoo.com/group/evomech
>
>No. I think you have proven that your PC is clean and it is definitely not a virus !
>
>That's good
>
>However, now the original probelm needs exploration. That problem noted....
>
>"In Windows Task Manager an instance of svchost.exe (with a PID number
>of 972) is continuously accessing my hard drive at a frequency of just
>under once per second."
>
>The question -- What is the causitive factor in all this activity ?

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

i haven't seen anything of significance in the event log viewer but
remembering those log files that couldn't be opened during the scans -
are there any that can be viewed that might give some clues?

Jorolat

On Sun, 3 Jul 2005 13:34:47 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "John Latter" <jorolat.TakeThisOut@tiscali.co.uk>
>
>
>| Should I do safe mode now? Also, I've just looked at the help file
>| again and I'm not too sure what's involved in a boot scan - mind you,
>| I'm pushed for time again & I might understand it better later!
>|
>| --
>|
>| John Latter
>|
>| Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking
>| Stationary-Phase Mutations to the Baldwin Effect. http://members.aol.com/jorolat/TEM.html
>|
>| 'Where Darwin meets Lamarck?' Discussion Egroup
>| http://groups.yahoo.com/group/evomech
>
>No. I think you have proven that your PC is clean and it is definitely not a virus !
>
>That's good
>
>However, now the original probelm needs exploration. That problem noted....
>
>"In Windows Task Manager an instance of svchost.exe (with a PID number
>of 972) is continuously accessing my hard drive at a frequency of just
>under once per second."
>
>The question -- What is the causitive factor in all this activity ?

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

On Fri, 01 Jul 2005 20:16:12 +0100, John Latter
<jorolat.DeleteThis@tiscali.co.uk> wrote:

>Hi,
>
>In Windows Task Manager an instance of svchost.exe (with a PID number
>of 972) is continuously accessing my hard drive at a frequency of just
>under once per second.
>
>With the help I got on a related post I've used tasklist.exe to
>establish that svchost.exe (PID 972) has the following components:
>
>AudioSrv, BITS, Browser, CryptSvc, Dhcp,
>ERSvc, EventSystem, helpsvc, lanmanserver,
>lanmanworkstation, Netman, Nla, RasMan,
>Schedule, seclogon, SENS, SharedAccess,
>ShellHWDetection, srservice, TapiSrv,
>Themes, TrkWks, W32Time, winmgmt, wscsvc,
>wuauserv, WZCSVC
>
>Bearing in mind I'm a novice what I would like to do (subject to
>advice!) is disable each service one by one in an attempt to narrow
>down the source of the problem?
>
>Would this be a realistic way to go about the problem? If so what
>would be the best way to do it & would I need to reboot each time I
>disable a service?
>
>Hope you can help =)

I've just installed XP slipstreamed with SP2 onto a new hard drive
(but I'm back on the old OS & HDD now) and as soon as I installed the
modem drivers the svchost disc activity started. I uninstalled the
drivers & the problem went away.

I ain't gotta clue why this is so & it'll be a few days before I can
spend some time on it. In the meantime, if anyone has any ideas I'ld
be glad to hear them!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

On Fri, 01 Jul 2005 20:16:12 +0100, John Latter
<jorolat.RemoveThis@tiscali.co.uk> wrote:

>Hi,
>
>In Windows Task Manager an instance of svchost.exe (with a PID number
>of 972) is continuously accessing my hard drive at a frequency of just
>under once per second.
>
>With the help I got on a related post I've used tasklist.exe to
>establish that svchost.exe (PID 972) has the following components:
>
>AudioSrv, BITS, Browser, CryptSvc, Dhcp,
>ERSvc, EventSystem, helpsvc, lanmanserver,
>lanmanworkstation, Netman, Nla, RasMan,
>Schedule, seclogon, SENS, SharedAccess,
>ShellHWDetection, srservice, TapiSrv,
>Themes, TrkWks, W32Time, winmgmt, wscsvc,
>wuauserv, WZCSVC
>
>Bearing in mind I'm a novice what I would like to do (subject to
>advice!) is disable each service one by one in an attempt to narrow
>down the source of the problem?
>
>Would this be a realistic way to go about the problem? If so what
>would be the best way to do it & would I need to reboot each time I
>disable a service?
>
>Hope you can help =)

I've just installed XP slipstreamed with SP2 onto a new hard drive
(but I'm back on the old OS & HDD now) and as soon as I installed the
modem drivers the svchost disc activity started. I uninstalled the
drivers & the problem went away.

I ain't gotta clue why this is so & it'll be a few days before I can
spend some time on it. In the meantime, if anyone has any ideas I'ld
be glad to hear them!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

On Fri, 01 Jul 2005 20:16:12 +0100, John Latter
<jorolat.TakeThisOut@tiscali.co.uk> wrote:

>Hi,
>
>In Windows Task Manager an instance of svchost.exe (with a PID number
>of 972) is continuously accessing my hard drive at a frequency of just
>under once per second.
>
>With the help I got on a related post I've used tasklist.exe to
>establish that svchost.exe (PID 972) has the following components:
>
>AudioSrv, BITS, Browser, CryptSvc, Dhcp,
>ERSvc, EventSystem, helpsvc, lanmanserver,
>lanmanworkstation, Netman, Nla, RasMan,
>Schedule, seclogon, SENS, SharedAccess,
>ShellHWDetection, srservice, TapiSrv,
>Themes, TrkWks, W32Time, winmgmt, wscsvc,
>wuauserv, WZCSVC
>
>Bearing in mind I'm a novice what I would like to do (subject to
>advice!) is disable each service one by one in an attempt to narrow
>down the source of the problem?
>
>Would this be a realistic way to go about the problem? If so what
>would be the best way to do it & would I need to reboot each time I
>disable a service?
>
>Hope you can help =)

This would account for some of the 'anomalies' associated with the
problem:

"I/O doesn't necessarily refer to your hard drive. Input and output of
data are also part of the normal functioning of your modem, which
would be my guess at the cause of the numbers you are watching."

Hope to have time to look into it further at the weekend.

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech