Lots of disk activity on return from hibernate??

[Stan Brown]

I have Win 7 Home Premium, and I usually hibernate rather than shut
down. Startup is usually pretty fast.

Today, however, when I started from hibernate the disk light was on
almost solidly for several minutes. Firefox started very, very
slowly and was unresponsive when I clicked on a link.

I opened Task Manager and nothing listed was taking more than 1% or
2% of CPU time. I don't know how to find out which programs are
hitting the disk hard; can someone tell me a way.

I did a scan with Webroot and it found and quarantined a few new
cookies from places like doubleclick; that reminded me I never
installed a good HOSTS file, so I did that. But Webroot didn't find
any viruses or sypware.

The computer is responding normally now. Should I be concerned, or
is this just one of those one-time Windows things?

 

[Seth]

I have Win 7 Home Premium, and I usually hibernate rather than shut
down. Startup is usually pretty fast.

Today, however, when I started from hibernate the disk light was on
almost solidly for several minutes. Firefox started very, very
slowly and was unresponsive when I clicked on a link.

Possibly an AV scan kicking off? One that was scheduled to run while machine
was in hibernation with the setting turned on to perform on startup if
machine was off during scheduled time?

I opened Task Manager and nothing listed was taking more than 1% or
2% of CPU time. I don't know how to find out which programs are
hitting the disk hard; can someone tell me a way.

Put "Resource Monitor" into START-->Search. That tool will let you see what
processes are hitting the disk and how hard.

 

[VanguardLH]

Stan Brown wrote ...


Possibly an AV scan kicking off? One that was scheduled to run while
machine was in hibernation with the setting turned on to perform on
startup if machine was off during scheduled time?

Or an AV program that wanted to do an updated, the host was
hibernating, so it updated when it woke up. Lots of AV programs impact
responsiveness of the host when they run their update program, download
the new sigs (and prog) updates, and then apply those updates. Some
are worse than others regarding impact to the host while updating (and
one reason why I switched away from McAfee, amongst other reasons). I
haven't found one AV program whose update doesn't impact the host to
some degree but some are gentler than others.

The OP should also check his scheduled tasks (Task Scheduler). Some
might be scheduled to run at a specific time but will continue retrying
until the host becomes available.

 

[Stan Brown]

I have Win 7 Home Premium, and I usually hibernate rather than shut
down. Startup is usually pretty fast.

Today, however, when I started from hibernate the disk light was on
almost solidly for several minutes. Firefox started very, very
slowly and was unresponsive when I clicked on a link.

I opened Task Manager and nothing listed was taking more than 1% or
2% of CPU time. I don't know how to find out which programs are
hitting the disk hard; can someone tell me a way.

I did a scan with Webroot and it found and quarantined a few new
cookies from places like doubleclick; that reminded me I never
installed a good HOSTS file, so I did that. But Webroot didn't find
any viruses or sypware.

The computer is responding normally now. Should I be concerned, or
is this just one of those one-time Windows things?

Thanks to Seth and Vanguard for responding. Task Scheduler has zero
tasks scheduled. It could have been the AV (Webroot) kicking off an
update, but it has done updates before and as far as I can recall
they didn't last as long or slow the computer down as much.

Thanks for the suggestion for Resource Monitor. Unfortunately, I get
"no items match your search". However, from /Windows 7 Inside Out/ I
see that it can be opened from the button on the Performance tab of
Task Manager. That looks like exactly what I need!

 

[Gene E. Bloch]

Thanks to Seth and Vanguard for responding. Task Scheduler has zero
tasks scheduled. It could have been the AV (Webroot) kicking off an
update, but it has done updates before and as far as I can recall
they didn't last as long or slow the computer down as much.

Thanks for the suggestion for Resource Monitor. Unfortunately, I get
"no items match your search". However, from /Windows 7 Inside Out/ I
see that it can be opened from the button on the Performance tab of
Task Manager. That looks like exactly what I need!

How refreshing that someone actually reads a book and gets useful info
from it!

Thanks, Stan - I was beginning to give up hope for the human race from
some of the threads in this NG...

And no, I'm not being sarcastic. You really improved my outlook at the
moment.

 

[xfile]

Thanks, Stan - I was beginning to give up hope for the human race from

some of the threads in this NG...

You must be kidding, I hope.

I found through my observation that people are generally good in this (and
some other) newsgroups.

Yes, there are annoyances, stubbornness, arguments, debates, casual insults,
and so on, but isn't that also normal in real life? Other than that, I
haven't seen anyone who has done something seriously bad consider anonymity
on the net. But admittedly, my observation is very limited.

 

[Stan Brown]

How refreshing that someone actually reads a book and gets useful info
from it!

Thanks, Stan - I was beginning to give up hope for the human race from
some of the threads in this NG...

And no, I'm not being sarcastic. You really improved my outlook at the
moment.

I have my newsreader set to delete unread any thread started by
"Valorie". That has greatly improved my experience of this
newsgroup.

But you'll be even more impressed, because in a separate article I'm
posting more follow-up to the problem.

 

[Stan Brown]

[massive disk and CPU activity upon retuning from hibernation]
[It wasn't a scheduled task, nor my antivirus scan kicking in]

Thanks for the suggestion for Resource Monitor. Unfortunately, I get
"no items match your search". However, from /Windows 7 Inside Out/ I
see that it can be opened from the button on the Performance tab of
Task Manager. That looks like exactly what I need!

I think I now have the answer, and as it could help others I'm
posting it at length here. If you like, you can skip the
explanations and go right to the two numbered steps at the bottom.

This morning when I had the same issue, I used Resource Monitor and
found that something called TrustedInstaller.exe was doing most f the
disk access. That naturally made me suspicious, since
"TrustedInstaller" would be an excellent name for a virus.(*) I
located it in the %WINDIR%\Servicing folder, which I had never heard
of but which does appear to be legitimate.

(*) Or, as Dave Barry would point out, for a rock band.

So I went a-Googling, and I believe the answer is that this was
Windows itself, searching for the "solutions to unreported problems"
item that has been lingering in my Action Center. I actually let
Windows do what it wanted with that report -- as I expected, it took
several minutes to find nothing -- and then changed the Action Center
settings in a manner that I'll discuss below.

Here's where I found my information:

http://www.technologyquestions.com/technology/windows-vista/63396-
trustedinstaller-exe.html

It's written about Vista, but Windows 7 seems to work very similarly.

Here is some of the key text:

So, I would be trying to watch a movie in windows media player when
all of a sudden the movie stutters and skips and TrustedInstaller is
using like 90% CPU, can't end task, lowering task priority does
nothing. ... After looking around on some forums I learned that
TrustedInstaller has something to do with the new Integrated Windows
Update feature in Vista. ... TrustedInstaller.exe (in my particular
case) is only hogging ridiculous amoutns of resources when I use
programs that depend on a certain codec (ffdshow) that I had been
having problems with earlier and which Vista logged in its "Problem
Reports and Solutions" service.

I then realized, Windows is continuously checking for "updates" or
"new solutions" to the ffdshow problem I used to have because I had
not yet removed the entry for the codec problem in the Problem Reports
and Solutions control panel. So, removing all of these entries should
result in Problem Reports and Solutions stopping its requests on the
Windows Update service, which will then stop its requests to
TrustedInstaller to take up massive amounts of system resources.

It's actually quite an informative thread. A little lower down,
another writer explains in detail what TrustedInstaller is and why
its priority can't be reduced. Further discussion leads to the
suggestion not only to clear the existing reports but also to the
further suggestion:

In addition to clearing my history (as suggested in a previous
post), I've gone into Start > Control Panel > Classic View >
Problem Reports and Solutions > Change Settings and changed my
machine to "Ask me..."

After I did that, TrustedInstalled.exe dropped out of Task Manager.

The corresponding Windows 7 solution is to clear the items in Action
Center (first dealing with the ones that need to be dealt with, of
course), then change the setting from "Check Automatically" to "Ask
me". Details of the latter:

1. Click the start button and type "change reporting" (no quotes). In
the results, under Control Panel click "Choose how to report
problems". (You can also get to this from Action Center by clicking
Change Action Center settings » Problem reporting settings.)

2. On the next dialog, select "Each time a problem occurs, ask me
before checking for solutions". Click OK.

After writing the above, I hibernated and then came out of
hibernation. There was still a lot of disk activity, but
TrustedInstaller was no longer doing any of it, and in fact wasn't
listed in Resource Monitor at all. The activity now was almost all
from "System", and I suspect is normal recovery from hibernation. At
least my system does seem much more responsive despite all the
remaining disk activity (which did quiet down after a while).

 

[Boscoe]

After writing the above, I hibernated and then came out of
hibernation. There was still a lot of disk activity, but
TrustedInstaller was no longer doing any of it, and in fact wasn't
listed in Resource Monitor at all. The activity now was almost all
from "System", and I suspect is normal recovery from hibernation. At
least my system does seem much more responsive despite all the
remaining disk activity (which did quiet down after a while).

I had something like this and it was down to a power management issue.
When the PC goes into standby, power to the USB ports is removed but it
isn't automatically restored when Windows resumes. Hence, the disk
activity and the mouse freezing.

 

[VanguardLH]

I have my newsreader set to delete unread any thread started by
"Valorie". That has greatly improved my experience of this
newsgroup.

Not sure why the sudden injection of Valorie came into this discussion.
Maybe it was in response to Bloch's "some of the threads in this NG".

Since you are using Gravity, which I presume allows for regex in your
filters, you might not want to filter on just the name but instead (or
also) on her account at x-privat.org (they add a header to identify
their posters not personally but by their account there). In her posts
are the headers:

From: "Valorie *~" <[email protected]>
NNTP-Posting-Host: $$5lonjgdxpj7l67.news.x-privat.org
Message-ID: <[email protected]>
X-Authenticated-User: $$wp88bm26717gko2dj4n2gd6
Path: news.albasani.net!x-privat.org!not-for-mail

Their NNTP-Posting-Host header contains an illegal value since it points
to a host owned by x-privat.org, not the host for the submission (i.e.,
x-privat phucked the use of this header so they are lying about the
injection source). However, they do add the X-Authenticated-User header
which lets you focus on a particular poster from there.

If you filter on something like "^From: Valorie" then you nail anyone
using that moniker over whatever span of groups to which that filter
applies, not just the poster you meant to target. So filter using the
regex "^X-Authenticated-User: \$\$wp88bm26717gko2dj4n2gd6$" (if doable
in Gravity). She might nymshift but post using the same account. If
she opens another account, filter on that one, too.

I've tried to get my past and current NSPs to reinstate the
NNTP-Posting-Host header with a *correct* value as defined by RFC 2980
("The contents of the header is either the IP address or the fully
qualified domain name of the /*CLIENT*/ host posting the article.");
however, other trace headers, like X-Authenticated-User header, can be
just as usable to identify a particular poster from an NSP.

 

[Paul]

[massive disk and CPU activity upon retuning from hibernation]
[It wasn't a scheduled task, nor my antivirus scan kicking in]

Thanks for the suggestion for Resource Monitor. Unfortunately, I get
"no items match your search". However, from /Windows 7 Inside Out/ I
see that it can be opened from the button on the Performance tab of
Task Manager. That looks like exactly what I need!

I think I now have the answer, and as it could help others I'm
posting it at length here. If you like, you can skip the
explanations and go right to the two numbered steps at the bottom.

This morning when I had the same issue, I used Resource Monitor and
found that something called TrustedInstaller.exe was doing most f the
disk access. That naturally made me suspicious, since
"TrustedInstaller" would be an excellent name for a virus.(*) I
located it in the %WINDIR%\Servicing folder, which I had never heard
of but which does appear to be legitimate.

(*) Or, as Dave Barry would point out, for a rock band.

So I went a-Googling, and I believe the answer is that this was
Windows itself, searching for the "solutions to unreported problems"
item that has been lingering in my Action Center. I actually let
Windows do what it wanted with that report -- as I expected, it took
several minutes to find nothing -- and then changed the Action Center
settings in a manner that I'll discuss below.

Here's where I found my information:

http://www.technologyquestions.com/technology/windows-vista/63396-
trustedinstaller-exe.html

It's written about Vista, but Windows 7 seems to work very similarly.

Here is some of the key text:

So, I would be trying to watch a movie in windows media player when
all of a sudden the movie stutters and skips and TrustedInstaller is
using like 90% CPU, can't end task, lowering task priority does
nothing. ... After looking around on some forums I learned that
TrustedInstaller has something to do with the new Integrated Windows
Update feature in Vista. ... TrustedInstaller.exe (in my particular
case) is only hogging ridiculous amoutns of resources when I use
programs that depend on a certain codec (ffdshow) that I had been
having problems with earlier and which Vista logged in its "Problem
Reports and Solutions" service.

I then realized, Windows is continuously checking for "updates" or
"new solutions" to the ffdshow problem I used to have because I had
not yet removed the entry for the codec problem in the Problem Reports
and Solutions control panel. So, removing all of these entries should
result in Problem Reports and Solutions stopping its requests on the
Windows Update service, which will then stop its requests to
TrustedInstaller to take up massive amounts of system resources.

It's actually quite an informative thread. A little lower down,
another writer explains in detail what TrustedInstaller is and why
its priority can't be reduced. Further discussion leads to the
suggestion not only to clear the existing reports but also to the
further suggestion:

In addition to clearing my history (as suggested in a previous
post), I've gone into Start > Control Panel > Classic View >
Problem Reports and Solutions > Change Settings and changed my
machine to "Ask me..."

After I did that, TrustedInstalled.exe dropped out of Task Manager.

The corresponding Windows 7 solution is to clear the items in Action
Center (first dealing with the ones that need to be dealt with, of
course), then change the setting from "Check Automatically" to "Ask
me". Details of the latter:

1. Click the start button and type "change reporting" (no quotes). In
the results, under Control Panel click "Choose how to report
problems". (You can also get to this from Action Center by clicking
Change Action Center settings » Problem reporting settings.)

2. On the next dialog, select "Each time a problem occurs, ask me
before checking for solutions". Click OK.

After writing the above, I hibernated and then came out of
hibernation. There was still a lot of disk activity, but
TrustedInstaller was no longer doing any of it, and in fact wasn't
listed in Resource Monitor at all. The activity now was almost all
from "System", and I suspect is normal recovery from hibernation. At
least my system does seem much more responsive despite all the
remaining disk activity (which did quiet down after a while).

Apparently, trustedinstaller also runs at shutdown. It's a busy
little task, and "won't be tamed". I suspect it's also part of the
Windows Update fiascoes, where gobs of CPU cycles were wasted checking
for appropriate Windows Updates. And the article here, doesn't
do justice to it.

http://blogs.technet.com/b/askperf/archive/2008/04/23/understanding-component-based-servicing.aspx

Windows Update, Programs and Features, and MSI <--- "Clients"
TrustedInstaller
Kernel Transaction Manager

So any client needing service, would call TrustedInstaller.
And multiple things in Windows, could be doing that. The
reason for starting it at shutdown, is to check whether
any updates need to be installed (ones queued for installation).

TrustedInstaller also gets to own files, as described here. Such
ownership is presumably part of the security features.

http://helpdeskgeek.com/windows-7/windows-7-how-to-delete-files-protected-by-trustedinstaller/

The reason I'm interested in this design, is I have a single-core
processor in my new laptop, and a runaway task like that, could
virtually brick the laptop. I wouldn't mind such a design as
much, if the laptop had a dual core. Then Microsoft could "go nuts"
if they wanted, using one of two cores. But with a single core,
I can imagine fixing a problems related to TrustedInstaller,
could take an eternity.

Paul

 

[Stan Brown]

Not sure why the sudden injection of Valorie came into this discussion.
Maybe it was in response to Bloch's "some of the threads in this NG".

Yes, it was. You can tell because I quoted Gene's comment (with
attribution) and then added my comment.

I did fail to trim the quote to just the part I was responding to,
and for that I apologize.

 

[Stan Brown]

Since you are using Gravity, which I presume allows for regex in your
filters, you might not want to filter on just the name but instead (or
also) on her account at x-privat.org (they add a header to identify
their posters not personally but by their account there). In her posts
are the headers:

From: "Valorie *~" <[email protected]>
NNTP-Posting-Host: $$5lonjgdxpj7l67.news.x-privat.org
Message-ID: <[email protected]>
X-Authenticated-User: $$wp88bm26717gko2dj4n2gd6
Path: news.albasani.net!x-privat.org!not-for-mail

Their NNTP-Posting-Host header contains an illegal value since it points
to a host owned by x-privat.org,

[snip]

Gravity is not able to filter on all headers, just on From:,
Subject:, and Message-ID. I use the later to exclude googlegroups
and eggheadcafe.

Since "Valorie" is not a common spelling, I think I'm unlikely to
miss much.

 

[VanguardLH]

Since you are using Gravity, which I presume allows for regex in your
filters, you might not want to filter on just the name but instead (or
also) on her account at x-privat.org (they add a header to identify
their posters not personally but by their account there). In her posts
are the headers:

From: "Valorie *~" <[email protected]>
NNTP-Posting-Host: $$5lonjgdxpj7l67.news.x-privat.org
Message-ID: <[email protected]>
X-Authenticated-User: $$wp88bm26717gko2dj4n2gd6
Path: news.albasani.net!x-privat.org!not-for-mail

Their NNTP-Posting-Host header contains an illegal value since it points
to a host owned by x-privat.org,

[snip]

Gravity is not able to filter on all headers, just on From:,
Subject:, and Message-ID. I use the later to exclude googlegroups
and eggheadcafe.

Since "Valorie" is not a common spelling, I think I'm unlikely to
miss much.

Most newsreaders only filter on the overview headers (those listed when
you telnet into an NNTP server and enter "list overview.fmt"). Some
support XPAT to allow searching in other headers but this requires the
server to support it (and so few do that I haven't happen to use one
that did). So, in my newsreader, I have it configured to download not
just the headers but the bodies, too. I don't inhabit binary
newsgroups, just text groups, so the download of complete articles is
reasonably fast. This lets me test on ALL headers in a post.

 

[Stan Brown]

Their NNTP-Posting-Host header contains an illegal value since it points
to a host owned by x-privat.org,

[snip]

Gravity is not able to filter on all headers, just on From:,
Subject:, and Message-ID. I use the later to exclude googlegroups
and eggheadcafe.

Since "Valorie" is not a common spelling, I think I'm unlikely to
miss much.

Most newsreaders only filter on the overview headers (those listed when
you telnet into an NNTP server and enter "list overview.fmt"). Some
support XPAT to allow searching in other headers but this requires the
server to support it (and so few do that I haven't happen to use one
that did). So, in my newsreader, I have it configured to download not
just the headers but the bodies, too. I don't inhabit binary
newsgroups, just text groups, so the download of complete articles is
reasonably fast. This lets me test on ALL headers in a post.

I have tried that in the past, and for me it is unreasonably slow.

We're kind of off topic here. If you want to pursue this further
let's use email.