i had the same problem. Googling several times i found some tools (rootkit scanners and so on) to investigate the situation. I found that i have a clean system without any rootkits BUT i had W8 on it
.
i found the amazing thing: processmonitor (
Process Monitor)
i have collected the log and used "tools->file summary" and found really strange things: the most events in the log were for file name "c:\", "d:\", "e:\" and no file name and nothing more.
I double clicked the problematic "file"
))) and found that all events were from wmiprvse.exe. i have checked it for location, size, file info, viruses - nothing. So the problem couser is Windows Management Instrumentation service.
when i tried to google wmiprvse.exe 100% hdd i found more than interesting thing - on WXP, W7 before SP1 it had almost the same problem but with CPU 100% issue. The solution was to restart the service.
Thinking a while i disabled WMI service in computer management (it is rather hard with 100% hdd activity
). it said that some services would not work correct: have seen in dependancies several services:
1) Intel rapid storage
2) security center
3) some helper ip sevice
4) ics (internet sharing)
After all dependent services stopped and WMI stopped HDD lowered to 8% and now it 8-10%.
I have cheched after several hours and found WMI service runnung (i did not desable it, just manual run) - it was running normally and my hdd is still 8-10%.
i think that we have complex problem:
- Intel rapid storage - could make some problem after several hibernates (i do not trust intel drivers
and aspecially software )
after install of notebook drivers i found lots of intel services which have no reason to run on my pc
- Intel(R) Capability Licensing Service Interface "C:\Program Files\Intel\iCLS Client\HeciServer.exe" - description "Version: 1.24.388.1" (just do not like such services without any dependancies and no information on site what is it)
- Intel(R) Content Protection HECI Service "C:\Windows\SysWow64\IntelCpHeciSvc.exe" - Intel(R) Content Protection HECI Service - enables communication with the Content Protection FW (Intel really knows the content to protect? from me? or me from content?)
- Intel(R) Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel (R) DAL "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" - again no info on intel
- Intel(R) Management and Security Application Local Management Service - Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces. - what all this is doing on my PC?
- Intel(R) Management and Security Application User Notification Service - Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device.
i tried to restart "Intel(R) Rapid Storage Technology" service and got 100% hdd activity. tried to stop it but it never stopped so i just killed the task and disabled the service and all now 8-10%.
i think that the main problem was in this driver which was driving me crazy
the funniest thing is that after running this service the System service rized hdd usage to 100% but the service itself no. so it masks like virus under system services
I have:
Intel(R) Rapid Storage Technology
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
ver: 12.5.0.1066
current version is
12.8.0.1016 - i'll try it after i finish my project (problem slowed me seriously) and write the review.
for now i have disabled service and all ok.
i hope i have helped someone because noone can tell the real reason of this.
Please, people, check this on other versions of IRST and other chipsets, not intel.