View Full Version : LnS always accessing the hard disk
friedclams
February 12th, 2003, 06:15 PM
I've been trying to track down reasons why my laptop's battery runs down so fast and have discovered that my LnS v2.03 is regularly accessing the hard disk... whether I'm online or not online (I use dialup)...
is this normal ??
can it be stopped/limited ??
will I get the same problem if/when I upgrade to 2.04??
thanks,
Andreas1
February 13th, 2003, 01:23 PM
Hi,
i'm on LnS 2.04 and it doesn't happen here (also a notebook/Win98SE).
Either it's the new release or some configuration issue. What do you have set in your options?
You could try and use Sysinternals' FileMon (http://www.sysinternals.com/ntw2k/source/filemon.shtml) to find out what happens (what process accesses what file)...
HTH,
Andreas
friedclams
February 13th, 2003, 05:01 PM
I'm using sysinternal's Regmon which is constantly showing LnS .... I should have been more specific, the file access shown by Regmon is from LnS going to the registry all the time, like its in some sort of loop...
even when I'm not dial'ed in to my ISP...
Frederic
February 15th, 2003, 07:48 AM
Hi friedclams,
Normally Look 'n' Stop should not access the hard disk like you mentioned.
Perhaps there is another process that is continously trying to connect to internet, and in this case Look 'n' Stop will detect it and will verify the signature exe. Doing that Look 'n' Stop will effectively accessing the hard drive all the time.
If it is the registry, it is stranger.
Do you have the registry keys involved ?
What is your OS ?
Thanks,
Frederic.
friedclams
February 15th, 2003, 03:28 PM
Frederic:
Thanks 4 your reply... the following represents the sysinternals regmon output when I'm NOT connected to my ISP via dialup... that is, my win98se system is in IDLE not connected, no browser running.... the outputs shown LOOPS over and over and over.....
hope you get some clues from this..... thks, Rich
106***Looknsto***OpenKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes***SUCCESS***hKey: 0xC29B37F0***
107***Looknsto***EnumKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes***SUCCESS***pcANYWHERE Host Service Class***
108***Looknsto***OpenKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes***SUCCESS***hKey: 0xC29B37F0***
109***Looknsto***OpenKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes\pcANYWHERE Host Service Class***SUCCESS***hKey: 0xC29B2A30***
110***Looknsto***CloseKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes***SUCCESS******
111***Looknsto***QueryValueEx***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes\pcANYWHERE Host Service Class\GUID***SUCCESS***"{000915ff-0000-0000-c000-000000000046}"***
112***Looknsto***CloseKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes\pcANYWHERE Host Service Class***SUCCESS******
113***Looknsto***EnumKey***0xC29B37F0***NOMORE******
114***Looknsto***CloseKey***0xC29B37F0***SUCCESS******
115***Looknsto***OpenKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes***SUCCESS***hKey: 0xC29B37F0***
116***Looknsto***EnumKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes***SUCCESS***pcANYWHERE Host Service Class***
117***Looknsto***OpenKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes***SUCCESS***hKey: 0xC29B37F0***
118***Looknsto***OpenKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes\pcANYWHERE Host Service Class***SUCCESS***hKey: 0xC29B2A30***
119***Looknsto***CloseKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes***SUCCESS******
120***Looknsto***QueryValueEx***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes\pcANYWHERE Host Service Class\GUID***SUCCESS***"{000915ff-0000-0000-c000-000000000046}"***
121***Looknsto***CloseKey***HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes\pcANYWHERE Host Service Class***SUCCESS******
122***Looknsto***EnumKey***0xC29B37F0***NOMORE******
123***Looknsto***CloseKey***0xC29B37F0***SUCCESS******
124***Looknsto***OpenKey***HKLM\System\CurrentControlSet\Services\VxD\MSTCP***SUCCESS***hKey: 0xC29B37F0***
125***Looknsto***QueryValueEx***HKLM\System\CurrentControlSet\Services\VxD\MSTCP\HostName***NOTFOUND******
126***Looknsto***CloseKey***HKLM\System\CurrentControlSet\Services\VxD\MSTCP***SUCCESS******
127***Looknsto***OpenKey***HKLM\System\CurrentControlSet\Control\ComputerName\ComputerName***SUCCESS***hKey: 0xC29B37F0***
128***Looknsto***QueryValueEx***HKLM\System\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName***SUCCESS***"TP600"***
129***Looknsto***CloseKey***HKLM\System\CurrentControlSet\Control\ComputerName\ComputerName***SUCCESS******
130***Looknsto***OpenKey***HKLM\System\CurrentControlSet\Services\VxD\MSTCP***SUCCESS***hKey: 0xC29B37F0***
131***Looknsto***QueryValueEx***HKLM\System\CurrentControlSet\Services\VxD\MSTCP\Domain***NOTFOUND******
132***Looknsto***CloseKey***HKLM\System\CurrentControlSet\Services\VxD\MSTCP***SUCCESS******
133***Looknsto***OpenKey***HKLM\System\CurrentControlSet\Control\CommAlias***NOTFOUND******
134***Looknsto***QueryValueEx***0xC29DC540\PORTNAME***SUCCESS***"LPT1"***
135***Looknsto***QueryValueEx***0xC29DC540\FRIENDLYNAME***SUCCESS***"Printer Port (LPT1)"***
136***Looknsto***QueryValueEx***0xC29DB580\PORTNAME***SUCCESS***"COM1"***
137***Looknsto***QueryValueEx***0xC29DB580\FRIENDLYNAME***SUCCESS***"ThinkPad Data Fax Modem"***
138***Looknsto***QueryValueEx***0xC29DB410\PORTNAME***NOTFOUND******
139***Looknsto***QueryValueEx***0xC29DB410\FRIENDLYNAME***SUCCESS***"Parallel cable on LPT1"***
140***Looknsto***QueryValueEx***0xC29DAE30\PORTNAME***NOTFOUND******
141***Looknsto***QueryValueEx***0xC29DAE30\FRIENDLYNAME***SUCCESS***"Parallel cable on LPT4"***
142***Looknsto***QueryValueEx***0xC29DADE0\PORTNAME***SUCCESS***"COM5"***
143***Looknsto***QueryValueEx***0xC29DADE0\FRIENDLYNAME***SUCCESS***"Virtual Infrared COM Port"***
144***Looknsto***QueryValueEx***0xC29DAB90\PORTNAME***SUCCESS***"LPT4"***
145***Looknsto***QueryValueEx***0xC29DAB90\FRIENDLYNAME***SUCCESS***"Virtual Infrared LPT Port"***
146***Looknsto***QueryValueEx***0xC29DAA30\PORTNAME***SUCCESS***"COM2"***
147***Looknsto***QueryValueEx***0xC29DAA30\FRIENDLYNAME***SUCCESS***"Megahertz Telephony XJ-CC5560 Modem"***
148***Looknsto***QueryValueEx***0xC29DD030\VDHCP***NOTFOUND******
MickeyTheMan
February 16th, 2003, 01:31 AM
Your PCanywhere is obviously checking for connection status.
Check your settings for it.
Frederic
February 16th, 2003, 06:19 AM
Look 'n' Stop calls the "gethostbyname" function periodically (to detect an IP change).
This function seems to read the registry keys you mentioned.
I will see how it is possible to change this design in a future release.
Frederic.
friedclams
February 17th, 2003, 01:08 AM
Frederic:
Just 2B clear, pcAnywhere wasn't running when I took the offline regmon snapshot....
on my system pcAnywhere doesn't normally run unless I manually start it (rarely)...
so I'll assume your statement means that LooknStop is causing the read registry keys NOT pcAnywhere:
"Look 'n' Stop calls the "gethostbyname" function periodically (to detect an IP change).
This function seems to read the registry keys you mentioned."
Thanks again 4your help...
vBulletin® Copyright ©2000-2009, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2009, Wilders Security Forums