Computer very laggy every few seconds

Discussion in 'Windows 7 Help and Support' started by mikizez, Jun 19, 2016.

  1. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    Hi,
    I'm trying to fix my mom's laptop and every time I think I am done, something new comes up. This time I have noticed that when I use it, the hdd lamp lights up and it freezes for a few seconds. Which is frustrating given that it is HP ProBook6560b and that it should work smoothly. There is no demanding software on it, just mozilla, skype... I have tried looking in the resource monitor and noticed that in the drive section it often says 100% highest active time. I added a snapshot of that. And it seemed to correspond with when it lagged. I also found a bunch of MsMpEng.exe was the most consuming file there, so I did what was listed on a forum as a likely solution and added that file to exceptions list in Microsoft Security Essentials. It is no longer listed a bunch of times in resource monitor, just once, but the problem persists. I also disabled prefetch in the registry, which seems to have made it a bit better, but the problem persists. I am including a NFO file from sysinfo an hope tat you guys can help me out.
    Best of luck!
     

    Attached Files:

  2. Josephur

    Josephur Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Aug 3, 2010
    Messages:
    1,018
    Likes Received:
    125
    MsMpEng.exe IS Security Essentials.

    Have you tried looking using Process Explorer? It does appear you have some major Disk I/O happening from time to time.
     
    mikizez likes this.
  3. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    I haven't thank you for the advice. I will try it next time I'm around that laptop, in a week, or two. I didn't know about that, hopefully it will get me somewhere.
    Cheers!
     
  4. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    Well, I used Process explorer, but I couldn't find anything out of the ordinary. Yet the resource monitor still shows those weird I/O spikes, and the laptop still lags every few seconds. I saved the log in Process explorer and also took a printscreen of that and the resource monitor. Could you take a look, please?
     

    Attached Files:

  5. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    2,396
    Likes Received:
    360
    You may want to run Performance Monitor and use the "System Performance" Data collection set. This should give you a better break down of what process is slamming the disk.
     
    mikizez likes this.
  6. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    I did that just now, but I guess I'm not savvy enough, I can't seem to make heads or tails of it. In the list of most consuming processes I noticed nothing out of the ordinary, and yet when I checked the counters for physical memory they all showed those same spikes from before. Would you mind taking a look? I hope I uploaded the perflog correctly.
     

    Attached Files:

  7. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    Physical disk, ofc.
     
  8. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    2,396
    Likes Received:
    360
    The heavy IO is from the System process and Rundll32.exe rundll32 is a common avenue for malware execution. If you grab procexp Process Explorer and look at the Rundll32.exe process you should be able to see what DLL file it is running and this may give some clues what is going on.
     
    mikizez likes this.
  9. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    Thank you very much for the input! I will try that the next time I'm at that computer, which will be in a few days, unfortunately. So, if I understand you correctly, procexp will show which .dll rundll32.exe is running, check them all out and if some of them don't check put it could be malware?
     
  10. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    2,396
    Likes Received:
    360
    In procexp, if you just hover over a process it will list the "Command line" or the command executed. Hovering over a rundl32.exe process should include the file that is being executed by the process.
     
  11. BIGBEARJEDI

    BIGBEARJEDI Honorable Member
    Premium Supporter

    Joined:
    Jan 28, 2013
    Messages:
    1,778
    Likes Received:
    214
    The laptop in question is running Win7 and is therefore 5-6 years old. The 2 most common sources of problems with computer of that age are virus/malware infection as mentioned by neemo, and hard drive failure. Hard Drive failure is the cause of many of these types of problems about 90% of the time in computers this old. Hard drives are only designed to work 3 years in desktop PCs and only 2 years in laptops. If your Mom hasn't replaced the hard drive in that laptop; you can bet it's begun to fail or has failed completely; in either case a common source of very unusually high disk activity is when bad blocks occur due to physical damage on the drive platter surface. After too many of these, software remapping cannot fix, and you get constant read/write or read errors along with crc (checksum) errors. These are sure indicators of a drive failure.

    I would suggest that the first thing you do is download the free SEATOOLS drive diagnostic from Seagate.com and test that hard drive first. Make sure to run both short and long tests with SEATOOLS. If SEATOOLS returns errors on either or both tests, your drive has failed and must be replaced! :waah:

    Also, the reason you should test your drive now, and not wait further is that you could spend days or weeks trying to track down offending .exe, .bin, or .dll files lurking in your Mom's windows, or even trying to run various av scanners to repair and disinfect any found viruses or malware there. However, if you Mom's hard drive has failed, that's pointless because you'll never resolve the problem until you replace that drive!:noway:

    It might be a good idea to use an Image Backup program such as Macrium Reflect and make a backup file or snapshot as the system is now. Here's a link to an easy to follow video on how to use it:

    Even though it's working slow, and has high disk activity you can at least backup all here stuff, and if you do find a failed hard drive and get a new one, you can easily put back all her programs, favorites, library folders, and desktop settings in a day versus a complete rebuild from scratch or factory recovery discs which could take 1-3 weeks to do.:noise: We recommend using an external usb hard drive to store the backup file on. 500GB usb externals can be had for $55-$60 US on ebay.

    If you wind up going this route, and the high disk activity is not solved, that means more than likely your Mom had a malware virus infection; and since it's still going to be in the restored disk Image on a brand new hard drive, you'll still have to find it, track it down and remove the offending virus/malware. In this instance I'd recommend you visit our free Virus/Malware sub-forum and let our experts assist you with a customized removal procedure. :)

    Best of luck,:encouragement:
    <<<BIGBEARJEDI>>>
     
    mikizez likes this.
  12. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    Well, I tried looking at rundl32.exe and couldn't see anything weird. All paths pointed to system32 folder which is a good thing, from what I understand.
    I also did a fast generic scan with Seatools which didn't find any errors. I am currently doing a long generic scan and if that doesn't yield any errors I guess i should direct my questions to the virus/malware sub BIGBEARJEDI suggested.
    Thank you, all three of you have been very kind and helpful. Hopefully I will find a solution soon. If you get any more ideas, I would be much obliged if you shared them.
    Cheers!
    UPDATE: Finished the long generic scan, passed.
     

    Attached Files:

    #12 mikizez, Jul 3, 2016
    Last edited: Jul 3, 2016
  13. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    Could you give me the link to it, please?
     
  14. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    2,396
    Likes Received:
    360
    It's not necessarily since malware will commonly drop files in there. However in this case this is a normal process. Based on the GUID the long number this is the autorun handler (when you pop a disc in and it auto runs) You can disable Auto run with the FixIt here. https://support.microsoft.com/en-us/kb/967715 it should still work on newer versions of Windows.
     
  15. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    Hm, I am having trouble with that too. The automatic fixit is no longer available and I can't do it manually, because I can't find the given entry in the registry. It ends a few steps before it should, for me. It should be HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun
    and yet after policies I have nothing in regedit. I tried looking it up for local machine, but there are no entries for autorun.
     
  16. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    2,396
    Likes Received:
    360
    You can add the missing keys or the same should exist in HKLM
     
  17. BIGBEARJEDI

    BIGBEARJEDI Honorable Member
    Premium Supporter

    Joined:
    Jan 28, 2013
    Messages:
    1,778
    Likes Received:
    214
    >>>Hi Mike, sure thing. Here's that link for you:
    https://windowsforum.com/forums/windows-security.64/
    You can post a new message in there describing your situation and quote my recommendation that you get help from our experts to scan and disinfect your Mom's computer. Make sure to mention that you have completed the RAM memory test (MEMTEST) and whichever Hard Drive test you ran for your particular hard drive (i.e.: SEATOOLS). Also, if you did find a faulty RAM stick(s) or Hard Drive, please include the statement that you have replaced it with another drive, and what Make/Model drive you used. <<<

    Best of luck, :encouragement:
    BBJ
     
  18. mikizez

    mikizez New Member

    Joined:
    Jun 19, 2016
    Messages:
    10
    Likes Received:
    0
    Thank you very much, BBJ,
    I'll get on it in a few weeks, because I won't be near that laptop sooner. Thank you again for the advice! I'll be sure to quote your recommendation.
    Cheers!
     
  19. BIGBEARJEDI

    BIGBEARJEDI Honorable Member
    Premium Supporter

    Joined:
    Jan 28, 2013
    Messages:
    1,778
    Likes Received:
    214
    You're welcome!;) No hurry, whenever you can get to it. Be patient when you sit down with the Security forum guys to try and disinfect that computer. They may have you try multiple scans, procedures, etc. so it's not a 10-minute deal.:) This can take from a couple of days to a couple of weeks to thoroughly go through that system with multiple windows tools and Linux tools. I suggest you clear you schedule for that period of time if possible.;) When I have one of these virus infected computers, my wife doesn't see me for days once I start on it and we only see each other at mealtime for the duration!:ahaha:

    Best,
    BBJ
     

Share This Page

Loading...