Computer very laggy every few seconds

#1
Hi,
I'm trying to fix my mom's laptop and every time I think I am done, something new comes up. This time I have noticed that when I use it, the hdd lamp lights up and it freezes for a few seconds. Which is frustrating given that it is HP ProBook6560b and that it should work smoothly. There is no demanding software on it, just mozilla, skype... I have tried looking in the resource monitor and noticed that in the drive section it often says 100% highest active time. I added a snapshot of that. And it seemed to correspond with when it lagged. I also found a bunch of MsMpEng.exe was the most consuming file there, so I did what was listed on a forum as a likely solution and added that file to exceptions list in Microsoft Security Essentials. It is no longer listed a bunch of times in resource monitor, just once, but the problem persists. I also disabled prefetch in the registry, which seems to have made it a bit better, but the problem persists. I am including a NFO file from sysinfo an hope tat you guys can help me out.
Best of luck!
 


Attachments

Josephur

Windows Forum Admin
Staff member
Premium Supporter
#2
MsMpEng.exe IS Security Essentials.

Have you tried looking using Process Explorer? It does appear you have some major Disk I/O happening from time to time.
 


#3
I haven't thank you for the advice. I will try it next time I'm around that laptop, in a week, or two. I didn't know about that, hopefully it will get me somewhere.
Cheers!
 


#4
Well, I used Process explorer, but I couldn't find anything out of the ordinary. Yet the resource monitor still shows those weird I/O spikes, and the laptop still lags every few seconds. I saved the log in Process explorer and also took a printscreen of that and the resource monitor. Could you take a look, please?
 


Attachments

Neemobeer

Windows Forum Team
Staff member
#5
You may want to run Performance Monitor and use the "System Performance" Data collection set. This should give you a better break down of what process is slamming the disk.
 


#6
I did that just now, but I guess I'm not savvy enough, I can't seem to make heads or tails of it. In the list of most consuming processes I noticed nothing out of the ordinary, and yet when I checked the counters for physical memory they all showed those same spikes from before. Would you mind taking a look? I hope I uploaded the perflog correctly.
 


Attachments

Neemobeer

Windows Forum Team
Staff member
#8
The heavy IO is from the System process and Rundll32.exe rundll32 is a common avenue for malware execution. If you grab procexp Process Explorer and look at the Rundll32.exe process you should be able to see what DLL file it is running and this may give some clues what is going on.
 


#9
Thank you very much for the input! I will try that the next time I'm at that computer, which will be in a few days, unfortunately. So, if I understand you correctly, procexp will show which .dll rundll32.exe is running, check them all out and if some of them don't check put it could be malware?
 


Neemobeer

Windows Forum Team
Staff member
#10
In procexp, if you just hover over a process it will list the "Command line" or the command executed. Hovering over a rundl32.exe process should include the file that is being executed by the process.
 


BIGBEARJEDI

Fantastic Member
Premium Supporter
#11
The laptop in question is running Win7 and is therefore 5-6 years old. The 2 most common sources of problems with computer of that age are virus/malware infection as mentioned by neemo, and hard drive failure. Hard Drive failure is the cause of many of these types of problems about 90% of the time in computers this old. Hard drives are only designed to work 3 years in desktop PCs and only 2 years in laptops. If your Mom hasn't replaced the hard drive in that laptop; you can bet it's begun to fail or has failed completely; in either case a common source of very unusually high disk activity is when bad blocks occur due to physical damage on the drive platter surface. After too many of these, software remapping cannot fix, and you get constant read/write or read errors along with crc (checksum) errors. These are sure indicators of a drive failure.

I would suggest that the first thing you do is download the free SEATOOLS drive diagnostic from Seagate.com and test that hard drive first. Make sure to run both short and long tests with SEATOOLS. If SEATOOLS returns errors on either or both tests, your drive has failed and must be replaced! :waah:

Also, the reason you should test your drive now, and not wait further is that you could spend days or weeks trying to track down offending .exe, .bin, or .dll files lurking in your Mom's windows, or even trying to run various av scanners to repair and disinfect any found viruses or malware there. However, if you Mom's hard drive has failed, that's pointless because you'll never resolve the problem until you replace that drive!:noway:

It might be a good idea to use an Image Backup program such as Macrium Reflect and make a backup file or snapshot as the system is now. Here's a link to an easy to follow video on how to use it:
Even though it's working slow, and has high disk activity you can at least backup all here stuff, and if you do find a failed hard drive and get a new one, you can easily put back all her programs, favorites, library folders, and desktop settings in a day versus a complete rebuild from scratch or factory recovery discs which could take 1-3 weeks to do.:noise: We recommend using an external usb hard drive to store the backup file on. 500GB usb externals can be had for $55-$60 US on ebay.

If you wind up going this route, and the high disk activity is not solved, that means more than likely your Mom had a malware virus infection; and since it's still going to be in the restored disk Image on a brand new hard drive, you'll still have to find it, track it down and remove the offending virus/malware. In this instance I'd recommend you visit our free Virus/Malware sub-forum and let our experts assist you with a customized removal procedure. :)

Best of luck,:encouragement:
<<<BIGBEARJEDI>>>
 


#12
Well, I tried looking at rundl32.exe and couldn't see anything weird. All paths pointed to system32 folder which is a good thing, from what I understand.
I also did a fast generic scan with Seatools which didn't find any errors. I am currently doing a long generic scan and if that doesn't yield any errors I guess i should direct my questions to the virus/malware sub BIGBEARJEDI suggested.
Thank you, all three of you have been very kind and helpful. Hopefully I will find a solution soon. If you get any more ideas, I would be much obliged if you shared them.
Cheers!
UPDATE: Finished the long generic scan, passed.
 


Attachments

Last edited:

Neemobeer

Windows Forum Team
Staff member
#14
It's not necessarily since malware will commonly drop files in there. However in this case this is a normal process. Based on the GUID the long number this is the autorun handler (when you pop a disc in and it auto runs) You can disable Auto run with the FixIt here. https://support.microsoft.com/en-us/kb/967715 it should still work on newer versions of Windows.
 


#15
Hm, I am having trouble with that too. The automatic fixit is no longer available and I can't do it manually, because I can't find the given entry in the registry. It ends a few steps before it should, for me. It should be HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun
and yet after policies I have nothing in regedit. I tried looking it up for local machine, but there are no entries for autorun.
 


Neemobeer

Windows Forum Team
Staff member
#16
You can add the missing keys or the same should exist in HKLM
 


BIGBEARJEDI

Fantastic Member
Premium Supporter
#17
Could you give me the link to it, please?
>>>Hi Mike, sure thing. Here's that link for you:
https://windowsforum.com/forums/windows-security.64/
You can post a new message in there describing your situation and quote my recommendation that you get help from our experts to scan and disinfect your Mom's computer. Make sure to mention that you have completed the RAM memory test (MEMTEST) and whichever Hard Drive test you ran for your particular hard drive (i.e.: SEATOOLS). Also, if you did find a faulty RAM stick(s) or Hard Drive, please include the statement that you have replaced it with another drive, and what Make/Model drive you used. <<<

Best of luck, :encouragement:
BBJ
 


#18
>>>Hi Mike, sure thing. Here's that link for you:
https://windowsforum.com/forums/windows-security.64/
You can post a new message in there describing your situation and quote my recommendation that you get help to scan and disinfect your Mom's computer.<<<

Best of luck, :encouragement:
BBJ
Thank you very much, BBJ,
I'll get on it in a few weeks, because I won't be near that laptop sooner. Thank you again for the advice! I'll be sure to quote your recommendation.
Cheers!
 


BIGBEARJEDI

Fantastic Member
Premium Supporter
#19
You're welcome!;) No hurry, whenever you can get to it. Be patient when you sit down with the Security forum guys to try and disinfect that computer. They may have you try multiple scans, procedures, etc. so it's not a 10-minute deal.:) This can take from a couple of days to a couple of weeks to thoroughly go through that system with multiple windows tools and Linux tools. I suggest you clear you schedule for that period of time if possible.;) When I have one of these virus infected computers, my wife doesn't see me for days once I start on it and we only see each other at mealtime for the duration!:ahaha:

Best,
BBJ
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.