Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, hard drive runs a lot


  • Please log in to reply
11 replies to this topic

#1 annmarie1031

annmarie1031

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 14 April 2015 - 08:19 PM

I am using Window 7 and my computer is very slow.  It always seems like the hard drive is running.  If I go into Windows Task Manager, Performance, click on Resource Manager, then click Disk, PID 4 sometimes has a high level of activity.  It is accessing all kind of files on my computer.  There doesn't seem to be any malware/viruses.  Does anyone know what is going on?

 

Thank you!


 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 14 April 2015 - 08:44 PM

Hi annmarie1031 :)

We'll need more information in order to tackle your issue, so let's gather intel before seeing how we'll go about troubleshooting your issue :)

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Execute MiniToolBox and check the following options:
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      wNeKMCX.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
ik5xYHs.pngSpeccy - Publish a snapshot
Follow the instructions below to download and install Speccy, then to publish a snapshot of your system information:
  • Download and install Speccy from Piriform (the download will start automatically a few seconds after clicking on the Speccy link);
    Note: You can opt-out the Google Toolbar installation if you want;
  • Once Speccy is installed, launch the program and give it a good minute to load all your system information;
  • After that, click on the File menu in the top left corner, and select Publish Snapshot;
  • A window will appear asking you to confirm your decision to publish a snapshot. Click on Yes;
  • A new window will appear after, with a URL link to your snapshot. Click on Copy to Clipboard button to copy that URL to your clipboard, then paste it in your next reply and post it;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 annmarie1031

annmarie1031
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 15 April 2015 - 07:24 AM

Thank you, Aura, for your help!

 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by Bob (administrator) on 15-04-2015 at 08:18:04
Running from "C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FEE2RQX"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Model: OptiPlex 755 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/15/2015 08:15:36 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\Downloads\MiniToolBox.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/15/2015 08:15:15 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\Desktop\MiniToolBox.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/15/2015 08:14:53 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\Downloads\MiniToolBox.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/14/2015 07:10:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/14/2015 00:03:36 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/14/2015 11:26:57 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.17689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5c38

Start Time: 01d076c750d7315f

Termination Time: 62

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (04/13/2015 03:46:48 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Manual scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/13/2015 03:45:00 PM) (Source: Symantec AntiVirus) (User: )
Description: Symantec Endpoint Protection has failed to load the latest virus definitions.

Error: (04/13/2015 03:32:18 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/13/2015 03:31:54 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

System errors:
=============
Error: (04/15/2015 06:58:52 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (04/15/2015 06:55:48 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (04/14/2015 07:08:59 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:06:40 PM on ‎4/‎14/‎2015 was unexpected.

Error: (04/14/2015 10:06:04 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (04/13/2015 10:41:06 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (04/13/2015 10:41:06 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (04/10/2015 02:14:14 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/10/2015 02:14:14 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/10/2015 01:53:29 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/09/2015 07:03:09 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service.

Microsoft Office Sessions:
=========================
Error: (04/15/2015 08:15:36 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\Downloads\MiniToolBox.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/15/2015 08:15:15 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\Desktop\MiniToolBox.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/15/2015 08:14:53 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\Downloads\MiniToolBox.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/14/2015 07:10:12 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (04/14/2015 00:03:36 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/14/2015 11:26:57 AM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.176895c3801d076c750d7315f62C:\Program Files\Internet Explorer\iexplore.exe

Error: (04/13/2015 03:46:48 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Manual scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/13/2015 03:45:00 PM) (Source: Symantec AntiVirus)(User: )
Description: Symantec Endpoint Protection has failed to load the latest virus definitions.

Error: (04/13/2015 03:32:18 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/13/2015 03:31:54 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

 

=========================== Installed Programs ============================
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java Auto Updater (Version: 2.8.40.26 - Oracle Corporation) Hidden
Johnson Controls - Launcher 1.3 (HKLM\...\{FA90DBAD-8F5B-4701-A1AE-19AE94851CDE}) (Version: 1.3.0.1106 - Johnson Controls, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Money 2002 (HKLM\...\{E7298FD8-1386-11D5-8D6C-0050DAD32D95}) (Version: 10.0.80 - Microsoft)
Microsoft Money 2002 System Pack (HKLM\...\{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}) (Version: 10.0.80 - Microsoft)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Network Recording Player (HKLM\...\{2AC49604-8A5B-45A4-B7ED-10BC1E5106A3}) (Version: 2.29.3212 - Cisco WebEx LLC)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Symantec Endpoint Protection (HKLM\...\{A84E6630-FE81-4D1F-BBA0-4BFBCC1D9493}) (Version: 12.1.4013.4013 - Symantec Corporation)

========================= Devices: ================================

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 2029.61 MB
Available physical RAM: 812.18 MB
Total Pagefile: 4059.22 MB
Available Pagefile: 1953.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.08 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:465.76 GB) (Free:390.36 GB) NTFS
8 Drive z: (BKP) (Fixed) (Total:465.76 GB) (Free:247.45 GB) NTFS

========================= Users: ========================================

User accounts for \\BOB-PC

Administrator            Bob                      Guest                   

**** End of log ****

 

 

 

http://speccy.piriform.com/results/J2Tb1sxGSixd5CsHrEFpn8z



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 15 April 2015 - 07:30 AM

You can uninstall Java 8 Update 40, it's outdated. Did you pay for Symantec Endpoint Protection, or did it come with the laptop?

Download and install the following drivers please. After each installation, restart your computer:

http://downloads.dell.com/chipset/Intel_AMT-HECI_A02_R255437.exe
http://downloads.dell.com/chipset/Intel_AMT-SOL--LMS_A02_R255438.exe
http://downloads.dell.com/FOLDER96649M/3/R174616.exe

If for any driver installation, it says that a newer version is already installed, cancel the installation and move on to the next driver install.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 annmarie1031

annmarie1031
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 15 April 2015 - 08:53 AM

OK, all of the above has been done.  The Symantec is installed from my job.  Is there anything else I need to do?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 15 April 2015 - 09:04 AM

According to your Speccy snapshot, the Symantec Endpoint program had a peak usage of over 800MB, which is almost 50% of your RAM. It could be why your computer is running slow, since it's using all your RAM. Same for svchost.exe, but a little bit less (600MB). Is that laptop given to you by your work or not? Do they support it? If so, I would suggest them to add an extra 2GB of RAM on the laptop to ease things up a bit.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 annmarie1031

annmarie1031
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 15 April 2015 - 04:49 PM

Thanks for the help!  This is my home computer.  My Company allows us to download Symantec for free, but they do not provide support for it.  When I disable Symantec, the hard drive activity calms down.  I will try re-installing Symantec and getting more RAM.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 15 April 2015 - 04:51 PM

No problem annmarie :) Personally, I wouldn't install Symantec Endpoint if you don't have to, since it's taking up all your RAM and creating heavy disk usage/activity. If you can take another Antivirus, more lightweight, then you can go for it. If you add more RAM (at least 2Gb), you'll be able to use Symantec Endpoint normally.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 dudeage

dudeage

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 15 April 2015 - 04:59 PM

How much free space do you have on your hard drive?  If it's below 20%, this is guaranteed to slow down the computer.  As Aura suggested, a RAM upgrade helps with more than just Symantec Endpoint, but with speed of your PC in general.  If you want, you can also buy a can of compressed air and blow the dust out of your PC as well - that might help too. 



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 15 April 2015 - 05:00 PM

The free space was listed in the MiniToolBox report I asked:

========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:465.76 GB) (Free:390.36 GB) NTFS
8 Drive z: (BKP) (Fixed) (Total:465.76 GB) (Free:247.45 GB) NTFS

There's 20Gb+ of free space on both drives. Also, the laptop isn't overheating, so I doubt cleaning the hardware will do anything since the temperatures are normal and shouldn't affect anything at this time.

Edited by Aura., 15 April 2015 - 05:01 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 annmarie1031

annmarie1031
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 15 April 2015 - 05:21 PM

Hi Aura,

One more question :)   I just rebooted my computer and a message popped up saying: Intel Active Management Technology Status:  Disabled.  To enable or disable Intel AMT, contact your authorized system administrator.  Then there's a button to click OK.  I am not sure what this means, is this something to worry about?

THanks, Annmarie



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,677 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 15 April 2015 - 05:23 PM

It means that you most likely have a settings set by an Admin to not enable that service, which is a remote connection service. It's alright for it to be disabled.

Here if you want to read more about it:

https://www-ssl.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html

Edited by Aura., 15 April 2015 - 05:23 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users