My friend had me come over a week ago because his parent’s computer wouldn’t let them print anything. It had been running really slow, so his dad started uninstalling programs he thought they didn’t need. Then they couldn’t print anything, because spooler.svc couldn’t be found. His mom tried to restore to an earlier point, but it said it couldn’t restore everything. I came over, and first off noticed Avast! wasn’t running, so I suspected it was infected. I manually started it, and noticed that infections were found during scheduled scans, but it didn’t seem like it had removed them even though it should have. The only one that wasn’t a PUP was a Trojan in a Frostwire folder. I asked why they had Frostwire, and they said an employee at Radio Shack said it was safer than Limewire ::). I tried to remove the Trojan, but Avast! would freeze up and stop responding, and i would have to kill it. I ran a scan with MBAM and SAS, neither found anything. I couldn’t run a boot-scan, because I wasn’t sure about updating to 5.1, since I had had problems with it on my PC. I thought about reinstalling Avast! as well, to maybe fix the problem with it not starting when Windows did, but it honestly took 20 minutes for it to reboot. I swear I don’t know how they mess up their computers so much. Anyway, I gave up for the day, but came back today since 5.1 is good now. I updated Avast! and ran a boot-time scan, but it found nothing.

Needless to say I am stumped on why their computer is running so slow. It’s Windows 7 Home Premium x64, with a dual core and 4GB of RAM. It’s an HP, and I did notice there were 101 processes running, which seemed really high, but it does have all the preinstalled crap on it, plus some programs they installed. Any help would be welcome on how to speed up their computer. I recommended they back up any important files and restore it to factory settings. Then I could remove all the preinstalled crap, then install security programs on it that they would not remove like they had me remove Hostsman. They haven’t decided yet, but I would like to know if there is anything else I can do.

I think your on the right track by getting those running processes down, that could be the main instigater of the slow system if you have cleared the posibility of infection, there’s only 41 running processes running on mine so 101 processes is quite high.

Yes, 101 processes running is too many. My W7 laptop usually has about the same as craigb’s … 40 - 45 processes running would be about normal.

You might try using ccleaner from Piriform to get rid of some of the trash on that computer.
Be sure read the Features & FAQ before downloading and using. It would also be helpful to see the Screenshots page as there good explanations with the images.

http://www.piriform.com/ccleaner

Get PC decrapifier from here : http://www.pcdecrapifier.com/ and start removing the unwated apps. And reboot at the end once. See if it gets better.

If i was you, i would check if there were any leftovers from previous security programs, check the non-ms system services(and delete/disable them if necessary). Download Autoruns to see what’s being loaded up at system start-up.

http://technet.microsoft.com/en-us/sysinternals/bb963902

Also open up Task Manager, go to Performance tab and click Resource Monitor. In there you should be able to pinpoint what programs are slowing you down…

Asides from running CCleaner and De-Crapifier i would also suggest running the windows default clean up tool. There is a simple trick to make it clean out more stuff than it usually does.

Click the Orb(Start button in XP terminology) and in the search box type in cleanmgr /sageset:50 and press ctrl + shift + enter(the ctrl + shift + enter trick runs the program as admin user and that is needed otherwise those commands won’t work). Disk cleanup will now open but display alot more options, select the ones you want and close the program(it won’t actually do the cleaning yet, we need to run another command for it to start cleaning).

Click the Orb again and type this in: cleanmgr /sagerun:50 and press ctrl + shift + enter. This command will now run the cleaning(with the options you selected with the previous command)

After you finished removing all the crapware, i would also suggest you check if the system files are ok.

Click on the Orb and in the search box type in sfc /scannow and press ctrl + shift +enter. Note: You can run sfc via command prompt, just make sure it is an admin command prompt.

http://www.shrani.si/t/T/p/1eMk0zoX/1/sfc.jpg

If there are any system files missing or corrupted you will be prompted to insert the windows install disc, after you do that it will replace those missing/corrupted files.

When you are completely finished with all the cleaning and optimizing, click on the Orb and in the search box type cmd and press ctrl + shift + enter. This will open up an admin command prompt. Then type or paste in this command and press Enter: defrag -b -u -v -h c:

http://www.shrani.si/t/1B/DJ/1OTU1395/boot-defrag.jpg

This will speed up the boot process, sometimes considerably.

Wow those are some interesting commands. I will give them a try later. I was also always wondering if there was some way to check if any Windows files were missing or corrupted. Thank you!

Well I went to their house. I’ve tried uninstalling stuff, but it runs so slowly, I may have to wait until the weekend. I’m still suspicious that there is an infection, so I will attach a Hijackthis log.

An analysis of the HJT log shows the following problems :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%langu age
While HJT says the is a nasty entry that should be fixed, research found almost no negitive results for Toolbar.Inbox except at BeepingComputer where someone was having trouble gettting it uninstalled. As for me, I would not have it but I do not like most toolbars. So, the choice is yours to make.

R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
Deactivated entry that should be fixed. Related to Inbox.
http://www.spyandseek.com/Search.php?search_for=D3D233D5-9F6D-436C-B6C7-E63F77503B30&search=SAS-Search

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Deactivated entry that should be fixed. Related to Yahoo Companion.

O4 - HKLM..\Run: [Monitor] “C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe”
While HJT rates this a bad entry (monitor.exe is used by some malware), this would be OK to keep if LeapFrog was installed & used by the computer owner. See Match #5 at the link below.
http://www.pcpitstop.com/libraries/process/i/Monitor.exe.html

O23 - Service: dlba_device - Unknown owner - C:\Windows\system32\dlbacoms.exe (file missing)
Related to Dell printer communication. The “file missing” indicates that the printer has been removed. If this is true, this one can be fixed. If a Dell printer is still being used, this indicates the may be a problem with the printer.

You can not depend on HijackThis on Windows 7 systems.

It is only good for XP systems.

Darn I was hoping something else would be found. They do have Leapfrog installed. the sfc /scannow command found nothing wrong. I guess I’ll keep uninstalling junk and hope it improves.

After you’re all done removing things that it doesn’t need, and it’s still incredibly slow, try checking the hard drive.

I’ve seen many systems start crawling out of nowhere and it usually let to me finding that the hard drive was failing.

Find out the manufacturer of the hard drive (either by using device manager, or physically looking at it) and let us know. I’ll be able to point you to the diagnostics for whatever brand it is.

I’ll try that. I’m also going to dust it out, because they’ve never dusted it out in over a year, and it’s in one of those desk cubbys, no door at least.

That’s also quite a possibility. Too much heat = slow computer. So does too many running programs, malware/spyware/viruses, and bad hard drives.

I dusted the thing out, their desk compartment had dust bunnies by it. All the vents were caked, and the fans. Even after dusting it out, it didn’t go faster. I finished removing the junk programs. There was a slight increase in speed, and it booted in about 5 minutes instead of 10, but it’s still bad.

When I rebooted, there were 29 processes running, which was really good. It soon jumped to 81 though. I went through task manager looking at them, but I wouldn’t be able to tell good from bad. Nothing suspicious like exe.exe or anything. Something is causing a large number of processes to run, even without all the crapware.

I also noticed they have 4 virtual removable drives; G,H,I,and J. I think it is from something that came with the computer.

I remember CCleaner removed 5GB in files in one of their account’s temporary folder. I don’t know what is up with that.

Lastly, I left today with Defraggler defragging it. They are only using 45GB, out of like 580GB. There was 17% fragmentation but I’ve had worse.

I still think there may be some infection lurking on there. Any recommendations? Maybe Dr.Web Live CD?

While windows 7 has a great many processes more than XP does, 81 is a bit much. Now, that being said, it’s not “too” much depending on what you removed from the computer that came with it in the first place.

As for the virtual removable drives, it could be a media card reader that’s built-in to the system. I’m pretty sure that only windows XP would show them all and Windows 7 would only show drives that have something in them, but I could be wrong (as soon as I get some money to upgrade my hardware, I’ll let you know, but don’t hold your breath!).

5GB in files isn’t uncommon. You have temporary installer files, temp internet files for every user, and god knows what else. It’s just good that you recovered that much space back.

17% fragmentation isn’t great, but yeah as you said, we’ve seen worse. hopefully it helps a bit though. It’s funny though, the newer the systems get, the less defragging seems to help.

As for a live CD scan, that would be a good idea. I would figure that you would see something strange in the task manager though, and you said that you didn’t. There could be a rootkit lurking around though, so the live CD could be a good idea.

Regardless, 5 mins of boot time is bad… like ridiculous bad. I don’t know if you mean 5 mins from pushing the switch to login, or 5 mins from pushing the switch to having the system logged in and ready to go, but it’s still slow no matter how you look at it. It should be closer to 1.5 mins or so.

Try the live CD and see if there’s any remaining infections. If there are and Dr. Web can’t remove them, we’ll notify Essexboy to do a thorough cleaning with his specialist tools. If not, I’m going to suggest checking that HDD again!

And make sure that they make a backup of their important data soon (if anything).

Good luck!

Ok, I’ll give a go with the Dr.Web CD, unless you think there is a better one. I also remember that the computer by itself initialized checkdisk once, and it found no bad sectors or anything.

Also, I’ve got a Dr.Web disk made, but it is outdated. Is there an update option before scanning, or do I need to make a whole new CD?

Well I made a new Dr.Web disk. It has been scanning for 4 hours. It’s found a few things. One is a quarantined Immunet file from long ago. Two others are fate-setup.exe, in the folders of a deleted account. The only one so far that seems like it could be doing something is GameConsoleService.exe in a Wild Games folder, but I think it might be a fp. Will update.

Nothing. I removed what it found and no change. I found out the drive is a Western Digital Blue Caviar or something. I went to the WD website and downloaded the appropriate diagnostics utility, Western Digital Date LifeGuard Diagnostics. I ran a quick test and it failed. I’m not sure if it means it’s failing, or if there was just a problem with the test. Here are the results.

Test Option: QUICK TEST
Model Number: WDC WD6400AAKS-65A7B2
Unit Serial Number: WD-WCASY9238457
Firmware Number: 01.03B01
Capacity: 640.13 GB
SMART Status: PASS
Test Result: FAIL
Test Error Code: 06-Quick Test on drive 1 did not complete! Status code = 07 (Failed read test element), Failure Checkpoint = 97 (Unknown Test) SMART self-test did not complete on drive 1!
Test Time: 20:20:22, January 22, 2011

That’s not good. It looks like you just ran a SMART test on it. Can you try a short or long (extended) test to see if they run?

If so, and they give you an error code, write it down and get that thing replaced. Sounds like the drive is going bad. Make sure to back up everything to another location before you replace it though.