[NA]What the heck are you so busy with?[NA]

Discussion in 'Technical Corner' started by Let'sgoflying!, Jul 12, 2007.

  1. Let'sgoflying!

    Let'sgoflying! Touchdown! Greaser!

    Joined:
    Feb 23, 2005
    Messages:
    13,097
    Location:
    west Texas
    Display Name:

    Display name:
    Dave Taylor
    Have a look at this CtrlAltDel display under Processes.
    This is right after I start the darned thing. Why are so many things happening?
    I don't recall commanding anything, other than the start button. I realize some things need to be up and running when I do that, but some of this must be garbage.
    Can anyone identify anything from the two screenshots that might need uninstalling. My computer is so slow I nod off between keystrokes.

    edit: well, I will attach the images when POA will recognize them tomorrow maybe "does not recognize these as valid images"
     
  2. RJM62

    RJM62 Touchdown! Greaser!

    Joined:
    Jun 15, 2007
    Messages:
    10,849
    Location:
    Catskill Mountains, New York
    Display Name:

    Display name:
    Geek On The Hill
    Well, even without the s/s, we can get started with seven questions:

    1. What version of Windows?

    2. What's the processor and speed?

    3. Is it a desktop or a laptop?

    4. How much physical RAM is installed?

    5. Are you running current anti-malware software? If so, which one(s)?

    6. How many user accounts are there on the PC?

    7. How many total processes are running?

    On an average, reasonably well-tuned desktop with one user logged on, it's not unusual for the total running processes at idle to be in the 40's. Hard-core gamers and others who want the absolute maximum performance can get the total down to the 30's, or even the 20's. Users who prefer to keep frequently-used apps running in the background (or who let them run at boot because they don't know how to stop them) may have running processes in the 50's, or maybe even the 60's. But for most users, somewhere in the 40's is average.

    For laptops, add another five to ten processes to run the various proprietary drivers, hotkeys, custom buttons, power management software, and so forth that laptops typically require.

    Of course, it's not just the total number of processes that matter, but also what those processes are and which ones are hogging the resources. That's something we'd need to see the s/s to comment on.

    The biggest cause of extremely slow PC's these days is probably malware, especially spyware. I'm coming across a lot more advertising spyware than true viruses (although in my opinion, the distinction is getting fuzzier all the time). Unfortunately, many malware processes interfere with the installation of conventional malware removal tools. I spend a lot of time in Safe Mode (and even bootable environments like ERD, BartPE, or one of the assorted bootable Linux distros), using a machete approach to clean up infected machines. Sometimes I simply slave the drive to a Linux machine with NTFS write enabled, and scan it in Linux.

    In addition to malware, there are many other problems that can slow a PC to a crawl. For example, there are many processes that may be useful, but simply don't need to run all the time.

    For example, I have a Kodak digital camera whose software, by default, starts at boot so it can detect the camera when it's connected. But I choose to manually start it, because I typically use the camera only a few times a week (usually when taking pics of stuff to sell on eBay). There's no need for the camera software to be running all the time in-between.

    On the other hand, I let LogMeIn.com run all the time because it's a low-resource app; and I frequently run in and out and don't want to forget to turn it on, and then not be able to remotely log in while I'm on the road. So what is "necessary" depends a lot on the user.

    Other things that can drain performance:

    1. Inadequate resources (especially RAM).

    2. Using the "Fast User Switching" option to allow multiple users to be logged on at once. I routinely disable this option unless the client really whines about it. It's much more efficient, performance-wise, to fully log off one user before letting another log on.

    3. A dirty registry. It's not unusual for the registry of a machine that hasn't been tuned up in a while to contain hundreds of invalid entries, which can hurt both stability and overall performance. Registry cleaning is best left to professionals and advanced users. There are a few consumer-grade registry cleaners, like the one included in Crap Cleaner, that actually work pretty well, but there are a lot more of them that don't. Even the best of them usually miss a few things (or falsely identify a few things) that a professional can manually address.

    4. Filesystem corruption. This is especially true of computers that have other problems because users are forced to shut down the machine improperly when it freezes, or the filesystem gets corrupted when the machine BSODs.

    5. Inadequate hard drive space. This causes a number of problems including truncation of the MFT (Master File Table), possible pagefile issues, and inability to perform a defrag.

    6. Filesystem fragmentation.

    7. MFT fragmentation. Unfortunately, although MFT fragmentation can cause a severe performance hit, to defragment it requires third-party software. The built-in Disk Defragmenter can't touch the MFT because it's always in use while Windows is running. MFT defragmentation must be performed either at boot time or by using bootable software (like Paragon's Hard Disk Manager, which is what I usually use).

    8. Pagefile problems (corruption, fragmentation, or improper size). Once again, Microsoft provides no tool to correct these problems, but usually they can be fixed by disabling the paging file, possibly running a defrag in safe mode or with a bootable tool (you may not be able to boot into normal mode with no pagefile), and then re-creating the pagefile. The reason for the defrag in between is to make enough contiguous free space for the pagefile to be created in one piece. It may take more than one defrag to do this, or it may take none at all. It depends on the filesystem fragmentation.

    I like a static pagefile of at least 1 1/2 times the physical RAM, and never less than 1024 MB. Often I'll go much higher, depending on the machine's mission and installed apps. Others prefer dynamic sizing. Both approaches have their advantages.

    9. Accumulated garbage files. Windows leaves a trail of crap a mile long behind itself, and it has to keep track of these files like any others. It's not uncommon for there to be staggering amounts of absolutely useless garbage -- often in the gigabytes -- clogging up computers that haven't been tuned up in a while.

    10. Prefetch problems. I'm not a believer in the practice of periodically emptying the prefetch directory on a machine that's working properly. That just causes a temporary performance hit, because Windows has to rebuild it. But when the prefetch directory contains a lot of invalid entries, it makes sense to clear it out and allow Windows to rebuild it.

    A typical tune-up on a machine that's not infected by malware takes me about an hour or so. If it's infected, then it could take much longer depending on the nature and degree of infection. But personally, I only recommend a reformat maybe five percent of the time. Unless the user has almost nothing in the way of documents and user-installed programs, I find it usually takes longer to reformat / reinstall / update / restore than it does to fix the existing machine.

    --Rich
     
    Last edited: Jul 13, 2007
  3. mikea

    mikea Touchdown! Greaser!

    Joined:
    Feb 12, 2005
    Messages:
    16,889
    Location:
    Lake County, IL
    Display Name:

    Display name:
    iWin
    Run->msconfig

    Startup Items. Uncheck anything you don't recognize. Don't worry. It's not permanent.

    Enjoy the CPU power you paid for.

    Control Panel->Add Remove porgarsm Remove anything carp.

    A lot of apps, including iTunes, Real anything, media anything, Adobe anything, preload just in case you run it, so it will be faster to start. Each takes up RAM and CPU cycles.

    That. And you're running one or more bots owned by guys in Russia. :rolleyes:

    What RJM said.
     
  4. RJM62

    RJM62 Touchdown! Greaser!

    Joined:
    Jun 15, 2007
    Messages:
    10,849
    Location:
    Catskill Mountains, New York
    Display Name:

    Display name:
    Geek On The Hill
    Or maybe a rootkit or two. :eek:
     
  5. Let'sgoflying!

    Let'sgoflying! Touchdown! Greaser!

    Joined:
    Feb 23, 2005
    Messages:
    13,097
    Location:
    west Texas
    Display Name:

    Display name:
    Dave Taylor
    RJM62,
    thanks for reviewing my problem; I do really appreciate your efforts!

    I have to say, is it not just a little aggravating that the average owner has to seek out such detailed knowledge, and become a competant technician (or hire someone), in order to operate a simple computer?!
     
  6. mikea

    mikea Touchdown! Greaser!

    Joined:
    Feb 12, 2005
    Messages:
    16,889
    Location:
    Lake County, IL
    Display Name:

    Display name:
    iWin
    Only on Windows. :D

    http://www.apple.com/getamac/

    I just recently checked what was running at startup on my MacBook Pro. It's one place under my account - startup items. There are no "helpers." I just unchecked the box for the one I didn't want to run....but the Mac doesn't bog down....and there are no Mac bots run by Russians.
     
    Last edited: Jul 13, 2007
  7. SkyHog

    SkyHog Touchdown! Greaser!

    Joined:
    Feb 23, 2005
    Messages:
    17,952
    Location:
    Castle Rock, CO
    Display Name:

    Display name:
    Everything Offends Me
    Just wait until more than 100 people use Macs and there's enough people to start to run into spyware and virii.

    Then PC solutions will be MUCH easier.
     
  8. mikea

    mikea Touchdown! Greaser!

    Joined:
    Feb 12, 2005
    Messages:
    16,889
    Location:
    Lake County, IL
    Display Name:

    Display name:
    iWin
    That's a nice red herring, but it's not true. There ARE going to thousands more Mac users every day, and there are not going be any easy ways to run "virri." Unix has security built in.

    There have been plenty of miscreants working feverishly to prove your point. They always end up "Please go to this web site and run this program...and be sure to ignore the warning and co-operate with that screen that asks you for your password..." as opposed to, "We took a fully patched and updated Windows PC and it was infected silently in 7 minutes."
     
  9. Let'sgoflying!

    Let'sgoflying! Touchdown! Greaser!

    Joined:
    Feb 23, 2005
    Messages:
    13,097
    Location:
    west Texas
    Display Name:

    Display name:
    Dave Taylor
    Here is what it is busy with:

    How many processes do you have going?

    Are any of these necessary??
     

    Attached Files:

  10. RJM62

    RJM62 Touchdown! Greaser!

    Joined:
    Jun 15, 2007
    Messages:
    10,849
    Location:
    Catskill Mountains, New York
    Display Name:

    Display name:
    Geek On The Hill
    Here we go:

    iTunesHelper.exe: If you use iTunes a lot, then yes.

    qttask: Ditto

    tpsbattm.exe: Yes. It's part of the power management for your laptop.

    rapimgr.exe: Part of MS ActiveSync and a resource hog. Needed only if you use ActiveSync.

    rundll32.exe: Yes. Starts when needed.

    ezprint.exe: Part of your Lexmark printer driver.

    lxbkbmon.exe: Ditto

    jusched.exe: Java Updater. You can turn it off, but be sure to check for Java Updates manually.

    pinger.exe: Toshiba app. Not sure about this one.

    smoothview.exe: Toshiba zooming utility. Your choice.

    padexe.exe: Toshiba touchpad configuration utility. You can temporarily disable it in MSCONFIG and restart to see if it makes any difference.

    symlcsvc.exe: Part of Norton. I hate Norton, but if you use it, then you need this.

    wzqkpick.exe: Part of WinZip. You can disable it, but would have to open WinZip manually to open some compressed files.

    THotkey.exe: Controls the function keys on a Toshiba laptop. You can disable it, but then those keys won't work. Probably should leave it.

    syntpenh.exe: Touchpad driver. Usually essential.

    syntplpr.exe: Touchpad configuration utility. Usually non-essential.

    agrsmmsg.exe: Modem driver

    atiptaxx.exe: Video configuration utility. Usually not required, but temporarily disable in MSCONFIG before permanently disabling it in the registry.

    tfswctrl.exe: Part of the HP program for CD-burning. Probably should leave it alone.

    svchost.exe: Essential, but prone to malicious use.

    taskmgr: The Task Manager. You had it open to see the processes.

    lxbxcoms.exe: Part of the Lexmark driver.

    wcescomm.exe: Part of MS Active Sync (used to sync Pocket PC / Windows CE devices)

    toscdspd.exe: This process slows down the CD / DVD drive if it starts vibrating. Your choice.

    ctfmon.exe: Part of MS Office. Activates the language bar and so forth. May also be malware masquerading as a legitimate process. I usually disable it unless the user uses the services it provides.

    alg.exe: Application Layer Gateway. Required in your case (you use Norton) or if you're using ICS or certain other network processes.

    ccApp.exe: Part of Norton.

    wuauclt.exe: Part of Windows Update. May also be a Trojan masquerading.

    spoolsv.exe: Print spooler.

    appsvc32.exe: Part of Norton.

    cfsvcs.exe: Toshiba configuration utility.

    cdantsrv.exe: License validation software. If you remove it, some program(s) will stop working (TurboTax, Autocad, some others).

    ccsvchst.exe: Part of Norton.

    explorer.exe: Essential. This builds your GUI.

    acs.exe: Atheros wireless driver.

    ati2evxx.exe: Part of the video driver. Provides configuration options. May or may not be essential on your system (usually isn't).

    aluschedulersvc.exe: Symantec Live Update.

    lsass.exe: Part of MS Security mechanism, but often masqueraded.

    services.exe: Essential, but often masqueraded.

    winlogon.exe: Essential, but often infected.

    csrss.exe: Essential, but often infected.

    ipodservice: Part of your iPod connection software.

    dvdramsv.exe: Part of the DVD RAM service. Allows you to drag and drop to DVD.

    ccsvchst.exe: Part of Norton.

    System: Internal system process. Essential.

    System Idle Process: On a well-functioning system, this should always be in the high 90's when the system is idle.

    Short scoop: All of these processes appear to be legit, but they may be infected or masquerading. None of them are showing as using unusual amounts of resources, and none jump out as definite malware.

    Nonetheless, I recommend doing thorough virus, spyware, and rootkit scanning first. The latter may require a professional. Also, add up all memory usage and make sure it agrees with the displayed total usage. If it's way off, then suspect a rootkit.

    Otherwise, look at RAM, pagefile, MFT / filesystem corruption / fragmentation, avaiable free space, and all the usual tune-up related stuff discussed previously.

    My suspicion is that the machine just needs an hour or two in skilled hands, and maybe a RAM upgrade. So don't toss it out the window at altitude just yet.
     
    Last edited: Jul 21, 2007
  11. Let'sgoflying!

    Let'sgoflying! Touchdown! Greaser!

    Joined:
    Feb 23, 2005
    Messages:
    13,097
    Location:
    west Texas
    Display Name:

    Display name:
    Dave Taylor
    Thanks I ran Processscanner (processlibrary.com) and it said everything was safe.
    Its more than just running slow problem.
    The harddrive light will be on constantly and I can't access any files/use the browser, can't even type......sometimes. An intermittent problem. I may only have one file open and in use. Its not a popup that I can see, not norton doing an unrequested scan that I can tell (normally I see a NAV window open for that, and it ties up the system for hours if I don't kill it).
    I have done regular virus scans of the entire system.
    Thanks.
     
  12. wsuffa

    wsuffa Touchdown! Greaser!

    Joined:
    Feb 22, 2005
    Messages:
    20,249
    Location:
    DC Suburbs
    Display Name:

    Display name:
    Bill S.
    Dave,

    Have you 1) defragged the hard drive, and 2) run a hard disk error check? Sometimes is you get a bunch of bad sectors or if certain files get severely fragmented, it can slow things way down.

    I'd run those, too. Make sure you select both options for the hard disk check so it runs on startup.
     
  13. Let'sgoflying!

    Let'sgoflying! Touchdown! Greaser!

    Joined:
    Feb 23, 2005
    Messages:
    13,097
    Location:
    west Texas
    Display Name:

    Display name:
    Dave Taylor
    ok, tks b.s.
     
  14. RJM62

    RJM62 Touchdown! Greaser!

    Joined:
    Jun 15, 2007
    Messages:
    10,849
    Location:
    Catskill Mountains, New York
    Display Name:

    Display name:
    Geek On The Hill
    Hard drive light on all the time can mean several things: Inadequate RAM causing excessive paging, corrupt filesystem, corrupt pagefile, inadequate free space, filesystem fragmentation, MFT fragmentation...

    How much free space do you have on the drive (both in size and as a percentage of total space)? And how much RAM?

    Based on your latest info, here's what I would do (assuming adequate free hard drive space and RAM):

    1. Backup important data.

    2. Run CCleaner to clear up garbage files.

    3. Run a CHKDSK /f . Maybe even a CHKDSK /r if the results lead me to suspect damage to the surface.

    4. Defragment the filesystem.

    5. Defragment the MFT, if needed.

    6. Rebuild the pagefile.

    7. Clean the registry.

    8. When everything is copacetic, disable and re-enable System restore.

    9. Consider cloning and replacing the drive. Constant activity for any reason increases wear.

    I also would uninstall all things Symantec and install either AVG (the paid version, which includes spyware protection) or Trend Micro, but that's just my personal opinion. Skinny-armed geeks have come to blows over which virus scanner is best...

    Don't give up yet. I believe your laptop can be saved.

    -Rich
     
  15. Let'sgoflying!

    Let'sgoflying! Touchdown! Greaser!

    Joined:
    Feb 23, 2005
    Messages:
    13,097
    Location:
    west Texas
    Display Name:

    Display name:
    Dave Taylor
    yiii. I'm in over my head. Thanks for the advice, I know it's good - but a man's gotta know his limits - and I'm at mine. Might be time to let the local guru hammer on it!
     
  16. RJM62

    RJM62 Touchdown! Greaser!

    Joined:
    Jun 15, 2007
    Messages:
    10,849
    Location:
    Catskill Mountains, New York
    Display Name:

    Display name:
    Geek On The Hill
    Good idea. Only thing in there that's sort of advanced (for a pro, at least) would be the MFT defragmentation. I'd say only about a quarter of techs I know bother with it. But a fragged MFT causes a major-league performance hit.

    Probably your best bet is a local person who does this all the time and has a good rep. Ask around.