Slow windows 7 machine with several cmd.exe and conhost.exe instances

Trying to clean a 3 year old windows 7 PC.  deleted temp files, ran ccleaner for registry and file cleanup, ran malwarebytes, superantispyware, eset online scanner, trendmicro's housecall online scanner, hitmanpro.  Deleted a couple things they found.  Used autoruns to see what's starting - nothing unusual.  several things though - dropbox, skype, etc.

I ran some different SMART hard drive testers and the drive is OK.  Turned off aero.

But the machine is still sloooowwww.  It's got several conhost.exe and cmd.exe instances running.  can't see how they are starting.

what am I missing?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Go here:

Get Process Monitor, Process Explorer, ProcDump

You should be able to use them to find what is causing those things to kick off.  Check Task Scheduler as well.  Had a similar problem and malware had dropped in about 40 tasks that were trying to kick off several times an hour.

Per Microsoft the only way to ensure a clean system is to reload it from scratch.  I still have that article from a local paper hanging on a wall here in our office.

These things can be a real pain to hunt down.  Worst case you can do a full backup of the PC, reload it and make sure it now runs as expected.  If it still has problems, then hardware is probably the culprit and time for an upgrade.  If not, then you can then let the client know they have a choice of how to move forward.  Done this myself in a few extreme cases where I had to prove the reload would fix the problem.  4 of the 5 it fixed it.  1 of 5 we found it was hardware.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ben HartCommented:
I also like MSCONFIG.exe.. disable ANY startup item that is questionable or has no name, no description or no provider, or with a path to any TEMP location.
It would be good to check for fragmentation and disk errors if not done already.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

BeGentleWithMe-INeedHelpAuthor Commented:
THanks.  I was throwing all kinds of tools / tricks at this machine with no results.  This was all remotely and taking days for malware checkers, etc to run so I kept debating how much more time to put into this vs. beg off.

Went into computer properties and turned off the visual effects (computer, advanced system settings, advanced, performance, visual effects, adjust for best performance) it as likely set to 'let windows decide.

That seemed to make performance like a new machine.  didn't bother seeing if setting it back to 'let windows decide' brought back the problems or just toggling setting cleaned up some registry / other issue.  I left well enough alone : )  didn't want to rock the boat and after days, I was DONE!

thanks guys.  and might I ask as an aside, how do you decide - wipe vs. play with a machine to improve performance?  this was a 3 year old machine....
If we have to spend more than an hour sitting in front of it doing things, we reload.  It is cheaper for everyone in the long ron.  Only exception is if there is an app on the system the client does not have the reinstall disks for, but I leave it up to them at that point as it is just time and materials.
Adam LeinssServer SpecialistCommented:
Sounds like it has a may want to scan it offline with a boot cd.  Having several instances of cmd.exe running is not normal.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.