About the author.

Welcome to The blog of whall

Come on in and stay a while… laugh a little. Maybe even think. Read more...

Hi, This is Wayne. This is my site, my stuff, my blog, blahblahblah. The site itself is powered by WordPress and the Scary Little theme. I thought it was cool, and I still do.

I’ve been dealing with a slower-than-it-should-be laptop for a LONG time.  I’ve blogged about it before, a couple things that just annoy me about the performance of my system.  I thought it was related to Google Desktop Search and/or Windows Desktop Search, because when either (or both) of those are installed, the performance just goes way down the tubes.

Symptoms include: email being slow, web browsers being slow, resuming from standby is slow.  (insert any activity) is slow.  About the only thing that ISN’T slow is trillian (instant messaging and chat), and even it is interrupted sometimes because the mouse stops moving and everything halts for a few seconds, and then goes back to normal.

But even with the desktop tools NOT installed, the laptop just does not perform like a dual-core at 1.83Ghz.   It’s performing more like a dueling whore at one point, ate on a tree with Gilligan hurting. (ouch, that one hurt even me)

I’m beginning to think it’s possessed:

demon dell 620 latitude

So I was chatting about it with a co-worker, going through all the common things you should, and even after most of that, things were still slow.  Then he suggested to look at disk activity, and that’s when I finally noticed that the hard drive light was near constant, even though the CPU wasn’t bogged down.

I’ll list out all the steps we did, in approximate order, so if you’re looking for some tips, you might find some in this list.

The culprit in my case was a botched auto-upgrade of ISS RealSecure Desktop Sensor (aka BlackIce) and two programs, blackd.exe and vpatch.exe were hitting the disk hundreds of times per second.  Once I manually uninstalled that app (it didn’t show up in Add/Remove Programs any more) with agentremove.exe, everything was awesome.  I am so completely happy with the performance of my system now, and I even still have windows desktop search installed and everything’s indexed.

So look below at the extended entry for the details – the computer you save… might be your own!

Check the CPU first

95% of the time, when computers I encounter have a performance problem, I check the CPU and can find the culprit.  Simply run Task Manager (CTRL-SHIFT-ESC is a shortcut, or you can right-click on the taskbar and select “Task Manager”) and go to the Processes tab and sort by CPU (click CPU column header twice)

windows task manager cpu sort

If you see one or more things taking up a significant percentage of CPU constantly, that’s the first thing you look for. 

There are a few common things I’ve run into before as heavy CPU utilization causes — One common thing I’ve run into is OUTLOOK.EXE taking up 100% of the cpu.  When this happens, the only way I’ve gotten around it is killing outlook and rebooting.  If I encounter it twice on the same system, I’ll exit outlook, rename the .ost file and let it rebuild, because my suspicion is that something is shnorked with that file.  On my system my .ost file is over 2GB in size and I have several PST files that are 1.5GB and bigger.

Another issue I’ve encountered with heavy CPU utilization are svchost.exe and windows automatic update.  svchost.exe can indicate spyware issues and many other things, and in order to really find out what is causing scvhost.exe to go crazy, you need to get Process Explorer, which is Task Manager on steroids.  Process Explorer shows what’s calling what, what threads are running, and helps identify the actual process or thread might be causing the issues.  There are some known issues with Microsoft automatic updates where a botched upgrade or install wreaks havoc on the underlying files, and it keeps trying to upgrade over and over.

Spyware, anyone?

I’d say spyware is a very common cause of slow performance.  If you have good protection (Windows Defender, Trend Micro, Black Ice, and maybe some hardware/network protection on your firewalls, like Fortinet’s FortiGuard product provides), then the chances of getting spyware go down significantly. 

Of course, acting smart with your PC also can reduce your chances – don’t install something emailed to you (even from someone you trust), don’t browse around untrusted sites, and understand what you click “OK” to.

Some common free anti-spyware tools include Spybot Search & Destroy, Ad-Aware, and Microsoft’s Defender.  Install them, run through their default behavior and maybe even enable the “protection” or spyware blocking features.

Defragging hard drive (the myth)

In my experience, defragging your hard drive is typically a useless gesture you make to the computer gods, and they just end up laughing at you.  They’re up there, watching all the stupid lusers try this or try that, and they get together on poker nights and look out their windows and laugh at people defragging their hard drives when they don’t need it.

Personally, I think people who don’t know much about computers hear the word “Defrag your hard drive” and they think it sounds all smart, so that’s the only “fix” they have to offer – so naturally they offer it a lot, because it makes them sound smart too.

In general, defragging doesn’t help.  Except in one case.  Which I will describe to you now.

The case in which defragging helps a LOT is when you’ve filled up your hard drive at some point, and then you had to clean up a bunch of stuff off your drive, and you have large files that you use often, and those large files are heavily fragmented.  For example, I was doing a bunch of work with Custom Guitar Hero songs, so I had built tons of 2.5GB and 3.5GB ISO’s for burning custom playstation 2 disks.  I was also doing some movie editing, so I had huge .wmv files.  Eventually I filled up my 80GB drive and shortly thereafter, even cleaning things up, I noticed my system slowing down in Outlook, but nothing else.

I ran the defrag tool to analyze the system and sure enough – my OST file and PST files had tens of thousands of fragments.  One had more than a hundred thousand fragments.  I completed the defrag and outlook ran a lot better. 

When you run the defrag tool (you can right-click your hard drive in Windows Explorer, go to Properties, then Tools tab and run defrag tool) you might get a picture like this:

defrag disk analysis

Another tip I’ll give you about defrag – the defrag tool that comes with XP only allows for defragging the entire disk.  You can download the Contig tool and you can defrag specific files.  It’s a command line tool and here’s an example (note that 760 fragments isn’t horrible in my opinion – I’m just using this as an example of how to run the tool)

C:\Documents and Settings\whall\My Documents\Outlook>contig -v megapath.pst

Contig v1.54 – Makes files contiguous
Copyright (C) 1998-2007 Mark Russinovich
Sysinternals – www.sysinternals.com

————————
Processing C:\Documents and Settings\whall\My Documents\Outlook\megapath.pst:
Scanning file…
Scanning disk…
File is 376469 physical clusters in length.
File is in 760 fragments.

Moving 136121 clusters at file offset cluster 0 to disk cluster 17082927
Moving 126457 clusters at file offset cluster 136121 to disk cluster 15013149
Moving 113891 clusters at file offset cluster 262578 to disk cluster 16714023
File size: 1542013952 bytes
Fragments before: 760
Fragments after : 3
————————
Summary:
     Number of files processed   : 1
     Number of files defragmented: 1
     Average fragmentation before: 760 frags/file
     Average fragmentation after : 3 frags/file

Another nice thing about contig is you can schedule it in the Task Scheduler so that, say, every Sunday at midnight, the whole disk is defragged.  I might go ahead and do that.

What’s been installed recently?

If a performance change seems sudden, then something changed.  Did you install something?  Frequently, a new application install can cause unintended consequences – like Google’s Picasa having Media Detection turned on, and Google Desktop is indexing. They both fight over the disk, or at least they used to.  Or one time I did a Picasa upgrade and it went awry and I ended up with two Media Detection processes running, and the system went crazy slow.

Or maybe if you installed Google Desktop AND Windows Desktop, they can fight each other for watching disk activity, files, etc.  Hopefully, though, the CPU monitoring from above would tell you if something you installed was part of the problem.

Startup CPL

Startup CPL is a “nifty little control panel applet” (I’m just quoting here 🙂 ) that lets you see what’s configured to startup on your computer.  What’s cool about it is you can disable things as well.  So you can see if there’s stuff you don’t want on your machine starting up every time you turn on your computer.

It can tell you what runs for any user, what runs just for your username, what starts up in the registry, what starts up from the StartUp folder, and generally doesn’t miss a thing

startup cpl 

So if you want to do some digging, run this tool and see what’s running.  Be careful – if you don’t recognize something, leave it alone or do some googling on it first.

Performance counters

What finally got me to determine the issue was using a cool built-in tool with Windows called Performance Counters.  This doesn’t typically live in the Start Menu, so you need to run it manually by going to Start –> Run and then type in perfmon.msc and click OK.

When you do this, it runs the Performance console:

windows performance monitor console

What this tool will tell you is — how is your system working?  It can show and graph details every 1 second (or 5 seconds or whatever interval you want) how your CPU is, disk queue, memory utilization, or any of hundreds of other metrics.  You can add more by right-clicking in the graph area and selecting to add another monitor.  Pick one and it’ll add it to the graph.

In my case, what we noticed that was out of whack was the Avg. Disk Queue Length

windows performance monitor console 

So now we knew that the disk activity was way above normal.  That meant that we needed to find out WHAT was using the disk so much. TIP: see the “average”?  It’s 1.323.  Anything over .70 is probably indicative of a problem – and you can see mine went as high as 4.526 at one time.  (note that you can click on one of the monitors at the bottom and it will tell you the details in the ribbon just above the columns)

Yet another Systinternals tool (provided by Microsoft free of charge) comes to the rescue – Filemon.  Filemon shows every disk read and write and what process is doing it.

And you know what – HOLY COW there were hundreds of access by two processes – blackd.exe and vpatch.exe.  I happen to know that blackd.exe is blackice (personal firewall) and I can only guess that vpatch is the patching / upgrade process that ISS uses.  And as soon as I saw it, I recalled one of my other co-workers asking if I minded being part of a guinea pig group of the latest ISS BlackIce upgrade.

SMACK!

(that’s the sound of me hitting my forehead in realization)

So I ran the manual uninstall tool called AgentRemove.exe in the ISS directory, and you can see the immediate difference:

performance counters before after

The blue line down at the bottom is the key – it was always running at 1.x or higher and anything over .7 is bad.  So then afterwards the queue length was way down there like the .15 average it’s listing.

I am so happy right now I can’t stand it.  My system is super fast!

Wait a second.  Maybe now I’m gonna have to be more productive at work or something.

Ooooh, look how slow my system is running again!  I can’t work anymore!

🙂

And lo, the people did comment thus:

8 Comments

  1. Absurdist says:

    What is it with your inability to get eyebrows right? Good lord. If I had a left eyebrow like your laptop, I would go slow as heck too. You REALLY need a remedial eyebrow drawing class.

  2. Absurdist says:

    Oh, and look. I wrote a family-friendly post. Write down the date and time.

  3. whall says:

    absurdist, family-friendly!?!?!? Hardly! You took the Lord’s name in vein!!!!!! I’m only still friends with you because you said ‘Good’.

    🙂 I’m so funnay.

    Thank you for the deconstructive criticism of my eyebrowing. I’ll have you know that I took 3 yrs of abstract eyebrow art history appreciation classes, so I think I’m a lot more qualified to discern talented work when it comes to the artful representation of eyebrows. Clearly, my light canvassed touch mixed with grandiose nuances dashed with hue and balance are lost of the amateur audience that you so expertly exemplify. I wouldn’t expect a pauper to understand opera, so I’m not surprised at your criticism.

    /witty remarks

  4. Absurdist says:

    Wayne, if I took the lord’s name in “vein”, I would have had to shoot him up.

    But if I took his name in “vain”, then you might have a point.

    I think you are thinking of the bourgeoisie, not the paupers. And, since we are talking born-in class, you would actually be bourgeoisie and I would be aristocrat. That would make it impossible for you to have taken any creditable art classes that would please the discriminating eye of the aristocracy.

    So there.

  5. Karl says:

    Great post, thanks. I’ll have to check into some of these things.

  6. Svchost says:

    Is the startup CPL the same as msconfig, then startup? If different, how do you access this? I would like to see what else is starting up. I have a McAfee trial version keep popping up on start up but it is not on msconfig startup. And it won’t let me uninstall it, even if I go to add and remove programs. Tried hijack this but somehow it comes back like a plague.
    Svchost´s last blog post ..Response cached until Tue 6 @ 17:21 GMT (Refreshes in 23.90 Hours)

Want to comment?

Hey, we all want to share our voice. And I particularly love comments, especially if you took the time to read my blog entry. I'll take the time to read your comment, I swear! But due to spammers, robots, and the fact that I want my blog to be PG rated, I need to approve the comments. This should be same day, but please don't get mad if it takes me a while to approve the comment.







Comment:


PLEASE help keep this blog family-friendly by refraining from profanity and vulgarity.


CommentLuv badge


Admin
tsk tsk

Ajax CommentLuv Enabled 336ad6ab990e8080f1c0ad1f892428a0