Post by foster hackett on Aug 6, 2008 20:55:12 GMT -6
Top 10 things in Troubleshooting your Computer
Spyware and viruses pose a significant security threat, and they can also dramatically decrease computer performance. The first step when combating spyware should always be to scan the machine with updated spyware detection/removal and antivirus software. Use applications to remove any detected infections. If the software scanners don't work, here are a few other steps to try.
1. To remove spyware:
• Identify and end suspicious processes with Windows Task Manager.
• Identify and disable suspicious services with the Management Console.
• Identify and disable suspicious services and startup items with the System Configuration
Utility.
• Search and delete registry entries associated with suspicious services or startup items.
• Identify and delete suspicious files.
• Install and use multiple spyware detection and removal utilities.
Note: If the above techniques fail, start Windows in Safe Mode and retry.
Virus removal techniques depend heavily on the specific virus variant. You must therefore tailor your removal efforts to each virus.
2. Processor overheating – Modern processors generate a lot of heat. That’s why all processors require some sort of cooling element, typically a fan of some type. Machines used for gaming or other processor-intensive activities often use more sophisticated water cooling or refrigerant systems. When the processor temperature goes over spec, the system can slow down or run erratically. Modern motherboards can monitor the processor temperature and report it through the system BIOS.
The processor fan may fail for several reasons:
• Dust is preventing the fan from spinning smoothly.
• The fan motor has failed.
• The fan bearings are loose and “jiggling.”
Often you can tell if there is a fan problem by listening and/or touching the computer. A fan that has loose bearings starts jiggling and vibrates the case, making a characteristic noise. You may barely notice the noise at first, and it’s common for even the experienced computer pro to overlook this change. But as time goes by, the sounds and vibrations will become so prominent that you’ll change the fan out just to stop the racket!
You don’t always need to replace the fan. If it is covered with dust, you can often spray away the dust with compressed air. Note that even though you might get the fan running again, its life span has likely been reduced because of the overwork. You should keep an extra fan in reserve in case of failure.
There are a number of software utilities that will track the temperature of your processor and case. If you want to try some of these utilities, check out CNET's Download.com and use the search term "temperature."
3. Bad RAM – Several situations can lead to a bad RAM relationship with a particular machine:
• RAM timing is slower than optimal machine spec.
• RAM has minor flaws that only appear on detailed testing.
• RAM is overheating.
In the “old days” of Fast Page RAM, buying new RAM for your computer was a pretty simple affair. You just needed to know what speed your motherboard supported and the maximum each
slot would take. Today, there are many different speeds and types of RAM, and the better motherboards may be tolerant of using RAM that does not match the motherboard’s maximum
specs. For example, your motherboard may support ECC RAM but will still work with non-ECC RAM, or may support both PC2700 and PC3200 DIMMs. But be aware that you may need to change
BIOS settings and you may see performance decreases if you install RAM that is slower than the maximum spec.
Minor flaws in RAM chips can lead to system slowdowns and instability. The least expensive chips often have minor flaws that will cause your system to slow down or Blue Screen intermittently. Although built-in mechanisms may allow the system to keep working, there is a performance hit when it has to deal with flawed RAM chips.In the past, no one worried about RAM chips getting hot, because they didn’t seem to generate much heat. But that’s changed with newer RAM types, especially SDRAM. To check for overheating, open your computer’s case, power down, and pull the plug out. Ground yourself and touch the plastic on one of your RAM chips. Ouch! They get pretty hot. If you find that your RAM chips are overheating, you should consider buying a separate fan to cool your memory. If your motherboard doesn’t support a RAM fan, you might be able to get enough additional cooling by installing a fan card that plugs into a PCI slot.You can also buy copper “heatspreaders” or RAM heatsinks that improve heat dissipation and help prevent problems caused by overheated RAM.
Tip: Some motherboards will even allow you to mix speeds but will default to the slowest RAM
4. Failing hard disk – There may be many signs of imminent failure before a hard disk finally gives up, depending on the type of failure (mechanical, electronic, logical or firmware failure). Some of these signs include:
• Slow access times on the affected drive.
• An increasing number of bad sectors when running scandisk and chkdsk.
• Unexplained Blue Screens.
• Intermittent boot failures.
Detecting a failing hard disk can be tricky because the early signs are subtle. Experienced computer professionals can often hear a change in the normal disk spin (often manifested as a clicking or crunching noise or a high pitched whine). After the disk deteriorates further, you’ll see the system crawl to a standstill. Write processes will take a long time as the system tries to find good blocks to write to. (This will occur if you’re using a robust file system such as NTFS; other file systems will likely Blue Screen the computer.) You may get error messages such as “Windows delayed write failure” on Windows computers.
When you notice the system slow down, run scandisk or chkdsk, depending on your operating system. If you notice a bad sector where a good sector existed earlier, that’s a clue that the disk is going bad. Back up the data on the disk and prepare for it to fail soon. Make sure you have a spare disk ready so you can replace it when it fails, or replace the disk as soon as you notice the early signs of failure.Disk noise and scandisk/chkdsk are your best indicators for identifying a failing drive that’s leading to a system slowdown. However, if you are managing a system remotely, or you can’t take the system down for a full chkdsk/R, you can use tools that monitor disk health, such as Executive Software’s DiskAlert.BIOS settings – One often-ignored culprit of system slowdown is the machine’s BIOS settings.
Most people accept the BIOS settings as they were configured in the factory and leave them as is. However, slowdowns may occur if the BIOS settings do not match the optimal machine configuration. Often you can improve machine performance by researching your motherboard’s optimal BIOS settings—which may not be the same as the factory defaults.
There is no centralized database of optimal BIOS settings, but a simple Web search on your motherboard name and BIOS as keywords should yield the correct settings.
You may also be able to increase performance by updating or “flashing” your BIOS. Check with your motherboard’s vendor for the software and instructions to do this.
Disk type/controller compatibility – You’ve just purchased a new UDMA-100 disk drive, and it doesn’t seem any faster than any of the other drives in your machine. You do some benchmark
testing, and the new disk tests the same as the other drives in your system. So what’s the problem?
It could be that your motherboard doesn’t support the UDMA 100 specification. Check your manual to determine what type of IDE interface it supports. If the motherboard only supports
UDMA 33 or 66, then your UDMA 100 throttles down for backwards compatibility. You can get around this problem by installing a PCI UDMA 100 add-on card and plugging the new drive in to that interface.
Another potential problem may be the cable type you are using. UDMA 66+ drives require a different cable than older drive types. The drive may not work at all with the old cable type. Aged cables will break down over time, especially if they are tightly folded and the temperature of the case remains consistently high. It’s always worthwhile to change out the drive cable to see if performance improves.Also keep in mind that over the course of a year to 18 months, hard disk technology improves so that performance of newer disks is substantially greater (and so are disk capacities).
Replacing older disks, even if they are not at risk of failure, can give you a big performance boost. New Serial ATA (SATA) disks are faster than old Parallel ATA types.
5. Windows services – Many Windows services are enabled by default. Many of these services, however, are not required for your machine to run properly. You should review the services running on your Windows 2000/Windows XP computer and disable those that you don’t need.One way to see what services are running is to use the Services applet found in the Administrative Tools menu. Right-click My Computer and select Manage. Important information contained in the Services console includes the service Name, Status, and Startup Type. You
can get more details on a service by double-clicking on it to bring up the service's Properties.
You can stop the service by clicking the Stop button. If you are sure that you don’t need the service, click the down arrow in the Startup Type drop-down list box and set the service to Disabled. If you are not sure if you need the service, change the Startup Type to Manual. Then you’ll have the option of manually starting the service if you find that you need it.Another way of controlling which services start is using the msconfig utility. Open the Run dialog box and type msconfig in the Open text box. The Essential column shows services Microsoft considers essential to running the computer. However, note that many required services are not defined as essential in the System Configuration Utility window. You can prevent a service from starting at bootup by unchecking the check box to the left of the service.One service that is well known for slowing down Windows 2000/Windows XP systems is the Indexing Service. This service indexes the content of each hard disk and makes it easier for the Search utility to find files. Unless you are running a Web site that uses the indexing service, you may want to disable it to improve performance.
6. Runaway processes – Runaway processes take up all of the processors' cycles. The usual suspects are badly written device drivers, and legacy software installed on a newer operating system. You can identify a runaway process by looking at the process list in the Windows Task Manager. Any process that takes almost 100 percent of the processing time is likely a runaway process.
There are exceptions to this rule. On a smoothly running system, the System Idle Process should be consuming the majority of the processor cycles most of the time. If any other process were to take up 98 percent of the processor cycles, you might have a runaway process.
If you do find a runaway process, you can right-click the process and click the End Process command. You may need to stop some processes, such as runaway system services, from the Services console. If you can’t stop the service using the console, you may need to reboot the system. Sometimes a hard reboot is required.
7. Disk fragmentation – As files are added, deleted, and changed on a disk, the contents of the file can become spread across sectors located in disparate regions of the disk. This is file fragmentation. Some older operating systems, such as Windows NT, don’t have a built-in defrag utility; you must obtain a third-party solution, such as Executive Software’s Diskeeper.
Disk fragmentation can significantly slow down your machine. The disk heads must move back and forth while seeking all the fragments of a file. A common cause of disk fragmentation is a disk that is too full. You should keep 20 percent to 25 percent of your hard disk space free to minimize file fragmentation and to improve the defragmenter’s ability to defrag the disk. Thus, if a disk is too full, move some files off the drive and restart the defragmenter.
In Windows XP, you can use the defrag.exe command line tool to schedule defragmentation on a regular basis. For Windows 2000, you can use a program such as AutoDefrag
8. Background applications – Have you ever visited an end-user’s desktop and noticed a dozen icons in the system tray? Each icon represents a process running in either the foreground or background. Most of them are running in the background, so the users may not be aware that they are running 20+ applications at the same time.This is due to applications starting up automatically in the background. Look first for such programs in the Startup folder in the Start menu. Many applications place components in the Startup folder to run in the background. Some of these, such as the Microsoft Office Findfast, can really chew up processor and disk time and noticeably slow down a system.
Review each of the entries in the Startup folder and delete any that are unnecessary.Not all programs that run at startup appear in the Startup folder. Another place to look is the following registry keys: HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
9. In Windows XP, run msconfig and check the Startup tab to view startup programs. You can uncheck the boxes to keep individual programs from running at startup.File system issues – Some file systems work better than others for large disk partitions. If
the machine runs Windows NT 4.0, Windows 2000, or Windows XP, you should use the NTFS file system for best performance.
File system performance is closely related to cluster size and the number of clusters on the disk. NTFS file systems will bog down if you have a 60-GB hard disk configured with a cluster size of 512 bytes. This creates an enormous number of clusters, which the file system must track and seek. This becomes especially problematic when the drive is highly fragmented. One solution is to use larger cluster sizes. If you set the cluster size to 4K or larger, you will see noticeable improvement in file load times. Please note, however, that large clusters can significantly increase the amount of cluster slack space and lead to a lot of wasted disk space.Another trick to alleviate file system issues involves tweaking some Registry values (StartMenu|Run|Regedit):
• The first Registry value you can tweak is NtfsDisable8dot3NameCreation, which can be found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem. When you set this value to 1, it stops NTFS from generating the 8.3 file-naming convention used for backward compatibility. If you do not need these old filenames, you can improve performance by preventing NTFS from creating them.
• Another useful NTFS entry is the NtfsDisableLastAccess value, which can be found at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem. This is a REG_DWORD entry, and when it is set to 1, it will prevent NTFS from updating the date and time stamp of directories after they are browsed. However, this does not prevent an update to the file-access information when a file is opened or changed.
10 If you are not using the NTFS file system, you may be able to improve performance by moving files and folders out of the root directory. With FAT partitions, you may notice a big slowdown in system performance after running scandisk because a large number of .chk files are placed in the root directory. Users sometimes fill their root directories by making it the default file storage location. Move as many files and folders as possible out of the root directory, and performance should improve significantly.
Spyware and viruses pose a significant security threat, and they can also dramatically decrease computer performance. The first step when combating spyware should always be to scan the machine with updated spyware detection/removal and antivirus software. Use applications to remove any detected infections. If the software scanners don't work, here are a few other steps to try.
1. To remove spyware:
• Identify and end suspicious processes with Windows Task Manager.
• Identify and disable suspicious services with the Management Console.
• Identify and disable suspicious services and startup items with the System Configuration
Utility.
• Search and delete registry entries associated with suspicious services or startup items.
• Identify and delete suspicious files.
• Install and use multiple spyware detection and removal utilities.
Note: If the above techniques fail, start Windows in Safe Mode and retry.
Virus removal techniques depend heavily on the specific virus variant. You must therefore tailor your removal efforts to each virus.
2. Processor overheating – Modern processors generate a lot of heat. That’s why all processors require some sort of cooling element, typically a fan of some type. Machines used for gaming or other processor-intensive activities often use more sophisticated water cooling or refrigerant systems. When the processor temperature goes over spec, the system can slow down or run erratically. Modern motherboards can monitor the processor temperature and report it through the system BIOS.
The processor fan may fail for several reasons:
• Dust is preventing the fan from spinning smoothly.
• The fan motor has failed.
• The fan bearings are loose and “jiggling.”
Often you can tell if there is a fan problem by listening and/or touching the computer. A fan that has loose bearings starts jiggling and vibrates the case, making a characteristic noise. You may barely notice the noise at first, and it’s common for even the experienced computer pro to overlook this change. But as time goes by, the sounds and vibrations will become so prominent that you’ll change the fan out just to stop the racket!
You don’t always need to replace the fan. If it is covered with dust, you can often spray away the dust with compressed air. Note that even though you might get the fan running again, its life span has likely been reduced because of the overwork. You should keep an extra fan in reserve in case of failure.
There are a number of software utilities that will track the temperature of your processor and case. If you want to try some of these utilities, check out CNET's Download.com and use the search term "temperature."
3. Bad RAM – Several situations can lead to a bad RAM relationship with a particular machine:
• RAM timing is slower than optimal machine spec.
• RAM has minor flaws that only appear on detailed testing.
• RAM is overheating.
In the “old days” of Fast Page RAM, buying new RAM for your computer was a pretty simple affair. You just needed to know what speed your motherboard supported and the maximum each
slot would take. Today, there are many different speeds and types of RAM, and the better motherboards may be tolerant of using RAM that does not match the motherboard’s maximum
specs. For example, your motherboard may support ECC RAM but will still work with non-ECC RAM, or may support both PC2700 and PC3200 DIMMs. But be aware that you may need to change
BIOS settings and you may see performance decreases if you install RAM that is slower than the maximum spec.
Minor flaws in RAM chips can lead to system slowdowns and instability. The least expensive chips often have minor flaws that will cause your system to slow down or Blue Screen intermittently. Although built-in mechanisms may allow the system to keep working, there is a performance hit when it has to deal with flawed RAM chips.In the past, no one worried about RAM chips getting hot, because they didn’t seem to generate much heat. But that’s changed with newer RAM types, especially SDRAM. To check for overheating, open your computer’s case, power down, and pull the plug out. Ground yourself and touch the plastic on one of your RAM chips. Ouch! They get pretty hot. If you find that your RAM chips are overheating, you should consider buying a separate fan to cool your memory. If your motherboard doesn’t support a RAM fan, you might be able to get enough additional cooling by installing a fan card that plugs into a PCI slot.You can also buy copper “heatspreaders” or RAM heatsinks that improve heat dissipation and help prevent problems caused by overheated RAM.
Tip: Some motherboards will even allow you to mix speeds but will default to the slowest RAM
4. Failing hard disk – There may be many signs of imminent failure before a hard disk finally gives up, depending on the type of failure (mechanical, electronic, logical or firmware failure). Some of these signs include:
• Slow access times on the affected drive.
• An increasing number of bad sectors when running scandisk and chkdsk.
• Unexplained Blue Screens.
• Intermittent boot failures.
Detecting a failing hard disk can be tricky because the early signs are subtle. Experienced computer professionals can often hear a change in the normal disk spin (often manifested as a clicking or crunching noise or a high pitched whine). After the disk deteriorates further, you’ll see the system crawl to a standstill. Write processes will take a long time as the system tries to find good blocks to write to. (This will occur if you’re using a robust file system such as NTFS; other file systems will likely Blue Screen the computer.) You may get error messages such as “Windows delayed write failure” on Windows computers.
When you notice the system slow down, run scandisk or chkdsk, depending on your operating system. If you notice a bad sector where a good sector existed earlier, that’s a clue that the disk is going bad. Back up the data on the disk and prepare for it to fail soon. Make sure you have a spare disk ready so you can replace it when it fails, or replace the disk as soon as you notice the early signs of failure.Disk noise and scandisk/chkdsk are your best indicators for identifying a failing drive that’s leading to a system slowdown. However, if you are managing a system remotely, or you can’t take the system down for a full chkdsk/R, you can use tools that monitor disk health, such as Executive Software’s DiskAlert.BIOS settings – One often-ignored culprit of system slowdown is the machine’s BIOS settings.
Most people accept the BIOS settings as they were configured in the factory and leave them as is. However, slowdowns may occur if the BIOS settings do not match the optimal machine configuration. Often you can improve machine performance by researching your motherboard’s optimal BIOS settings—which may not be the same as the factory defaults.
There is no centralized database of optimal BIOS settings, but a simple Web search on your motherboard name and BIOS as keywords should yield the correct settings.
You may also be able to increase performance by updating or “flashing” your BIOS. Check with your motherboard’s vendor for the software and instructions to do this.
Disk type/controller compatibility – You’ve just purchased a new UDMA-100 disk drive, and it doesn’t seem any faster than any of the other drives in your machine. You do some benchmark
testing, and the new disk tests the same as the other drives in your system. So what’s the problem?
It could be that your motherboard doesn’t support the UDMA 100 specification. Check your manual to determine what type of IDE interface it supports. If the motherboard only supports
UDMA 33 or 66, then your UDMA 100 throttles down for backwards compatibility. You can get around this problem by installing a PCI UDMA 100 add-on card and plugging the new drive in to that interface.
Another potential problem may be the cable type you are using. UDMA 66+ drives require a different cable than older drive types. The drive may not work at all with the old cable type. Aged cables will break down over time, especially if they are tightly folded and the temperature of the case remains consistently high. It’s always worthwhile to change out the drive cable to see if performance improves.Also keep in mind that over the course of a year to 18 months, hard disk technology improves so that performance of newer disks is substantially greater (and so are disk capacities).
Replacing older disks, even if they are not at risk of failure, can give you a big performance boost. New Serial ATA (SATA) disks are faster than old Parallel ATA types.
5. Windows services – Many Windows services are enabled by default. Many of these services, however, are not required for your machine to run properly. You should review the services running on your Windows 2000/Windows XP computer and disable those that you don’t need.One way to see what services are running is to use the Services applet found in the Administrative Tools menu. Right-click My Computer and select Manage. Important information contained in the Services console includes the service Name, Status, and Startup Type. You
can get more details on a service by double-clicking on it to bring up the service's Properties.
You can stop the service by clicking the Stop button. If you are sure that you don’t need the service, click the down arrow in the Startup Type drop-down list box and set the service to Disabled. If you are not sure if you need the service, change the Startup Type to Manual. Then you’ll have the option of manually starting the service if you find that you need it.Another way of controlling which services start is using the msconfig utility. Open the Run dialog box and type msconfig in the Open text box. The Essential column shows services Microsoft considers essential to running the computer. However, note that many required services are not defined as essential in the System Configuration Utility window. You can prevent a service from starting at bootup by unchecking the check box to the left of the service.One service that is well known for slowing down Windows 2000/Windows XP systems is the Indexing Service. This service indexes the content of each hard disk and makes it easier for the Search utility to find files. Unless you are running a Web site that uses the indexing service, you may want to disable it to improve performance.
6. Runaway processes – Runaway processes take up all of the processors' cycles. The usual suspects are badly written device drivers, and legacy software installed on a newer operating system. You can identify a runaway process by looking at the process list in the Windows Task Manager. Any process that takes almost 100 percent of the processing time is likely a runaway process.
There are exceptions to this rule. On a smoothly running system, the System Idle Process should be consuming the majority of the processor cycles most of the time. If any other process were to take up 98 percent of the processor cycles, you might have a runaway process.
If you do find a runaway process, you can right-click the process and click the End Process command. You may need to stop some processes, such as runaway system services, from the Services console. If you can’t stop the service using the console, you may need to reboot the system. Sometimes a hard reboot is required.
7. Disk fragmentation – As files are added, deleted, and changed on a disk, the contents of the file can become spread across sectors located in disparate regions of the disk. This is file fragmentation. Some older operating systems, such as Windows NT, don’t have a built-in defrag utility; you must obtain a third-party solution, such as Executive Software’s Diskeeper.
Disk fragmentation can significantly slow down your machine. The disk heads must move back and forth while seeking all the fragments of a file. A common cause of disk fragmentation is a disk that is too full. You should keep 20 percent to 25 percent of your hard disk space free to minimize file fragmentation and to improve the defragmenter’s ability to defrag the disk. Thus, if a disk is too full, move some files off the drive and restart the defragmenter.
In Windows XP, you can use the defrag.exe command line tool to schedule defragmentation on a regular basis. For Windows 2000, you can use a program such as AutoDefrag
8. Background applications – Have you ever visited an end-user’s desktop and noticed a dozen icons in the system tray? Each icon represents a process running in either the foreground or background. Most of them are running in the background, so the users may not be aware that they are running 20+ applications at the same time.This is due to applications starting up automatically in the background. Look first for such programs in the Startup folder in the Start menu. Many applications place components in the Startup folder to run in the background. Some of these, such as the Microsoft Office Findfast, can really chew up processor and disk time and noticeably slow down a system.
Review each of the entries in the Startup folder and delete any that are unnecessary.Not all programs that run at startup appear in the Startup folder. Another place to look is the following registry keys: HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
9. In Windows XP, run msconfig and check the Startup tab to view startup programs. You can uncheck the boxes to keep individual programs from running at startup.File system issues – Some file systems work better than others for large disk partitions. If
the machine runs Windows NT 4.0, Windows 2000, or Windows XP, you should use the NTFS file system for best performance.
File system performance is closely related to cluster size and the number of clusters on the disk. NTFS file systems will bog down if you have a 60-GB hard disk configured with a cluster size of 512 bytes. This creates an enormous number of clusters, which the file system must track and seek. This becomes especially problematic when the drive is highly fragmented. One solution is to use larger cluster sizes. If you set the cluster size to 4K or larger, you will see noticeable improvement in file load times. Please note, however, that large clusters can significantly increase the amount of cluster slack space and lead to a lot of wasted disk space.Another trick to alleviate file system issues involves tweaking some Registry values (StartMenu|Run|Regedit):
• The first Registry value you can tweak is NtfsDisable8dot3NameCreation, which can be found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem. When you set this value to 1, it stops NTFS from generating the 8.3 file-naming convention used for backward compatibility. If you do not need these old filenames, you can improve performance by preventing NTFS from creating them.
• Another useful NTFS entry is the NtfsDisableLastAccess value, which can be found at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem. This is a REG_DWORD entry, and when it is set to 1, it will prevent NTFS from updating the date and time stamp of directories after they are browsed. However, this does not prevent an update to the file-access information when a file is opened or changed.
10 If you are not using the NTFS file system, you may be able to improve performance by moving files and folders out of the root directory. With FAT partitions, you may notice a big slowdown in system performance after running scandisk because a large number of .chk files are placed in the root directory. Users sometimes fill their root directories by making it the default file storage location. Move as many files and folders as possible out of the root directory, and performance should improve significantly.