What is the proper way of debugging a slow Windows installation?



You know the drill - you've been asked to check why your cousin's computer is running slow. I was right there yesterday. Being a Mac user since 2007 I haven't really dug deep in Windows internals in the past five years. Googling for answers reveals many, many different answers: broken registry, spyware, antivirus program, fragmented disk, turning of visual effects etc.

In this particular case I was asked to look at a two year old HP laptop with Vista. Windows was running incredibly slow and even opening up a new explorer window took almost a minute. I ended up doing everything of the above: running cc cleaner, defragmenting the disk, turning off visual effects, turning off norton and a bunch of other things random people on the Internet believe have an impact on Windows performance.

Now I turn to you dear Superusers - I'd like to understand this in depth. Is there a proper, "scientific" if you so will, way of debugging and understanding where the problem with a slow running Windows installation lies? (In my particular case this concerned Windows Vista but let's try to create a general guide for XP and Windows 7 too).

To me, it seems wrong to just run a bunch of different tools without understanding the underlying cause of the error.


Posted 2012-03-25T15:56:34.543

Reputation: 673

the simplest way is to never get that kind of computer for windows use again.... since this may be related to some totally unknowable and unfindable hardware bug (unless you know vast quantities of totally obscure debug knowledge)... return to store if possible... oh wait you aren't talking about installing windows... if there is a rootkit and MBR virus it may be simplest to back up files with a (linux) live cd hose the drive with zeros with dd, and reinstall windows.. if its just windows being stupid (all OSes do) that will also be fixed – conspiritech – 2012-03-25T18:48:15.343

@conspiritech they mean a current working installation that is slow to respond. – Moab – 2012-03-25T19:22:52.890

then go with the bottom half of the comment – conspiritech – 2012-03-25T19:23:29.543

Turn off pretty much all of the start-up procceses using msconfig, reboot, CCleaner, defrag, virus scan, reboot, ccleaner and defrag..reboot =p. That's what I would do, but that is just me. (and vista sucks =p) – cutrightjm – 2012-03-25T21:19:45.450



Let's start at the top, and then we dig deeper than ever.

While you can run random tools like Process Explorer or Automatic Runs, poking around in them won't show you everything and there would still be things hidden under the grass. And if you go around disabling programs and changing your drivers, you are most likely fixing something that ain't broken.

As with every scientific research, we first have to determine the cause before coming to a solution...

Stuck? Get better ideas, divide and conquer your options and put things to the test.

Windows Experience Index

The quickest way to identify whether it's not just the hardware...

Under Control Panel\All Control Panel Items\Performance Information and Tools you can find the Windows Experience Index, known as a good way to asses key system components.

Sometimes your computer just doesn't fit your daily needs anymore...

In above example, this would require one to investigate the hardware this computer has and do an attempt at upgrading drivers; if not, time to upgrade that copmuter. That's how far hardware goes...

Resource Monitor

A good overview of what's going on on your computer, no download required...

Under Control Panel\All Control Panel Items\Administrative Tools you can find the Resource Monitor, it is also accessible from the Task Manager by the click of a button. This gives a very nice overview of the CPU / Memory / Disk / Network of the applications and services on your system.

Firefox and AVP? Smells like excessive virus scanning while browsing. And do I need wmpnetwk.exe?

No need to fire up Process Explorer or Process Monitor, because this beast also shows the System Interrupts and even allows you to filter. And in case there's something wrong with that, DPC Latency Checker and LatencyMon can help you to quickly pinpoint the issue. But why not install a much more insightful tool instead?

Windows Perfomance Toolkit

Comes with the easy Recorder and an insightful analyzer, no problem escapes your eyes...

These tools are available in the Windows ADK, which is for Windows Vista and above. Please note to only select Windows Performance Toolkit during the installation, because the other tool takes quite long to download and is only meant for professionals.

And then you can finally start the Windows Performance Recorder, only check the things you need and then start tracing. After you caught the slow moment, you can stop tracing and it will save the trace to a location you can easily find back.

Last time I mentioned this, you had to do this all with the command-line... Welcome to 2012!

Yes, this can also be used to trace shutdown/(re)boot/standby/hibernate/resume/fastStartup scenarios.

Now, let's look at what 10 seconds of pretty idle performance look like.

Oh no, I forgot to close Resource Monitor, look how consuming its graphs are...

From the left side, you can expand the graph sections and drag the graphs you want to the right side. In the right side you can manipulate the graphs in many way; hovering, clicking and right clicking should teach you some things. Not to forget about the tabs in the top or the annotation features at the right.

Yeah, tables of performance data with yellow and blue bars...

In the above image you can see that by the click of a button you can get a table under your graph. By right clicking on the columns header you can add/remove columns (there are some not shown).

Note the yellow and blue bar. Anything before the yellow bar are considered to be the keys of that row, it is used as the series for the graph. The values between the yellow and blue bar are aggregated (usually summed), because its not just about a process but rather about the stacks the threads of the process walked. Then last, you can graph columns and give them a color. If you drag a start time and an end time here, it will even change the graph to show horizontal bars (to show when things started and stopped)...

Now, what about the drivers?

Nvidia is kind of resource heavy, and seems I couldn't resist moving my mouse around...

Windows Assesment Console

If you can't get enough, this one runs for hours and generates tons of XML / WPT data for you to analyze. Not for the faint-hearted, it's also available from the Windows ADK. It's useful for professionals, but is in most cases really not needed...

Yes, my dear system, I've dug so deep that you have no performance secrets for us.

Tamara Wijsman

Posted 2012-03-25T15:56:34.543

Reputation: 54 163

3Good stuff. I have a comment to slip in, it is sort of the opposite of your first paragraph. At times I Start by asking them if "you need that stuff" and removing all the junk they dont want, didnt know was even there still, and do not use. I dont see any point in analising junk they do not want to begin with. So for me it would be to remove First, analise what is Left if needed. after seeing the piles of junk most people have, I do prefer to break it first :-) – Psycogeek – 2012-03-26T01:58:52.700

3@Psycogeek: The risk with that is that it is easy to take that too far, as these tools are meant to solve problems and are not meant for general cleanng; the place to clean your computer should be Control Panel\Programs\Programs and Features in the first place anyway. But, this is why I used Let's start at the top, because if you start at the bottom you'll only be playing a guessing game; also, you will start seeing things as junk that don't actually affect your performance, which is why tons of people on Google come with suggestions that don't work much anyway... – Tamara Wijsman – 2012-03-26T10:04:12.403

1+1 Amazing writeup and info Tom, I've not played with the Performance Toolkit before but after reading this i certainly will when the opportunity arises!:) – HaydnWVN – 2012-03-28T08:23:59.473

1Great answer. Now I'm looking forward to get an opportunity to get a slow Windows installation to look at :) – Niklas – 2012-03-28T20:20:10.937

@Niklas: Good luck; if you ever need help, you can ping me (start your message with @TomWij) on chat. – Tamara Wijsman – 2012-03-28T20:21:39.270

One thing I would reccomend to add to this list, is before you go downloading and installing the windows ADK, run the Performance Monitor on it that is built in to windows

– Scott Chamberlain – 2012-08-03T17:48:19.397

The link to Windows ADK is dead. Here is the correct one (for Windows 7): http://www.microsoft.com/en-us/download/details.aspx?id=8279

– marcovtwout – 2013-08-29T08:02:14.930

@marcovtwout: That's the SDK, not the ADK. – Tamara Wijsman – 2013-08-29T09:13:25.490

And all of a sudden the link is fixed :) – marcovtwout – 2013-08-30T20:18:22.070


To me, it seems wrong to just run a bunch of different tools without understanding the underlying cause of the error.

If only more people would think like that :)

There actually are tools to determine why a Windows installation is performing worse than it should. The problem is, if you're not, at least, using Windows daily, using them might not yield the results you'd like.

Usually bad performance is trivial to solve. It's either a rogue process eating up all the resources or it's faulty hardware/drivers.

Process Explorer

The absolute first step I will usually make is to check Process Explorer. Process Explorer is like Task Manager on crack. You can also pull the executable file directly from live.sysinternals.com.
It will tell you if it's a driver (high Interrupts load) or a process.

Analyzing High DPC/Interrupts

We already have an excellent question on that subject, so I won't replicate any information here.

Rogue Process

If the problem is a rogue process and you can't kill it (maybe it's resistant malware), you might want to disable it using Autoruns.

Further reading

There are a lot more tools and a lot more ways to analyze Windows problems correctly. People actually write books about that. There is simply way too much knowledge to be conveyed in a SU answer :)

Me personally, I would already be really happy if people would stop optimizing their Windows registry...

Der Hochstapler

Posted 2012-03-25T15:56:34.543

Reputation: 77 228

1This is a fantastic answer – Mala – 2012-03-25T18:40:30.550

4+1 "I would already be really happy if people would stop optimizing their Windows registry" – Moab – 2012-03-25T19:23:32.750


  1. Ask user what they mean by "slow" - is the entire system slow? is just one program slow? is Internet Explorer (as opposed to actual network speed) slow? is the system slow only when doing certain things?
  2. appwiz.cpl -> delete anything with "Toolbar" in the title, as well as anything else that looks like malware, spyware, or stuff the user doesn't need. Also check for malicious IE add ons and it wouldn't hurt to completely reset IE settings from the Internet Options control panel if you suspect malware has messed things up.
  3. Process Explorer from an external thumbdrive as @Oliver Salzburg mentions -> any executables that are not signed by Microsoft or a well-known vendor should be suspicious - whittle it down to only what the user needs.
  4. Autoruns - another great Sysinternals utility - find what is registered to launch automatically on startup -> any executables that are not signed by Microsoft or a well-known vendor should be suspicious
  5. Malwarebytes + other free malware scanning program of your choice to check for viruses.
  6. Apply all outstanding Windows and Office updates
  7. Apply latest video driver updates if the PC belongs to a gamer
  8. Is antivirus out of date? Install newer version of antivirus if available
  9. User expectations - is the user really overtaxing their computer? (this step is necessary if computer is old)
  10. CCleaner - for the gigs of Temporary Internet Files undoubtedly...
  11. Run defrag.exe
  12. If the user generally uses the PC for Internet usage, install Chrome and make it default browser.
  13. Image the machine if you can so you won't spend as much time doing it all again in three months when the user listens to none of your advice and is in the same exact situation.


Posted 2012-03-25T15:56:34.543

Reputation: 63 487

3-1 Malwarebytes is NOT a virus checker! – HaydnWVN – 2012-03-28T08:22:05.700

While there are some valid points that could solve the problem, this method is far from actually debugging a problem. – marcovtwout – 2013-08-27T13:04:05.803


In Windows there are things like the Task Manager, Resource Monitor and Performance Monitor that help you figure out where your bottlenecks are.

Not to mention Safe Mode and MSConfig for testing/eliminating software suspects, and the disk utilities for determining if the disk and file system are in good health.

Those are where you should start, long before you start firing cleaning utilities at the OS. :)


Posted 2012-03-25T15:56:34.543

Reputation: 103 763


I ALWAYS check the HDD first, no matter what the user is complaining about. I use HDSentinel to check it , I then reboot and recheck as I have had 2 instances where post reboot, it told me the HDD was failing, when the initial test said it was perfect/close to perfect.

After checking the HDD (lets assume it is fine) I check how much RAM is 1)in the unit 2) free post a reboot 3)free with 3.1)users browser open 3.1)Users email client open 3.2)Word/Excel/the usual apps the User uses daily.


Posted 2012-03-25T15:56:34.543

Reputation: 39