Fix PC Errors Blog

While it is possible for every piece of hardware in your PC to fail, your hard disk drives are the most likely to die. Hard disks are the only components with moving parts that are constantly running in your computer, and like anything that has moving parts, they can wear out. With today’s hard drives getting bigger and bigger, it gets more expensive to develop drive parts that are both precise and robust. Nearly all consumer hard drive warranties are 1-year, but the average replacement time for a PC is about three years. Since only a hard drive crash can actually destroy your data, this means your PC will spend 2/3rds of its time with the most data-critical component unprotected by the manufacturer - and if the manufacturer won’t provide a warranty for the device you can bet there’s a reason.

Your computer manufacturer may cover the whole computer for three years, if you bought the extended warranty, but that won’t save your data. If you don’t have a data backup plan, you should read my blog entry Backing Up is Hard To Do. If losing your data forever is a problem, then you need a backup system. The next thing to do is read the rest of this blog, where I’ll explain how to maintain your hard drives and find out ahead of time if they are going to fail.

Checking for Errors

There are several ways you can check for errors on your drive. First, you should get a free utility to check your drive called HD Tune. HD Tune can read information on your drive, perform an error check and run speed tests. While most of the information is highly technical, HD Tune will sum up your drive’s health as ‘OK’ if everything is running fine. If not, it’s probably time to consider a new drive. Hard drive failures tend to be exponential - the first few errors may happen over a long period of time but once the number of errors goes up, it’s usually not long before the hard drive goes belly up.

After checking the overall health of your drive, run an error scan on each disk to check for physical errors on the hard drive. If you have any, the end is probably near. Most modern hard drives leave extra “sectors” blank so that data can be moved to those sectors when another sector becomes defective, but there are only so many of these and again, hard drive failures tend to start small and get big fast. If you see any errors you should make sure you have your data backed up and re-check the drive at least a couple days a week.

The next thing to check is the Event Viewer. Right-click on My Computer, select Manage, and open the Event Viewer folder. Click on the System log and sort by the Source column. Look for errors listed under ‘disk’ - if you find any, open them and look for the words ‘bad block’. If you have these errors then disk failure could be hours away.

The last check to run is chkdsk. This utility runs the next time you restart your computer and you can schedule a scan by running chkdsk /f from the command line (Start, Run…, type cmd and hit enter). You will be asked if you want to schedule a scan for the next time Windows starts - hit Y to confirm or N to cancel the scheduled scan. You can also specify the drive you want to check using chkdsk d: /f, where d: is the letter of the drive to check (don’t do CD-ROM drives).

Defragmentation

Defragmentation is essentially the only thing you can do to a hard drive to improve its performance that doesn’t involve highly technical and potentially dangerous tools. However it is especially critical to do if you have a drive that is getting full (more than 60%) or if you’ve got a lot of small files on the drive. Since your system drive will have a lot of of small, frequently used files (not to mention all the temp files that Windows throws around), you should defragment it at least once a month.

If you still have the Computer Management window open from looking at the Event Viewer, check out Disk Defragmenter next. Defragmenting a drive multiple times does little harm (although it does exercise the drive more than it would have been), but if you’ve defragmented recently and just want to check, hit the Analyze button to see what your drive looks like. Big blocks of blue are good - tiny lines of blue or red are not. Windows will tell you if you need to defragment or not, but depending on the files that are fragmented you may want to do it anyway, or if there are a lot of lines scattered everywhere. Blocks of data are easier for your hard drive to read as it doesn’t have to jump around as much.

If the drive is pretty bad, Windows will not organize everything into nice neat blocks in order to save time. If you really want your drive fully defragmented and have all the data organized toward the front of the drive, you may have to run the defragmenter several times.

Is it Really Dead?

Sometimes, a failing power supply (another component prone to failure) can cause hard drive errors in the event log (they may listed as ‘atapi’ in the Source field), poor hard drive performance or clicking sounds as the hard drive resets itself. In this case your hard drive may not be failing - yet. Bad power can ruin a hard drive just like old age can. While power supplies are harder to replace, they are usually covered under the manufacturer’s warranty. So if you have these symptoms, backup all your data and call your computer manufacturer right away. Hopefully they’ll recognize it as a power supply failure and replace the part for you.

Last time I covered the first two Task Manager tabs, Applications and Processes. In this post I will explain the other three tabs, Performance, Networking and Users.

Performance Tab

The Performance tab is the executive summary of the Processes tab. Where the Processes tab can show you what processes are running (and the resources they are consuming), the Performance tab gives a high-level look at your system resource usage - most importantly, how much physical memory is available for programs.

The CPU Usage and CPU Usage history sections are straightforward. The first is a graph of how much CPU the computer is using at the moment and the second is a line graph of CPU usage over a given period of time (by default, each grid is ten seconds). If you are getting slow performance, and the CPU history shows a lot of usage, or is pegged at 100%, it’s a clue to look at the Processes tab to see what process (or processes) are using so much CPU. Under normal usage there should be some spikes but the processor should never be pegged at 100% for any length of time.

The PF Usage graphs are similar in purpose to the CPU graphs, but they relate to page file usage, or more accurately, virtual memory usage. These graphs show how much memory you are using on your computer. If they ever get close to the top you will have performance issues and eventually program crashes. Again, you should check out the Processes tab to see what programs are using a lot of memory.

If you commonly find that you are close to the maximum amount of available memory, you can increase the size of your page file. Right-click on My Computer, click Properties and then choose the Advanced tab. In the Performance section, click Settings and choose the Advanced tab in the window that appears. In the Virtual Memory section, click Change. You will see there are three options for paging file size:

1. Custom size - you can set the upper and lower limits
2. System managed size - Windows sets the size of the page file
3. No paging file - No page file is used at all

The typical recommendation is the amount of physical memory multiplied by 1.5. So if you have 1GB of RAM, you should set your page file size to about 1536MB (one GB of RAM is 1024MB). If the recommended size in the Total paging file size for all drives is close to this amount you can just use that instead. If you set the Initial size and Maximum size the same, you will prevent Windows from changing the page file size on its own, which is a huge performance hit in most cases, and is typically done at the worst possible time - when you need more virtual memory.

If you already have a page file that is 1.5 times the size of your physical RAM and you are still running out of virtual memory, you need to buy more RAM. You also may want to consider an x64 version of XP or Vista, which allows you to use RAM beyond the 4GB limit that 32-bit Windows systems have. It’s also possible to turn off the page file, if and only if you have enough physical RAM. The next section can help you determine if that is possible.

Totals, Commit Charge and Memory

The Totals section of the Performance tab simply displays the total handles (files or registry keys being accessed by programs), threads (individual parts of programs that are using the CPU) and processes (executables) on your computer. If any of these get extremely high you can go to the Processes tab and add the appropriate column (Handle Count for handles) to see which process is using the most.

The Commit Charge and Physical Memory sections are the most vital to determining the performance of your computer. Modern CPUs are usually fast enough to handle most computing tasks without breaking a sweat. Games and video editing software may tax a computer but Office, money management suites and Internet browsing should never be a problem, and unless you’ve filled up your hard drive without realizing it, the last remaining performance culprit is memory.

The Commit Charge section has three parts:

1. Total - the current total of memory being used by programs
2. Limit - the maximum amount of memory that can be used before a program will crash
3. Peak - the highest usage of memory since the computer has been turned on

The Physical Memory section also has three parts:

1. Total - the total amount of physical memory (RAM) in your computer
2. Available - the amount of physical memory available for programs
3. System Cache - the amount of physical memory being used for open files

If your peak commit charge is bigger than the total physical memory, it’s time to consider more physical RAM, especially if you do a lot of multitasking. If you only occasionally open a lot of programs then you will probably be fine. If after an intensive multitasking session on your computer, your peak commit charge is only half of your available RAM, you can consider reducing or eliminating your page file. To be sure, check your peak commit charge every time you are ready to log off your computer for a couple weeks. Be aware though, that if you run out of physical memory your programs will crash, although this goes the same for physical memory plus the page file as well.

The Kernel Memory section typically does not offer much performance information, but if the numbers are high you may have too many drivers or buggy drivers taking up a lot more memory than they should be.

Networking and Users

The Networking tab is new to Windows XP. For the most part it doesn’t help much with performance troubleshooting, but like any other graph, if it is maxed out you have a problem. Unlike the other tabs, there isn’t an easy way to determine what processes are using up your bandwidth. If you have more than one PC at home, you may experience a slow Internet connection if the other PC is using up too much bandwidth, and you can check the Networking tab on that machine to be sure.

The Link Speed column indicates how fast the network link is. If you have a wired link, it’s probably 100 Mbps or 1000 Mbps (or 1Gbps). If you have broadband, your Internet link speed is probably in the 1.5 Mbps to 10 Mbps range - well under the limit for your network adapter. If you are transferring files from one computer to another though, you can max out a 100 Mbps link.

The Users tab will be available if you have Fast User Switching turned on. I always turn this off as it is the biggest performance killer besides a massive spyware infection if you actually have multiple people using your PC, and if you don’t, then you don’t need Fast User Switching anyway. Basically it will tell you how many users are connected to your PC and from which computers.

If you share files in a dorm environment, you may have a lot of connections on your computer which impacts performance. You can view the same information in the Users tab by right-clicking on My Computer, clicking Manage and selecting Shared Folders. Underneath you will see three more folders:

1. Shares - folders that are shared on your computer
2. Sessions - users logged into your computer
3. Open Files - files that users have opened

If you’ve got a lot of people connected you can kick them all off by right-clicking on their session and disconnecting them.

When it comes to system performance issues, Windows’ Task Manager (Ctrl-Shift-Esc) is the first place to look. Task Manager can also end processes that aren’t responding, start new processes and switch to applications that may have gotten “stuck” when a dialog box got covered up by another window.

Status Bar

In all Task Manager tabs, the status bar at the bottom of the window shows three things:

1. Processes: The number of running processes. The more processes running, the more work Windows has to do and the slower your computer will run.
2. CPU Usage: Total CPU usage by all processes. If this stays at 100% for an extended period of time, it is typically because of a buggy application.
3. Commit Charge: The total amount of memory that Windows is using for applications and the maximum available memory. If the commit charge ever gets close to the maximum available, Windows will slow down considerably.

Note: in the screenshot below, the Users tab is missing because I have Fast User Switching turned off. I will cover the users tab briefly in the next article on Task Manager.

Application Tab

The default first view is the Application tab. There’s really not much exciting here but this tab does allow you to switch to a task that may otherwise not be responsive. You can also attempt to gracefully end a task (which is safer than ending its process) or start a new task. For example, when Windows Explorer hangs and you are forced to close it, you can use Task Manager to start a new Explorer.exe if it doesn’t come back up on its own.

Processes Tab

The Processes tab is a detailed view of all exes that are running on your computer. You may need to check the Show processes from all users checkbox to see everything. The default columns will show some information but many additional columns are also available, and can be added from the View -> Show Columns… menu item. Here is a list of some of the more useful columns and what they mean:

• Image Name: The name of the executable
• PID: A number that is assigned to the executable by Windows.
• User Name: The user that is running the process. The SYSTEM, LOCAL SERVICE and NETWORK SERVICE users are all built into Windows and run system processes. It is almost never a good idea to forcefully end one of these processes. If you have a lot of processes running under your username, especially if you don’t have any applications open, your computer may be burdened with junkware, or worse.
• CPU Usage: Current percentage of CPU being used by the process. If a process is using 100% of the CPU for more than a minute or so, it usually means the process has locked up.
• CPU Time: Total amount of CPU time the process has used. Sort by this column to see if any process is using a lot of the CPU’s time. If you have slow performance issues, this is the first thing to look for in determining which program is causing the problem.
• Memory Usage: This is the amount of memory that Windows has allocated to a particular process. If a process which isn’t being used starts using more and more memory, it is a sign of a memory leak. Eventually the process may use up all available memory and crash.
• Peak Memory Usage: The largest amount of memory that has been used by a process. This is a useful gauge to determine how much memory to allow for a particular program.
• I/O Reads and I/O Writes: While not strictly about disk usage, the vast majority of I/O activity is related to disk usage. Any program with a lot of I/O reads and especially I/O writes may be causing performance problems.

If you right-click on any process you will get 5 options:

1. End Process: This will kill the process and unlike the Application tab, it will do it right away, unless you do not have permission to end it (which is usually the case with processes running under the SYSTEM username).
2. End Process Tree: If a process started another process, this command will end those processes as well. If you use this command on explorer.exe it will kill all of your running applications.
3. Debug: If you have a debugging tool, you can debug a process with this option. If you don’t know what debugging is you should definitely never use this command.
4. Set Priority: This option allows you to set the priority of the process in using the CPU. For the most part this should be left alone, but if you are watching a movie on your computer, setting the priority to “High” for the process will help if the video starts skipping frames.
5. Set Affinity…: If you have a hyper-threaded, dual core or quad core processor, you can use this option to restrict a process to specific cores. This can be useful for processes that use a lot of CPU.

In Part 2, I’ll cover the Performance and Networking tabs in detail, as well as the Users tab.

The Windows registry has been around since Windows 3.11. Its main purpose was to replace the many text configuration files for programs that were littered about the file system and separate the user configuration from the system configuration. In this way each user has their own configuration which would have been much harder to implement with text files stored wherever the application happened to think they should go. Additionally, it allows much greater flexibility for remote administration, is much easier to backup and monitor and is a lot faster than parsing text files.

Of course like many good ideas the registry has mutated into a maze of program settings and confusing keys and values, particularly those that deal with the Windows operating system. While most of the inherent stability problems that plagued earlier versions of Windows have been resolved, the registry is still easily corrupted by third-party programs (whether by accident or malicious intent) and fixing it by hand is usually out of the question for anyone but operating system experts. There are also a few drawbacks to the registry system:

1. A single point of failure – if the registry file itself is corrupted the operating system may not boot at all. Since it is the single place for configuration storage, the registry is being written to constantly.
2. The registry does not contain any documentation (although some keys and values are documented by Microsoft and various Internet sites), so it is difficult and dangerous to edit by hand.
3. It is very difficult to backup parts of the registry. Usually programs that clean the registry will back up the changes they make, but in general you can’t restore registry changes for a particular program without restoring the entire registry.
4. Applications leave registry entries behind which can cause slow performance and system crashes. There is a particular section of the registry where orphaned entries cause problems (and we’ll get to that later).
5. It is very difficult to transfer application settings from one computer to another. Microsoft has provided a tool to transfer all settings (File and Settings Transfer Wizard) or settings for individual Microsoft programs, but it can be hit or miss if the second computer does not have all the programs that the first computer has.

Registry Structure

The registry is divided into 5 “hives” which contain all the registry keys and values. A key is like a folder that contains values. The five hives are:

1. HKEY_CLASSES_ROOT (HKCR) – stores information about applications that register themselves with Windows. This is the hive where most performance-related issues can be traced to, as items are registered to programs that no longer exist. This hive is actually merged from keys in the next two hives.
2. HKEY_CURRENT_USER (HKCU) – stores user-specific settings and changes with each user that logs in. Each user folder in Documents and Settings contains a file called NTUser.dat where these user-specific settings are stored.
3. HKEY_LOCAL_MACHINE (HKLM) – stores machine settings that do not change when different users log on. This hive is vital for the proper functioning of the operating system.
4. HKEY_USERS (HKU) – stores all user-specific settings (i.e, HKEY_CURRENT_USER for every user on the computer). HKEY_CURRENT_USER is loaded from this hive.
5. HKEY_CURRENT_CONFIG (HKCC) – stores data gathered during boot and is regenerated every time the computer restarts.

The HKCR hive is where many performance issues and errors stem from. This hive contains information related to files opened with Windows Explorer, mainly, which program or part of a program should open what file. While simple in concept, there are thousands of keys under this hive and it uses a lot of CLSIDs, or Class IDs, instead of program names. Programs like RegCure can look up the CLSIDs and determine if the programs they reference still exist. Cleaning out entries for non-existent programs fixes a lot of errors regarding file types and speeds up performance.

Common Registry-Related Problems

There are several other registry-related problems caused by programs not installing or uninstalling correctly which can cause errors and impact performance:

• The uninstaller does not clean out the registry properly and the software is still listed under Add/Remove Programs in the Control Panel
• Programs may install different versions of the same DLL which other programs are not compatible with
• The registry may have programs loading at startup that no longer exist
• Application paths in the registry may no longer exist

It is likely that if you have installed and uninstalled a lot of software that your system has some of these problems and could benefit from a registry cleaning.

There are may causes for slow computers – spyware, fragmented hard drives, overzealous Internet security suites, or just plain too much junk running all the time. Most computer manufacturers pile on the junkware so even high-performance systems can be slow out of the box. Often this is the main cause of computer slowness.

To get a handle on all those processes you need to find out what they are. The easiest way to do this is to run Task Manager (right click the start menu, choose Task Manager). On the Processes tab, check “Show processes from all users”. Click on the User Name column to sort processes by user. Typically, you can ignore processes from LOCAL SERVICE, NETWORK SERVICE and SYSTEM, as they are part of the operating system and Windows needs them running to work properly.

Count the number of processes running under your user name. I have 6 running right now:

1. taskmgr – Windows Task Manager, which I am using to look at processes
2. WINWORD.EXE – Microsoft Word, which I am using to write this article
3. explorer.exe – the main interface for Windows
4. firefox.exe – Firefox web browser
5. ctfmon.exe
6. jusched.exe
7. jucheck.exe

So I know what three of these processes are, but are the other three? Getting the answer was simple – I just typed the name of the processes into a Google search and got a pageful of sites with useful information:

• ctfmon.exe is a Microsoft Office feature for Alternative User Input as well as the language bar.
• jusched.exe is a program that checks for updates to Sun’s Java Runtime Environment.
• jucheck.exe appears to be the same thing as jusched.exe, a process that checks for updates for Java.

ctfmon.exe is very difficult to get rid of so I skipped over that one and decided that I really don’t need to update Java, despite the warnings on the website. To stop the Java programs from running at startup, I used MSConfig (Start Menu, Run, type “msconfig”, hit enter), a handy tool provided by Microsoft for controlling startup options. On the General tab, I made sure to choose “Selective Startup” and then I clicked the Startup tab to see at all the processes running at startup. You can see that I’ve only got four enabled:

1. RUNDLL32 – runs the TweakUI control panel applet
2. NvCpl – nVidia control panel for my video card
3. ctfmon – Microsoft Office, one of the exe’s from Task Manager
4. jusched.exe – the Java scheduler (which also controls jucheck.exe)

After unchecking “jusched”, I clicked OK and decided not to restart my computer. Once I do though, both jusched.exe and jucheck.exe won’t start and I’ll have two less processes taking up resources.

You can follow these steps to cleaning up other processes on your computer – find a process in Task Manager, look it up on Google, and then see if it is running on startup in MSConfig. Leave your anti-virus or security suite running but take a good hard look at all the other programs running – chances are you don’t need them on. The benefits are more speed while running your programs and faster boot time – after pruning down all of my processes, I can restart my three-year-old computer and be back to my desktop in about 45 seconds.