Memory, Speed, and Performance May Decrease
1. The article [Q310419] describes issues concerning computer speed and decreased performance caused by programs loaded at startup, programs that create memory leaks, and the situation when a computer has a small or minimal amount of random access memory (RAM), or a slower central processing unit (CPU).
2. The article [Q822430] explains that when you click a large Audio Video Interleaved (AVI) file in Explorer, Windows may stop responding (hang), you notice that the Explorer.exe process consumes 100 percent of CPU usage for up to two hours or more and occurs when Windows tries to query the index of the file which isn't there and then attemps to build one. Read the TweakXP tip "AVI files causing high cpu usage again with installation of XP SP1" to prevent Explorer from loading shmedia.dll in response to their file property queries causing 100% cpu usage.
3. The article [Q314056] describes Svchost.exe (%SystemRoot%\System32 folder), the generic host process name for services that run from dynamic-link libraries (DLLs), can run in multiple instances at the same time and each session can contain a grouping of services so they can run depending on how and where it is started. Please note, the built-in "Task Scheduler" -- a "huge word that" (Schedsvc.dll) component is made up of the MSTask.exe service file and a user interface (UI) component in MSTask.dll that you can use through Windows Explorer or through Control Panel and is hosted by the file Svchost.exe in the Netsvcs group.
Note: If you feel a service stared and running is to blamed for the excessive CPU usage, use the procedure in [Q811267] to stop services one at a time simply for the purpose of determining which one could be causing the anomaly.
4. The Power Options Tool (Powercfg.exe) is a utility which was introduced in Windows XP Service Pack 1 (SP1) that can be accessed from this tool in Control Panel to set certain power options. Whether they will be of use or help is anybody's guess, [Q324347].
5. When a Microsoft Foundation Classes (MFC) application is run on WinXP, a memory leaks for Graphics Device Interface (GDI) objects may be seen when creating and destroying child windows and can be observed in the GDI objects of the process in Task Manager. This can occur when a program make many calls to the StgCreateDocFile function to create compound storage objects and causes a 512-byte memory leak to occur - an error, STG_E_FILEALREADYEXISTS (0x80030050). To resolve problems of this type when applicable, "Obtain the Latest Windows XP Service Pack" described in [Q319740].
6. The article [Q309073] states that by sending a particular set of commands to an affected system, an attacker could gradually deplete resources on the system to the point where performance could be slowed or stopped altogether. The vulnerability results because the Universal Plug and Play (UPnP) service that either ships with or can be installed does not correctly handle certain requests and can cause a memory leak.
7. The article [Q315000] states that unchecked buffer in Universal Plug and Play can lead to System Compromise and describes two vulnerabilities that affect the implementation of UPnP in various products. Although the vulnerabilities are unrelated, both involve how UPnP-capable computers process the discovery of new devices on the network. To resolve this problem obtain the latest sevice pack for Windows XP.
8. Laptop users may experience this problem if the power policy changes because of an AC/DC transition while the computer is using the "Max Battery" power scheme. When the computer is running at 100 percent CPU usage, the computer never enters the idle loop in which the speed of the CPU is dynamically adjusted based on demand and current policy values. The supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in, [Q330512].
9. Open Task Manager and click the Processes tab to see a list of "running processes" (click to see a screen shot) - click the CPU column header to sort the list of processes by their CPU utilization as desired.
a. You may find that if the Microsoft Indexing Service (Cidaemon.exe) is used and cause the high CPU utilization.
b. In Task Manager, you can right-click an active program or process and change the amount of CPU power it gets until it's closed, which then reverts back to the XP's default assignment -- Low, BelowNormal, Normal, AboveNormal, High and Realtime.
10. While on the subject of CPU usage and how to tell -- or should I say "attempt to tell", I wonder if Microsoft really fixed things for XP. Referencing an older published article [Q227131], it explains that the System Monitor tool may display incorrect CPU Usage that can occur for any of the following reasons, and which you can safely ignore since it is not indicative of a problem:
CPU usage rises to somewhere between 20-60 percent even though you are not running any programs.
CPU usage declines sharply when you move your mouse.
CPU usage declines sharply either when you run Windows Media Player or play a .wav file.
CPU usage rises when you dial-up to connect.
CPU usage does not fall from 100 percent.
Note: In addition, the older article [Q178563] states that if you use System Monitor to monitor more than one occurrence of "Kernel: Processor Usage," the second and following occurrences of "Kernel: Processor Usage" show 100 percent processor usage. As a workaround to this behavior, use only one occurrence of "Kernel: Processor Usage" in System Monitor, or use two separate occurrences of System Monitor.
11. Supplemental reading: "A Program Stops Performing a Task or Explorer.exe Uses 100% of the CPU When You Right-Click an Item in Windows Explorer (Q819946)."
* * * *
1. The article "Computer Speed and Performance May Decrease (Q310419)" explains - among other things - that running services and programs started automatically when you start your computer typically run all the time and uses a portion of your computer's system resources that cannot be used for any other task. The more used the slower your computer gets -- makes sense.
2. Are unnecessary Counter Logs used? Are they really necessary?
a. Click Start, Programs, Administrative Tools and then click Performance.
b. Double click Performance Logs and Alerts, Counter Logs and note what is listed in the details pane. A green icon indicates that a log is running; a red icon indicates that a log has been stopped.
c. If desired, you may also right-click a blank area of the details pane and click New Log Settings, enter a name for a log to create in the Name box:, and then click OK. Click General, Add, and select the counters wanted too. If you want to change the default file and schedule information, make the changes on the Log Files and Schedule tabs.
d. To remove whatever you wish to circumvent running/logging simple highlight the name of the counter in the legend in the System Monitor details pane and press the Delete key.
3. After Internet Explorer and Internet Tools are installed, the Internet Explorer Customization Wizard can be run to use the wizard's AVS feature to obtain any updated or new components released by Microsoft that have become available since deploying Internet Explorer, which then becomes part of the everyday updated browser package. Do you want this running all the time? The update notification page notification can be turned off using the IEAK Profile Manager:
a. Click Start, Programs (in Windows XP, click All Programs), Microsoft IEAK 6, IEAK Profile Manager.
b. Click File, Open, and then open the .ins file for the custom browser package.
c. On the left side, under Policies and Restrictions, click Internet Settings, Advanced.
d. On the right side, clear the Automatically check for Internet Explorer updates check box.
e. Click File, Save as: and type a name for the file, keeping its .ins file extension.
Note: After disabling, it can still be turned on in the browser. To disable the page completely so it cannot be enable it in the browser, set the Update check interval to a value of zero.
4. Supplemental reading:
a. "Disabling AutoUpdate Service in Control Panel Does Not Shut Down the Service (Q283151)."
b. "Description of the Windows XP Logman.exe, Relog.exe, and Typeperf.exe Tools (Q303133)."
c. "Failure Events Are Logged When the Welcome Screen Is Enabled (Q305822)."
d. "HOW TO: Configure Recovery Techniques in Windows XP (Q307973)", concerning severe errors (also called a fatal system error, or stop error)
e. "HOW TO: Set Performance Options (Q308417)."
f. "HOW TO: Use Computer Management in Windows XP (Q308423)."
g. "HOW TO: View and Manage Event Logs in Event Viewer (Q308427)."
h. "HOW TO: Set Up Administrative Alerts in Windows XP (Q310490)."
i. "Windows XP May Slow Down If Users Are Logged On with Fast User Switching (Q312058)."
5. After enabling the Run logon scripts synchronously policy setting, Windows directs the system to wait for the logon scripts to finish running before it starts the interface program and creates the desktop and these Scripts May Not Run Before Windows Explorer Starts Even Though the "Run Logon Scripts Synchronously" Setting is Enabled (Q304970) and occurs because a logon performance enhancement is enabled by default. This enhancement causes the computer to not wait for Group Policy processing before an environment is initialized.
6. Services (click to see an example screenshot) are programs that run when the computer is booted and continue to run as they aid system functionality. You will find many services loaded and are simply not needed which take up memory space and CPU time. Circumventing those unneeded services will free up system resources and speed up overall computer operation.
a. Click Start, Run type services.msc and then press Enter.
b. The Services applet will load listing services currently in session/use. What you have to consider/decide is which service(s) is/are not right for you -- good luck.
c. Please review the topics:
(1) The article "HOW TO: Perform Advanced Clean-Boot Troubleshooting in Windows XP (Q316434)" provides a partial list of core operating system services that load and varies according to the services that are installed and the version of Windows XP used. If automatic events and services constantly run and eat up system resources, perhaps eliminating those consider extraneous and unnecessary could help improve system performance. Remember, they can always be reinstated.
(2) "Default settings for services."
(3) "A Description of Svchost.exe in Windows XP (Q314056)."
d. To configure how a service is started:
(1) Open Services and right-click the service to configure, and then click Properties.
(2) On the General tab, in the Startup type box, click either Automatic, Manual, or Disabled.
(3) To specify the user account that the service can use to log on, click the Log On tab, and then do one of the following:
(a) To specify that the service use the LocalSystem account, click Local System account.
(b) To specify that the service use the LocalService account, click This account, and then type NT AUTHORITY\LocalService.
(c) To specify that the service use the NetworkService account, click This account, and then type NT AUTHORITY\NetworkService.
(d) To specify another account, click This account, click Browse, and then specify a user account in the Select User dialog box. When you are finished, click OK.
(e) Type the password for the user account in the Password box and in the Confirm password box, and then click OK.
e. Interesting reading:
(1) "System Services for the Windows Server 2003 Family and Windows XP Operating Systems." Read the topic "Workstations" specifically, and if it is not needed, disable.
(2) Black Viper's Windows XP Services Configurations.
(3) Windows XP Tweaking Guide - VIA/Arena.
f. Please note, that if a service runs for catalog indexing such as Cidaemon.exe that is discussed in the Win2k article [Q156756], further discussed in [Q308202] for both Win2k and WinXP, it is suggested that some testing be conducted to perhaps check whether certain services are necessary and used only after you read the article, "HOW TO: Use Computer Management in Windows XP (Q308423)."
7. If you have thousands of files on your computer, you may speed up your searches by turning on the "Indexing Service" to run in the background (the equivolant of FastFind previously used on older Windows systems which everybody learned to do without). If you don't have thousands of documents to search through, you're unlikely to benefit much from indexing. Please note that if the number of documents is large, insufficient memory will seriously affect performance. You can also improve performance by adding more memory and increasing the amount of memory dedicated to mapping the property cache. A faster CPU and hard drive improves the performance of indexing and the speed of processing queries as well.
a. From My Computer, right-click the hard drive and select Properties.
b. Note the entry at the bottom labeled "Allow indexing service to index this disk for faster searches".
c. Uncheck the box and then click OK.
d. An applet will pop-up prompting whether to apply this option to all folders and subfolders.
8. A "memory leak occurs" when a memory pool allocates some of its memory to a process and the process does not return the memory. When this happens repeatedly, the memory pool is depleted, [Q130926]. Are there any on your system which create this anomaly?
9. The "System Configuration Utility (MSCONFIG.EXE) (Q310560) can be used to prevent unnecessary items from loading when a system is started (Click here to see an example screenshot).
Note: If you change any startup setting by using System Configuration Utility, the following message appears the next time you log on to the system:
You have used the System Configuration Utility to change the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.
10. Hint: It is not necessary for a user to log off the computer since a user's account is always logged on and the user can switch quickly between all open accounts. For example, Dad comes home and starts using his machine. He opens Microsoft PowerPoint and starts working on a document. Bill then comes up to him and asks to use the computer. Bill goes to the Welcome screen, clicks Bill, logs on, and starts playing a game. Meanwhile, Dad remains logged on; Dad's PowerPoint presentation is open and his Internet connection is preserved. If Dad wants to, he can switch to his open account without logging off Bill. In essence, with Windows XP many users can simultaneously use the computer. When a machine is left alone with a user logged on, the system will return to the Welcome screen while keeping all the applications running. Additionally, notifications appear on the Welcome screen providing information such as the number of users who are logged on, whether a user has unread e-mail, and how many programs are running, [Q279765].
11. Autoplay tab Missing and CD's Don't Autoplay: Since registered components on a system is invoked using the Shell Hardware Detection service and also because non-volume handlers are invoked through it, this service cannot be deactivated. If it is, a user may find they have no access to or can they use either Volume-based or Non-volume-based devices.
a. The primary purpose of Autoplay is to provide a software response to hardware actions initiated by the user on a machine. This feature remained roughly the same from Win95 though W2K and WinME because up until recently there have been very few new scenarios with regard to user-initiated hardware events that could trigger a useful Autoplay action. But lately, with the spread of digital multimedia content (music, graphics, and video) and of the many devices to generate or consume that content, many new scenarios are begging for expansion. In addition to refining the existing Autorun.INF mechanism, audio CD Autoplays, and DVD video Autoplay, support has been added to handle digital music (WMA/MP3), graphics, video, CD burning, video cameras, and other hardware devices.
b. If you've installed software from a CD, you've used an Autorun.INF which the majority of the setup CDs use. The typical user scenario is: a CD is inserted into the CD drive, the setup program runs automatically, and the user simply follows the on-screen instructions generated by the setup software. The Autorun.INF file sample section follows the typical format similar to the following where the first line contains the self-executing Exe file which also contains the text string for an icon. In addition, there could also be values of UseAutoPlay (when present, it will take precedence over the open and ShellExecute values and is intended primarily for use with multimedia content for which Autoplay support was added to Windows XP), Label (used to represent the associated drive in the Windows shell), and ShellExecute (works with file associations to run the application associated with the specified file):
c. When determining what actions to suggest or perform in response to an event, Autoplay on WinXP considers the event in conjunction with the various programs registered on a computer. In contrast before, it would always statically run the same application pointed to in the Autorun.INF file, or play an Audio CD or DVD movie using the respective default application. Now, two categories of events are handled:
Volume-based device events are events that affect devices that appear as volumes -- that is, all disk drives accessible via Windows file system APIs. This includes CD drives, removable disk drives, hard disk drives, removable media readers, and mass storage devices. Basically, if it shows up under My Computer with a drive letter, it's a volume-based device.
Non-volume-based devices include, well, everything else. Specific examples of these devices include digital video cameras and portable music players that do not expose their content as a file system supported by WinXP. This does not mean that all video cameras and portable music players are non-volume devices. For example, newer digital cameras and portable music players that use the USB Mass Storage stack are treated as volume devices since they appear to the system as volumes. Digital camera devices which are non-volume devices get special treatment from Windows. Even though they are non-volume devices, they are handled by the Windows Image Acquisition (WIA) component for backward compatibility reasons.
Note: The article [Q307001] states that by default, the Windows Image Acquisition (WIA) service logs errors to a file named Wiadebug.log in the Windows_folder folder and controlled by settings in the following registry address:
d. The TechNet article [Autoplay in Windows XP: Automatically Detect and React to New Devices on a System] discusses two tools for download (mentioned for your information and possible use only).
The first, APDiag.exe provides some insight into the Shell Hardware Detection service processing of hardware events (click to see an example screenshot), and is a tool that listens for updates to the %SystemRoot%\Autoplay.log file and dumps the changes to its edit box. This tool is mostly useful for diagnosing non-volume Autoplay problems, but it can also be used in some cases to trace volume Autoplay operations.
The second, APPMDiag.exe performs an Autoplay post-mortem diagnosis of the last Autoplay attempt for a specific drive. It is meant to be used for the diagnosis of volume Autoplay events (click to see an example screenshot) and as its name implies, it should be run after a volume Autoplay scenario has been carried out.
12. The following anomalous behavior can occur if Speech Recognition is installed in WinXP and has not been correctly configured, [Q313176] :
a. programs may quit, start, or lose and gain focus randomly
b. text in programs may be unreadable
c. the logon screen may appear to be controlled by someone who is remotely connected to the computer
13. When MSN Explorer is installed on a system, the Loadqm.exe file (the MSN Queue Manager [MSNQ] component which manages queuing for the background file-transfer mechanism that is known as the drizzling service) is added to the Startup folder and starts each time the system boots, [Q309418].
Note: When messages are sent to a remote computer and the network connection is lost, the application may have a 12-second to 17-second delay in response to the Message Queuing send function and occurs every five seconds, because the Message Queuing Manager tries to reconnect to target computers that do not have a working TCP/IP session. If the target computer is not available, this connection attempt can be blocked. Message Queuing uses a limited number of working threads to handle these network connections and local applications. Since there is no limit to the number of working threads to retry these connection attempts, this can lead to all worker threads being tied up in connection attempts. Since there may be more than one worker thread attempting to connect to the same target computer, this can leave no worker threads available for local applications until one of the threads that is used for a connection attempt times out, [Q321784]. To resolve this problem, obtain and install the latest service pack for WinXP.
a. MSMQ supports two modes of message delivery:
(1) Express messages are stored in RAM memory during routing and delivery, providing extremely fast performance but no recoverability when machines fail.
(2) Recoverable messages are written to disk during routing and delivery, making them somewhat slower than express messages but ideal when failures cannot be tolerated and when machine shutdowns are expected to occur while messages remain in queues (for example, a mobile application running on a laptop).
Note: In both cases, however, working copies of messages are kept in RAM memory -- MSMQ only accesses disk-based copies of recoverable messages in the event of a failure. When RAM memory is exhausted, Windows has to swap memory pages out to disk, which degrades performance. To maximize performance, there should be enough memory on a given machine to hold all of the messages that are expected to accumulate in its queues under normal operation.
b. If a machine crashes immediately after MSMQ accepts a message for delivery, but before the message is delivered to the target queue, MSMQ will find the message on disk when service restarts and will resume the sending process automatically. In a similar fashion, when an application reads a recoverable message from a queue, MSMQ makes a record of the read operation on disk. Even if the machine crashes immediately after the read operation occurs, MSMQ will not deliver the same copy of the message again when the machine restarts (although another copy of the message may be resent by the sending queue manager; transactional queues are required for once-only delivery).
c. When changing domains on a WinXP Professional computer, the following error message may be received when Computer Management is used to display public queues. Message Queuing queries for public queues. The Message Queuing queue manager only queries the domain of the current computer and not the Global Catalog server for the list of public queues, [Q305808]:
Not all public queues can be displayed. Only public queues cached locally can be displayed. Error: The Object was not found in Active Directory.
14. At some point, you may want to disable some of the new interface components in order to improve the computer's "performance" (click to see an example screenshot). Enabling or disabling these components can significantly hinder or enhance performance depending on the hardware specifications, [Q288186]. Portions of the New Interface are:
Animate Windows when minimizing and maximizing
Draw gradient in Windows captions
Enable per-folder type watermarks
"Fade" (click to see an example screenshot) in taskbar
Fade out menu items after invocation
Fade/ slide menu items into view, [Q819946]
Fade/ slide taskbar items into view
Hot-track menu items and other elements
Show alpha blended selection rectangle
Show shadows under menus
Show shadows under mouse pointer
Show window contents while dragging
Slide icons over background images in folders
Slide open combo boxes
Slide taskbar buttons
Smooth edges of screen fonts
Smooth-scroll list boxes
Use drop shadows for icon labels on the Desktop
Use visual styles on windows and buttons
Use Web view in folders
15. Although Microsoft strongly recommends using the default dynamically configured "video-based effects" (click to see an example screenshot) as follows, is because that is what most users will use. However, the visual effects settings can be changed quite easily.
Slide taskbar buttons
Use drop shadows for icon labels on the desktop
Smooth edges of screen fonts
Fade or slide menus into view
Fade out menu items after clicking
Fade or slide ToolTips into view
Show shadows under menus
Show translucent selection rectangle
16. The article [Q312113] warns that if the .NET Framework is installed on a system that is running Windows XP (Start, Control Panel, Add or Remove Programs, and then scroll through the list), any process that uses the Performance Data Helper (PDH) functions to retrieve performance counters may stop responding ("hang") for 60 seconds, is caused by a bug in the .NET Framework performance extension Mscoree.DLL file, and that after the 60-second delay, the process exits as expected. Microsoft has confirmed that this is a bug in the Microsoft product, provides steps to turn off this counter by editing the system registry, but in my opinion it would be to your advantage to uninstall any feature not useful. The .NET Framework consists of two main parts: the common language runtime (CLR) and a unified, hierarchical class library that includes a revolutionary advance to Active Server Pages (ASP.NET), an environment for building smart client applications (Windows Forms), and a loosely-coupled data access subsystem (ADO.NET).