What is the proper way of debugging a slow Windows installation?

You know the drill - you've been asked to check why your cousin's computer is running slow. I was right there yesterday. Being a Mac user since 2007 I haven't really dug deep in Windows internals in the past five years. Googling for answers reveals many, many different answers: broken registry, spyware, antivirus program, fragmented disk, turning of visual effects etc.

In this particular case I was asked to look at a two year old HP laptop with Vista. Windows was running incredibly slow and even opening up a new explorer window took almost a minute. I ended up doing everything of the above: running cc cleaner, defragmenting the disk, turning off visual effects, turning off norton and a bunch of other things random people on the Internet believe have an impact on Windows performance.

Now I turn to you dear Superusers - I'd like to understand this in depth. Is there a proper, "scientific" if you so will, way of debugging and understanding where the problem with a slow running Windows installation lies? (In my particular case this concerned Windows Vista but let's try to create a general guide for XP and Windows 7 too).

To me, it seems wrong to just run a bunch of different tools without understanding the underlying cause of the error.


Let's start at the top, and then we dig deeper than ever.

While you can run random tools like Process Explorer or Automatic Runs, poking around in them won't show you everything and there would still be things hidden under the grass. And if you go around disabling programs and changing your drivers, you are most likely fixing something that ain't broken.

As with every scientific research, we first have to determine the cause before coming to a solution...

Stuck? Get better ideas, divide and conquer your options and put things to the test.

Windows Experience Index

The quickest way to identify whether it's not just the hardware...

Under Control Panel\All Control Panel Items\Performance Information and Tools you can find the Windows Experience Index, known as a good way to asses key system components.

Sometimes your computer just doesn't fit your daily needs anymore...

In above example, this would require one to investigate the hardware this computer has and do an attempt at upgrading drivers; if not, time to upgrade that copmuter. That's how far hardware goes...

Resource Monitor

A good overview of what's going on on your computer, no download required...

Under Control Panel\All Control Panel Items\Administrative Tools you can find the Resource Monitor, it is also accessible from the Task Manager by the click of a button. This gives a very nice overview of the CPU / Memory / Disk / Network of the applications and services on your system.

Firefox and AVP? Smells like excessive virus scanning while browsing. And do I need wmpnetwk.exe?

No need to fire up Process Explorer or Process Monitor, because this beast also shows the System Interrupts and even allows you to filter. And in case there's something wrong with that, DPC Latency Checker and LatencyMon can help you to quickly pinpoint the issue. But why not install a much more insightful tool instead?

Windows Perfomance Toolkit

Comes with the easy Recorder and an insightful analyzer, no problem escapes your eyes...

These tools are available in the Windows ADK, which is for Windows Vista and above. Please note to only select Windows Performance Toolkit during the installation, because the other tool takes quite long to download and is only meant for professionals.

And then you can finally start the Windows Performance Recorder, only check the things you need and then start tracing. After you caught the slow moment, you can stop tracing and it will save the trace to a location you can easily find back.

Last time I mentioned this, you had to do this all with the command-line... Welcome to 2012!

Yes, this can also be used to trace shutdown/(re)boot/standby/hibernate/resume/fastStartup scenarios.

Now, let's look at what 10 seconds of pretty idle performance look like.

Oh no, I forgot to close Resource Monitor, look how consuming its graphs are...

From the left side, you can expand the graph sections and drag the graphs you want to the right side. In the right side you can manipulate the graphs in many way; hovering, clicking and right clicking should teach you some things. Not to forget about the tabs in the top or the annotation features at the right.

Yeah, tables of performance data with yellow and blue bars...

In the above image you can see that by the click of a button you can get a table under your graph. By right clicking on the columns header you can add/remove columns (there are some not shown).

Note the yellow and blue bar. Anything before the yellow bar are considered to be the keys of that row, it is used as the series for the graph. The values between the yellow and blue bar are aggregated (usually summed), because its not just about a process but rather about the stacks the threads of the process walked. Then last, you can graph columns and give them a color. If you drag a start time and an end time here, it will even change the graph to show horizontal bars (to show when things started and stopped)...

Now, what about the drivers?

Nvidia is kind of resource heavy, and seems I couldn't resist moving my mouse around...

Windows Assesment Console

If you can't get enough, this one runs for hours and generates tons of XML / WPT data for you to analyze. Not for the faint-hearted, it's also available from the Windows ADK. It's useful for professionals, but is in most cases really not needed...

Yes, my dear system, I've dug so deep that you have no performance secrets for us.


To me, it seems wrong to just run a bunch of different tools without understanding the underlying cause of the error.

If only more people would think like that :)

There actually are tools to determine why a Windows installation is performing worse than it should. The problem is, if you're not, at least, using Windows daily, using them might not yield the results you'd like.

Usually bad performance is trivial to solve. It's either a rogue process eating up all the resources or it's faulty hardware/drivers.

Process Explorer

The absolute first step I will usually make is to check Process Explorer. Process Explorer is like Task Manager on crack. You can also pull the executable file directly from live.sysinternals.com.
It will tell you if it's a driver (high Interrupts load) or a process.

Analyzing High DPC/Interrupts

We already have an excellent question on that subject, so I won't replicate any information here.

Rogue Process

If the problem is a rogue process and you can't kill it (maybe it's resistant malware), you might want to disable it using Autoruns.

Further reading

There are a lot more tools and a lot more ways to analyze Windows problems correctly. People actually write books about that. There is simply way too much knowledge to be conveyed in a SU answer :)

  • How do I troubleshoot a Windows 7 freeze or slowness?
  • What are the essential tools you always have handy when attempting to fix someone's PC?
  • How do I troubleshoot when I have no clue where to start?

Me personally, I would already be really happy if people would stop optimizing their Windows registry...


  1. Ask user what they mean by "slow" - is the entire system slow? is just one program slow? is Internet Explorer (as opposed to actual network speed) slow? is the system slow only when doing certain things?
  2. appwiz.cpl -> delete anything with "Toolbar" in the title, as well as anything else that looks like malware, spyware, or stuff the user doesn't need. Also check for malicious IE add ons and it wouldn't hurt to completely reset IE settings from the Internet Options control panel if you suspect malware has messed things up.
  3. Process Explorer from an external thumbdrive as @Oliver Salzburg mentions -> any executables that are not signed by Microsoft or a well-known vendor should be suspicious - whittle it down to only what the user needs.
  4. Autoruns - another great Sysinternals utility - find what is registered to launch automatically on startup -> any executables that are not signed by Microsoft or a well-known vendor should be suspicious
  5. Malwarebytes + other free malware scanning program of your choice to check for viruses.
  6. Apply all outstanding Windows and Office updates
  7. Apply latest video driver updates if the PC belongs to a gamer
  8. Is antivirus out of date? Install newer version of antivirus if available
  9. User expectations - is the user really overtaxing their computer? (this step is necessary if computer is old)
  10. CCleaner - for the gigs of Temporary Internet Files undoubtedly...
  11. Run defrag.exe
  12. If the user generally uses the PC for Internet usage, install Chrome and make it default browser.
  13. Image the machine if you can so you won't spend as much time doing it all again in three months when the user listens to none of your advice and is in the same exact situation.