Windows 7 PC gets very sluggish

Topic

My Windows 7 computer has had an annoying issue in recent months. A few (2-3) days after a reboot, both Internet browsing and Windows Explorer start getting very sluggish. No matter the browser, websites open slowly and applications take 30 seconds or more to open. Even the Start menu and the Notification Area take a long while to respond to clicks.

Sometimes (but not always) the taskbar grays out while the PC is doing whatever it thinks it’s doing, then finally it comes back to the usual color and the desired action finally takes place.

Eventually, Internet browsing comes to a complete halt as I can’t reach new sites or even refresh open tabs.

Anybody have an idea of what could be going on? Here are the things I’ve done in the attempt to fix this (not necessarily in the order shown):

• Scanned the PC for malware (multiple scanners). No malware found.
• Run sfc /scannow. It doesn’t find any corrupted system files.
• Run error-checking (chkdsk). No errors found.
• Run Disk Cleanup.
• Run CCleaner.
• Checked Task Manager; no unusually high CPU or RAM usage identified.
• Examined the Event Viewer; no unusual events seem to occur around the time that Web browsing comes to a halt.
• In msconfig, disabled a few startup items for things I wasn’t using (Seagate DiscWizard, Seagate Scheduler Helper, Bluetooth Software, WDDMStatus).
• Uninstalled Norton Internet Security and installed BitDefender.
• On the idea it might be an aging solid-state drive, I imaged the Windows drive (a 6-year-old 100GB SSD) and transferred the image to a brand-new 450GB SSD.

None of this has made any appreciable difference: I’m still having to reboot the machine every couple of days because Explorer slows down to a crawl and Web browsing ceases to function.

I suppose I could go in and stop or disable some services, but I don’t feel comfortable enough in my Windows knowledge to just start disabling services, although I do have some possible candidates.

The PC is Group B, updated through the September patches (haven’t yet applied the recently green-lighted October set).

What could be causing this? Web searches haven’t been particularly helpful because I have twin problems and everything I’ve found refers to one OR the other of these issues, but not both together.

MVP Edit: Continuation Topic here.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Replies

Can you start task manager and see what it reports?  It seems like something is maxing out the CPU utilization, and that can get you started on what it might be.

Does the event viewer show anything unusual when it happens?

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

No, that’s what’s puzzling: CPU utilization is normal, and I haven’t managed to pinpoint anything in the event viewer. (When the issue crops up, it takes a while to even launch the Task Manager.)

But then of course, not finding anything in the event viewer doesn’t mean much in my case because the information there is so arcane, I’d have to know what to look for. There could be all sorts of clues in there that just fly right past me…

BTW, tonight I ran the hardware diagnostics CD that came with the computer (OK, the PC asked me to create it soon after the first-ever boot), and it didn’t find any issues with the RAM or other components.

ADDENDUM: I thought to call up the CPUID Hardware Monitor, and FWIW it shows the SSD temperature at 99C.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

99C for an SSD?  At idle?  That’s not right.  Normal temps are mid to high 20s.

I’m thinking that it must be a defective sensor, since it hasn’t budged from that temperature reading all evening. Started out at 99 and has stayed there.

Funny thing–the other day we noticed that the outdoor temperature reading on our thermostat claimed it was 78F when it was actually jacket weather outside. The next day, the “temperature” climbed to the high 80s even though it really was in the 60s. Day after that it shot up to over 110. Yesterday it was at 142 and today it reached 151. The repairman assures us that it’s nothing to be concerned about, it doesn’t affect the system’s operation.

So we have some experience with bad temp sensors.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Have you tried running the PC in safe-mode for a while from cold and then checking the SSD temp?
Also what subsystem drivers are you using, OEM or MS?
I’d highly recommend using OEM chipset drivers.

Windows - commercial by definition and now function...

Microfix wrote:

Have you tried running the PC in safe-mode for a while from cold and then checking the SSD temp? Also what subsystem drivers are you using, OEM or MS?

I’d highly recommend using OEM chipset drivers.

I’ll try running in Safe Mode for a while and report back.

As far as I know, this PC is using OEM drivers. Are there any in particular I should be checking to make sure?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

From memory: (on a tux M/c)
type ‘device manager’ in the search box, hit enter, click ‘System devices’, find your chipset, right click ‘properties’, driver tab. , it should either be amd or intel (dependant on what motherboard chipset you have if it’s oem)

Windows - commercial by definition and now function...

Thanks, Microfix. You have a good memory, that’s exactly where the info was.  🙂

The chipset is the Intel 7 Series/C216 Chipset Family, and the Properties all report the driver provider as Intel.

I turned the PC off, let it cool for a bit, and booted into Safe Mode and ran the CPUID monitor. SSD temperature reading started at 99C and stayed there:

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Microfix

I suspect that HWMonitor is the issue vis-a-vis the temps. On my machine HWMonitor shows the Motherboard SYSTIN sensor temp as being 91C (195F) when idle. Speccy and the OEM (Intel) MB monitors and overclocking software never show it that high. (See image of HW monitor)

I went so far as to ues an IR thermal scope and probe to view the motherboard and there were no hot spots that showed high temps. Even the graphics card running a 100% test in overclock mode only reached 70C.

The slowdown could be a memory leak from software. Do a task manager check right after boot and then after an hour or so of use and see if something is not releacing memoery after the program is shut down. that will bring things to a crawl. I have also founf older versions of the Western Digital backup software would bring games to a crawl when it decided to run. I disabled the real-time monitoring and it fixed the issue, but only a later version of the software cured it.

An idea… If the (existing?) temp sensor is bad, and if possible tape a reliable analog/digital thermometer or thermocouple to the SSD.

Please see this post and let me know if it affects your recommendation. I’m wondering if that 99C reading is either bogus or unimportant.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

After catching up, if you were not persuaded to expediently pull your hand away after touching any part of it the drive might be fine.  Yes, it could be a faulty sensor or ghost measurement. Hands generally work well, I was suggesting using a thermometer or thermocouple if you had the equipment around, it would be another method to confirm that Hard Disk Sentinel has been reading the right information.

2 users thanked author for this post.

dlsdjh, Cybertooth

Are SSD’s controllers supposed to have thermal paste with a heat sink or even a thermal pad inside?

‘Ordinary’ 2.5″ SSDs don’t really need them – but they should still be fitted somewhere with good airflow.

Some high performance NVMe SSD drives do overheat when worked hard (Samsung 850 Pro’s are probably the commonest example), there are many 3rd party coolers on the market for them, you could also adapt other small chipset/memory coolers to suit – but you do still need to ensure they have good airflow – not so easy with some motherboards, especially those with multiple PCIe cards fitted.

1 user thanked author for this post.

Elly

Is there any traffic through your router to indicate the computer is communicating with the Internet?
(Is it mining bitcoins behind your back? LOL!)

🙂  Not that I can tell! I’ve checked it with BitDefender, HitmanPro, Malwarebytes, a variety of online scanners, and none of them find anything wrong. I even did an offline, Live CD scanner or two.

About monitoring traffic via the router, I’m not expert enough to know how to do that, but I guess I could learn to. But then again, this only starts happening after a couple of days, the machine runs fine for that amount of time and then it starts acting up.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Without a Coin-mining filter(eg for Adblock Plus) or Coin-mining blocking add-on/extension installed on the web-browser, web-browsing will often become impossible or very very laggy.

That makes sense, but the thing is that, when the problem starts, all of the browsers on this PC get sluggish and eventually can’t get to the Internet. And BitDefender can’t update its database. In fact, typically the first sign I see that the problem has come back since the last reboot, is in the morning when I sit down at the computer and there’s a notice from BD saying that the database update failed at some point overnight.

Also, if a coin miner were stealing CPU cycles, you’d think that would show up in the CPU usage meters, but CPU usage remains normal (as far as I can tell).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

An idea out of left field – are the computer’s ventilation holes clogged with carpet fluff, restricting airflow? I had this issue some years back, on a W7 machine that had been used for many years. Once I cleaned the fluff away, problem gone. The computer must have been overheating.

You’re right, PCs can start doing weird things if they’re clogged up with dust and stuff. I opened the case a few weeks ago and blasted the insides with a can of compressed air. I forgot to put that on the list of steps taken, sorry about that.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Otherwise would be entirely typical for a heat management problem except that those usually show up a lot quicker after a reboot. As in, hours at most.

Dust is just the most common problem – I’ve seen cracked heat conductors, expired thermal paste, clogged coolant pipes and failed pumps … computer internal parts ending up in the fan blades due to heat-induced warping (on a “gaming laptop”), and an actual chip design error (a friend’s Cyrix CPU back in the late 90s).

A “power workstation”, say a HP Zsomething, may have a closed-cycle liquid cooling system for the CPU straight from the factory and may suffer a pump failure.

Whoa, that would be a major problem. Fortunately, no computer parts have come flying off–yet!

However, this one is air-cooled (fans) and, except for the (apparently) flaky sensor, temperatures read normal.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Well, it’s not impossible that a wrongly reported temperature would cause thermal throttling… but this feels sort of unlikely here too, because in that case why would it wait for a couple of days?

That makes sense to me, too. I’m wondering if the sluggishness could be due to some software (not hardware) related issue that builds up over a couple of days’ time.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

See my post at #230699 regarding a software memory leak.

When you copied to the new SSD did you expand the C: drive to use the additional space?

When the system is running sluggishly, do you have any free space on the C: drive?

Yup, I expanded it to use the additional space. But I don’t know what the free space looks like when the system is running sluggishly. I’ll make sure to check that next time this happens, probably sometime late Wednesday night…

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

What’s the SSD make/model and firmware revision, many of them have/had specific issues, some that show up only over time and may not be indicated with the ‘wrong’ tools/tests (eg Samsung 840 non-Pro/EVO, issue only shows when using HDTune to test), there may be newer firmware available that might ‘fix’ it.

Don’t rely only one temperature testing program as HDD/SSD makers use some SMART #s for different purposes, I normally use HWiNFO set for Sensors only, it’s updated quite often.

Some SSDs don’t even have a temp. sensor (usually older and/or smaller types like mSATA).

1 user thanked author for this post.

Elly

The SSD is a Kingston SA400S37480G. How does one find out the firmware version?

In addition to the CPUID Hardware Monitor, I launched PC Wizard and HD Tune. PC Wizard’s temperature readings agree with those of CPUID-HM (29 and 99), while HD Tune alternates between 29 and “-“, which I take to mean it considers the other reading to be unreliable.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

https://www.kingston.com/en/support/technical/ssdmanager

This might help.

Windows - commercial by definition and now function...

1 user thanked author for this post.

Cybertooth

I installed this software (thanks for the link!) but something’s gone awry: most of the tabs (Firmware, Operations, Health, Security) have blank fields under them. The only tab that yields any result is Events, and that one is failing with “reason code 2”, whatever that means.

Curiously, I got more information about the SSD from Intel’s SSD Toolbox (which I did not uninstall when the SSD was replaced) than from Kingston’s own utility. Hard Disk Sentinel is also providing info about the drive that Kingston fails to.

The requirements for using this software include running the disk in AHCI mode. I checked that and it was already set as they required.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Firmware version should be tacked onto the end of the model# in Device Manager’s properties sheet for the drive, under Hardware ID.

ADDED: Check the Drive’s SMART stats, the remaining life might be low. I use Hard Disk Sentinel (which will also show the temps), there’s a trial version.

1 user thanked author for this post.

Cybertooth

The firmware version is SBFK71E0.

That Hard Disk Sentinel is pretty cool, thanks @satrow!

The SSD is brand-new (installed just a few weeks ago) and HDS reports its “status” as “perfect”. SMART readings have always been something of a mystery to me, but nothing jumps out as obviously worrisome.

One interesting thing: HDS reports the drive’s temperature as 29, with a maximum temp “during entire lifespan” of 35. It doesn’t know anything about a 99C reading.

 

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

See if the SSDManager @Microfix linked above detects the temps – and see if it checks for Firmware updates, I didn’t see any listed at Kingston.

ADDED: I’ve not seen HDS get the historic temps wrong yet but there’s always a first time. How warm does it feel to the touch, or on a close hover above it (40C will feel normal/just warm, 60C hot)?

1 user thanked author for this post.

Microfix

it does indeed and also updates firmware IF required.

Windows - commercial by definition and now function...

1 user thanked author for this post.

satrow

I think you have a bad SSD. Running hot and sluggish are what convince me of that. The fact that your CPU usage is normal means that there is no mining for bitcoins happening. The fact that your temp sensor tells you that the temp is very high means either that it IS very high, or you have a faulty reading. Pull the cover off of your computer and touch the SSD with your finger. Does it feel hot? If it is really hot, then you have a bad SSD. If it is not hot, yet the temp sensor says it is, then you could test the SSD by installing it in another computer, to see if the same problem exists there. If the problem shows up on the other computer, then your SSD is bad.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

2 users thanked author for this post.

satrow, geekdom

Thanks Jim, but bear in mind that the problem was happening even before the new SSD went in. In fact, replacing the SSD was one of the things I did in the attempt to solve the issue.

What’s odd is that, according to the listing for the SSD in CPUID HW Monitor, the “assembly” temperature is 29C while the “drive” temperature is 99C. Not sure what the distinction is between the “drive” and the “assembly.” And then the Hard Disk Sentinel seems to pay attention only to the lower reading. I’m thinking that the 99C is a faulty reading.

I’m typing this on the affected PC and my stomach is clamoring for lunch 🙂 but I’ll open up the case this afternoon and see what’s what.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

If there really isn’t much heat being generated, then it has to be a faulty reading; and you can tell that by touching the different parts. You can also run some different temperature checking programs, such as Speedfan.net.

Another common cause for sluggishness is some non-Microsoft service running in the background, misbehaving, slowing everything down. Basically, you run MSCONFIG, go to the services tab, and check the box that will hide all Microsoft services. Disable all non-Microsoft services, then reboot, to see if that solved the sluggishness problem. If that didn’t solve the problem, then go back into MSCONFIG and re-enable all of the non-Microsoft services. However, if it did solve the problem, then you know that one or more of the non-Microsoft services is the culprit. Using MSCONFIG, re-enable the non-Microsoft services one at a time, clicking Apply then rebooting after each re-enable. When things get sluggish again, you will know that the service you just enabled is the culprit. Disable it permanently in MSCONFIG, and make note of the name of that service. Continue the process till you have checked all of the non-Microsoft services.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

I’m hoping that it isn’t some misbehaving service. This is my secondary work computer and, because the issue takes 2-3 days to show up, it could take weeks to identify the problem, while in the meantime the PC may be less than fully functional.

(The same drawback applies to running the PC in Safe Mode. Unfortunately, it’s not a problem that occurs right away such that you can just take care of it and go back to a normal startup.)

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Is “assembly” for sure on the SSD and not the motherboard? My motherboards have an “assembly” temperature that is on the board itself… I actually located it on my main PC board by using canned air to chill various bits and watching the realtime temp readings.  I was setting up the airflow pattern in my case and I wanted to see exactly where it was being read.

It’s possible “assembly” could also be on your SSD.  99C isn’t a credible temperature; that’s one degree short of the boiling point of water, and is close to the maximum die temp you would ever want to see in any CPU or GPU (the highest ones generally tolerate up to 105, but if they are actually getting that hot in practice, it usually means something’s wrong with the cooling).  The last AMD CPUs I used had max temps that were only in the 60s C (that was my Phenom II).  An SSD would never generate that kind of temp unless there was a serious short circuit, and I doubt it would even run in that circumstance.  It might even cause the PSU overcurrent protection to trip and shut the PC down.

That reminds me: Is this a desktop PC?

The SSD temp generally will be the same as the ambient temp (the temp inside the case, which is the same one that I just mentioned, “assembly!”), though it can be expected to rise when doing sustained writes (not sure about reads).  Even in the confined space in my Core 2 Duo laptop (2.5″ drive, very little ventilation), the SSD I now have in there is quite cool, in contrast to the last HDD I had in there (WD Black 7200 RPM), which typically was in the mid 40s C while idle, and would get near 50 (sometimes over 50) with any kind of sustained activity (defragging, backing up, etc.).  The left palm rest on the laptop (right over the drive) was always warm after the PC had been running a while, but with the SSD, it’s as cool as the right one.

 

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

This afternoon I opened the case and touched the SSD. It felt lukewarm, certainly not hot.

I tend to believe the lower readings given by Hard Disk Sentinel, but when I get the chance to I’ll connect the SSD to a different PC and see what happens there.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

MrJimPhelps writes: “ The fact that your CPU usage is normal means that there is no mining for bitcoins happening. ”

Really? What an awful world, sometimes, this one can be! I wish I had not seen that, but thanks for the warning, anyhow.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Far left field here, probably left of the foul line, so no home run –
Problem clears with boot, but redevelops over days, so some resource is slowly choking. Task Manager gives no apparent clue.

Is there still Free space within Physical Memory?
Is C:\pagefile.sys a reasonable size?

How about Resource Monitor? Is there high Disk activity, shown in the Overview panel or in the Disk tab?

Are there other computers on the network? Do they exhibit any degradations?
Is internet access via ethernet (wired) or via Wi-Fi? Which band?
Another stretch: Can you turn off IPv6 (and still operate) on the adapter(s)?

That’s my suspicion, that it’s some piece of software that’s causing the issue to build up over a few days and then (like a volcano) break through to the surface.

There are other PCs on the network, but this is the only one that’s doing this.

Internet access is via ethernet.

The pagefile.sys size is 11.8GB (the computer has 12GB of RAM), and it’s managed automatically by Windows.

Good questions about the physical memory, Resource Monitor, and IPv6. I’ll check the memory and Resource Monitor next time this happens, and will look into turning off IPv6 (not sure how to do that).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

IPv6 (and other adapter settings):
Network and Sharing Center > Change Adapter Settings > [right-click] Local Area Connection (or whatever the ethernet adapter is labelled) > Properties. You needn’t go to Configure for finer tuning.

(Off-topic war story – involves Configure: This was a few years ago when I changed from DSL to cable. (I had bought my own modem and router.) Part of the initial cable setup is to connect a computer directly to the modem, omitting the router. My computer adapter is 1.0 Gbps Full Duplex capable, and the modem has 1G port. Went OK. Cable Installer left, job done.

Connected the router, and rebooted everything. Initially would be OK, but the modem would drop after a few minutes. Rebooted everything; same scenario. Re directly connected computer to modem. Solid failure. Reset Adapter from (Auto / 1 G) to 100 Mbps. Worked. Repeated speed-change tests. Confirmed my diagnosis: modem wouldn’t work at 1 G; and the router has no capability to run ethernet-In at other than 1G. (Called modem Help line – went through their scripts: reboots; swap ethernet cables, etc.) Returned modem to Costco (excellent service, no questions). Got a new modem of same model. No trouble since then.)

1 user thanked author for this post.

Cybertooth

OK, IPv6 is now disabled. There are no immediate effects, positive or negative.

Glad you got that modem issue cleared up BTW. That would have driven me nuts!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

different ballpark, different planet, might not see Milky way from here

Swapping drives, bent pin? Sure seems like that would make everything totally unusable; but I’m failing to see cause of obviously errant temp reading.

Sorry that I’ve forgotten if this, or the original, drive has been tried in another box?

Great idea: I’ll hook up the old SSD to another PC and see how things go. I had meant to do this anyway, to run a CHKDSK on the SSD.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Seems like some third-party driver has hooked into the system, but somehow isn’t doing what it is supposed to do, so whatever process or processes it is interfering with are waiting around for something to happen.

I used to run a security suite called Agnitum Outpost in Windows.  It was a comprehensive program, but over the years it grew to be heavy and quite impactful on system performance.  Despite Agnitum’s claims that it “stops everything, slows nothing,” it actually did slow a lot of things.  It was cutting my wifi transfer speed in half, among other things, and that was when I began to look for an alternative.  The timing was right, I guess, as Agnitum announced not much later that it was being acquired by Yandex and that the first thing Yandex was doing was cancelling Outpost.  So much for my “lifetime” license.

Anyway, the drivers for Outpost hooked many, many things.  It was a full HIPS as well as a firewall (full in and outbound filtering) and antimalware suite.  There are a ton of ways to compromise a Windows system without actually running an executable, and Outpost was designed to stop them all.

The problem with this, if there was one, was that every single thing the OS needed to do was dependent on Outpost.  If it wanted to load a DLL, Outpost had to approve it.  If it wanted to do a registry write, Outpost had to approve that too.  If it was an action that had already been whitelisted by the computer owner/user (me, in this case), Outpost would approve it instantly and the thing it was doing would happen with a usually imperceptible delay, but if it was a new DLL or something similar, Outpost would pop up a dialog asking the user what to do about it.

Until that dialog was answered, the process that some program was trying to perform was on hold.  It was waiting around for something to happen… something that was important enough for the program to not have a plan B if for some reason it didn’t happen.  The program waiting does not know that it has been held up by a security program– only that it hasn’t been given the go-ahead yet.

If Outpost were to malfunction and not pop that box up, the system could be waiting for whatever it is to happen, Outpost would be waiting for directions from the user, and the user would be waiting for the PC to hurry up and do something.

To its credit, I can’t recall this ever actually happening with Outpost, but with its hooks everywhere in Windows, it was a possibility that it could have.

What makes things worse with this kind of thing is Windows’ habit of leaving programs partially installed even after they have been uninstalled by the usual means.  A fragment of the program still installed and registered could be holding things up even if the program itself is long gone.

Security programs often get the first look in instances like this, since they are the ones that tend to hook a lot of important system functions, but it could be anything that installs a kernel driver and malfunctions.  You might want to see if Norton has a clean-up program that can be used to remove any leftover bits of their security software after it has been uninstalled, and if there isn’t one, see if you can find a guide for manual uninstallation (which you can still do even though it is supposed to be uninstalled already).  It can be a tedious procedure, going through various registry keys and checking to make sure that bits and pieces are actually gone.

If you go to the device manager and tell it to list hidden devices, you might be able to see listings for some drivers (under non plug n play devices, probably) that reference Norton or other things that have been removed.  Generally, these things can be safely removed without causing any other problems, but as always, it’s good to have a backup before trying anything like this.

Microsoft’s driver verifier can also be useful in sniffing out bad drivers.  There are many guides out there on how to do this, and they all seem to vary in which types of drivers they say to check.  As long as the guide is from a generally trusted source, it should be fine.  I’ve used the one from the site that thinks the name of this one is a swear word (disappointing), sevenforums, with good results.

I’ve also had instances where a program that seems to be working is causing other weird behaviors, and I end up finding it through trial and error.  When I’ve tried the other things and not had any success, I might back things up and just try uninstalling various things and seeing what happens.  I’ve found several weird malfunctions this way that didn’t appear using any of the normal means.  Having a backup you know you can fall back upon if things go poorly means you can try things you otherwise wouldn’t for fear of potentially breaking something.  Sometimes that fear also prevents you from potentially fixing things!  Backups are a must for this kind of troubleshooting.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

dlsdjh

I once had a series of nagging problems with Windows 7 that were solved by looking at the Services installed and deleting several not from MS, but from some obscure vendors. They were probably harmless in themselves, but were blocking some needed functions and causing the problems. First I made a list of all those services, in case it was necessary to reinstall any, then got rid of the lot. Never since then have had a reason to miss a single one of them. Obviously, they were not necessary for anything I do.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

This is a step that I view with trepidation, the same as with disabling startup items. Just how much functionality would the computer end up losing, and how long would it take to pinpoint this slow-building problem, I wonder.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Besides using the list of the non-MS services one would write before disabling them, to then re-enable them, one at the time, until finding the culprit or culprits and disabling only those again (something I, fortunately, did not have to do), one can always start by creating a restore point before disabling anything, or even an ISO disk image, as several people here, reportedly, do during their regular backups. Which is always a good idea, I might add.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Cybertooth

Good policy. I guess there’s really not much else left to do in this troubleshooting, than to start taking some of these more drastic steps. Next time the PC slows down (which, based on recent experience, I’m expecting by late tomorrow night), the plan is to try some of the new measures that have been suggested here, and if they don’t work then I’ll start disabling services and/or startup items as proposed.

<thumbs up> A big Thank You to everyone who has shared ideas, troubleshooting measures, or web links. I’ll post back here to report on developments.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

If it only happens 2-3 days after a reboot, why not just reboot daily? Seems like it might save a lot of time…

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Doing that is not out of the question, although I do prefer to leave browser tabs and other stuff open overnight so that the next morning I can pick right back up where I was.

For some reason, IE11’s “reopen last session” isn’t always offered the next time I launch it after a reboot. Pale Moon seems to be more reliable in this regard, although I can’t say for sure that it’s never failed to offer to restore the previous browsing session. So rebooting every day would add administrative overhead in having to keep track of what tabs were open before the reboot.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Have you tried “hibernating” the PC rather than “shutting it down”? I don’t use hibernation myself, but as I understand it, when you hibernate Windows copies the current dynamic state of the PC held in RAM into a file “hiberfil.sys” on the disk before powering things down and then when you re-start the contents of “hiberfil.sys” are copied into RAM to restore the dynamic state of the PC. I assume that this will include your browser’s state? This is intended to give a faster PC “start-up” from the user’s perspective.

Now in your case, if your problem is a “software” problem, presumably restoring “hiberfil.sys” to RAM will restore the problem so you gain nothing (except a little more information about the nature of the problem).

However if your problem is a “hardware” problem i.e. the PC electronics in some sense, then the electrical power down and cooling off of the PC components might “fix” or delay your problem. If you “hibernate” each night, then the successive effect of these “delays” each night might mean that things are delayed indefinately and your problem will appear to have gone away (it is just delayed indefinately – like an orbiting satellite in freefall is actually falling to Earth but never reaches the Earth).

Just a thought. Garbo.

PS: If like me you never use Hibernation and you want to save some disk space (if you are running out or to reduce the size of a backup – this file is roughly the same size as the amount of RAM), then you can de-configure it in a command prompt “run as administrator” by typing “powercfg -h off”. The “Hibernate” option should disappear from your shutdown options and the file “hiberfil.sys” file should be deleted (or maybe it is deleted on the next PC start-up – I forget). Using “powercfg -h on” restores Hibernation if you want it later.

 

Ascaris wrote:

Is “assembly” for sure on the SSD and not the motherboard?

You got me there!  🙂

Ascaris wrote:

That reminds me: Is this a desktop PC?

It’s a desktop PC, model HPE h9-1185 Phoenix. Nice computer… when it’s not acting up!

The SSD did feel about room temperature (lukewarm) when I put my hand on it this afternoon.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

@Cybertooth have you tried (or used) HP’s own utility for HW diagnosis?
HP HW Diagnosis
Perhaps run this once things slow down to establish if there is a HW issue.

Windows - commercial by definition and now function...

1 user thanked author for this post.

Cybertooth

Nice find, @Microfix!

Previous PCs from HP came preinstalled with a good program called PC-Doctor, but this one came instead with a utility to create a diagnostics CD. During the bootup process, there’s also a chance to select diagnostics tools. I tried both and they’re good programs, but they can’t run from within Windows, and (not surprisingly) they didn’t find anything since the problem wasn’t happening at the time.

I’ll download and run this the next time the computer gets sluggish.

ADDENDUM: If you scroll down almost to the bottom of that HP page, the software that my PC came with is the Vision Diagnostics on the right.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Microfix

I have not read all of the contributions in this thread, but the originator wrote that Windows Explorer becomes sluggish and he/she does not want to re-start the PC, so has the originator tried just re-starting Windows Explorer (not the PC) to see if this fixes the sluggishness?

This can be tried out in 2 steps using the Task Manager – keeping it open after the 1st step. 1) In “Processes” select “explorer.exe” and using the mouse Right button select “End Process”. 2) In the Task Manager “File” option select “New Task”, type in “explorer.exe” and click OK. Windows Explorer should start up again. Is it now less sluggish?

If this helps, it is possible to achieve the same effect in a less clunky way using a batch file. In a new text file add the 4 lines:

@echo off
taskkill /f /im explorer.exe
start explorer.exe

(there is a Return at the end of the 3rd line above making 4 lines in total) and rename the file something like “RestartExplorer.bat”. Put this somewhere convenient e.g. the desktop so that you can double click on it or in the folder “C:\ProgramData\Microsoft\Windows\Start Menu” to put it in the Start menu to achieve the same effect.

I don’t normally use Internet Explorer myself, but I did start it and open a couple of sites in separate tabs and both IE itself and these sites remained in place after I restarted “explorer.exe”, so based on this very limited test it appears IE is somewhat isolated from re-starting Windows Explorer.

This being “Windows” where there are often several ways of achieving the same thing, there may be other ways to re-start Windows Explorer.

One side-effect of re-starting Windows Explorer is that Notification Area icons may not be the same after re-start. For example, the white flag security icon does not re-appear until a couple of minutes later. (I guess it goes through the same delayed processing after explorer re-start as at PC start-up?)

BTW: I originally went down this track a couple of years ago after I found that the Avira anti-virus (AV) notification icon did not appear at PC start-up, but did appear after Windows Explorer re-start. (I assumed the order in which things happened at PC start-up affected this.) I put the above batch file in the Start menu “Startup” sub-folder to re-start “explorer.exe” soon after the PC start and this re-sequencing was enough to display the AV’s icon for a few months until a later update changed how the icon worked completely. (I have since replaced Avira AV with the (much lighter on PC resources) Panda AV and its notification area icon does not re-appear after re-starting “explorer.exe”. As I rarely re-start “explorer.exe” this is not an issue for me.)

HTH. Garbo.

 

1 user thanked author for this post.

Cybertooth

Garbo, I have tried killing and re-starting Windows Explorer when the sluggishness starts and unfortunately it hasn’t improved things.

But that’s a handy batch file and I’m adding it to the Start menu, thank you.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

If it becomes sluggish over a period of time do you have a “memory leak” where something is allocating RAM for use, but not freeing the RAM after use, so that the total amount of RAM which appears in use increases with time?

I have used a program called “CleanMem” for many years. It does 2 things. 1) It sets up 2 scheduled tasks which every few minutes checks that the programs which have memory allocated are still running and if not running frees the allocated memory. (From memory I tweaked the task intervals from their default values down to a 5 minute intervals, but I forget what the default was.) 2) It displays the percentage memory in use as a 2 digit number on a traffic light inspired background i.e. green for <50% usage, amber/yellow for 50% to 75% and red above 75%. If the percentage memory in use increases over time you can see it and a colour change to red is obvious and possibly a cause for concern. (At present on my 32 bit W7 PC with 3GB of RAM with Windows itself, Panda AV, Malwarebytes Premium and Firefox inside a Sandboxie sandbox running it shows 35% RAM usage on a green background. I don’t remember the last time it went red.) There are mouse right click options for this icon to clear memory immediately.

It might be a good idea to install this (it is still available, although it has not been updated since 2014) or something similar, to either 1) fix the problem by freeing RAM allocated to programs no longer running (if that is the problem), or 2) see that something still running is using more memory over time.

HTH. Garbo.

 

A memory leak from some poorly designed or buggy program or procedure can cause other software to behave unusually. In this case it would seem, from what I’ve read in Cybertooth’s postings, that the slowdown problem he has noticed seems to affect only the browsers. With a memory leak, wouldn’t the effect be more across the board? Otherwise, “leaky” software would be a good candidate, if it keeps on automatically running, stopping and re-starting repeatedly for several days, without a reboot to clear things up, as it will tie down more memory each time, until it begins to cause observable problems.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Thanks for the software suggestion. I’ve downloaded CleanMem. Should I start running it now while the system is working properly, or wait until it starts misbehaving?

I’d lean toward running it only when the system misbehaves, as otherwise we may not know if it made a difference. But you have experience with the program and I don’t.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Garbo writes: Further to my 2:51PM #230656 post above, I should have explained how I have CleanMem set up. After installing it I tweak in 2 places.

1) In the Start menu CleanMem area select “CleanMem Settings” to set up the scheduled tasks. This opens a 4 step “wizard”. I leave the 1st 3 steps at their default settings, but at step 4 I select “Install CleanMem Task Schedule” to create the scheduled tasks. The “Edit CleanMem Task Schedule” button opens the standard Windows task window and shows the new tasks “Clean System Memory” and “CleanMem Mini Monitor” in the list at the bottom of the central pane. Double click on either of these to get the usual interface for tweaking these Windows tasks. The only thing I changed is to set the “Clean System Memory” task intervals to 5 minutes for both of the 2 triggers, but this is not essential and I forget what the defaults were or why I changed them. (My best guess writing today is that I reduced them to a more frequent “nice round number”, but not too short an interval so that CleanMem itself affects PC performance, so a reasonable compromise.) Click Finish to close the CleanMem wizard.

2) In the Start menu CleanMem area select “CleanMem Mini Monitor” and the coloured icon showing the percentage memory should open in the Notification Area. Using the mouse right button select “Monitor Settings” to open a different settings window.

a) On the “General” tab I tick/select “Automatically start at Windows startup” because I like CleanMem to run automatically.

b) On the “Monitor Settings” tab I untick/de-select “Show Monitor” to hide the larger, more detailed indicator on the desktop just above the Notification Area because I find it distracting and I have other programs which show notifications in that corner of the desktop and things could become messy if they overlap/hide each other, but that is just my personal choice – I’m happy with just the Notification Area icon itself and the percentage number on the coloured background.

(The other tabs relate to the paid for version.)

If it is a memory leak issue there are 2 possibilities. Either it is caused by a program which does not properly free its memory to be allocated to other processes after use, in which case CleanMem if running should free the memory the next time the “Clean System Memory” task runs, fixing your problem, or a program which is still running is progressively using more memory over time which CleanMem cannot tidy up after (because the program is still running), but in this case the CleanMem monitor percentage number and colour code will warn you about it so that you yourself can take mitigating action or investigate further. So for either possibility I suggest running it all the time. CleanMem itself uses about 8MB of memory.

If you don’t want to run the memory cleaning all of the time I assume you need to disable the “Clean System Memory” task using the usual Windows Task Schedular mechanism or do not tick the “Automatically Start …” as described in 2) b) above.

If you find memory usage is increasing with time then you could use the Task Manager which shows usage by (Windows or 3rd party) process or like me use something like Sysinternals Process Explorer to give clearer, more detailed information.

If it is a Windows service causing the problem, it could be unclear which service because Windows by default often groups several services into 1 process. While investigating a different issue I discovered a means of separating out most services into separate processes which makes debugging easier. (Windows does not allow all services to be separated.)

(i) In a command window “run as administrator” type

tasklist /SVC /FI “IMAGENAME eq svchost.exe”

to see how the services are grouped.

(ii) Then type

sc config <service name> type= own

replacing <service name> with each of the services listed in (i) to start most of the services in a separate process after the next PC re-start. It will tell you that you cannot do this for a few of them, but something may be better than nothing in this area.

(This being “Windows” there are other ways to achieve the same effect.) I have not seen any change to the amount of memory allocated after this change itself, so I do not know why Windows does not work this way by default.

HTH. Garbo.

 

1 user thanked author for this post.

adj19

Ok, so, I didn’t read all the replies, but I am imagining what I would do if I started having this problem because I wouldn’t tolerate it and would get to the bottom of it ASAP.

First off, I would bring up the task manager and look under the processes tab to check CPU usage percentages and look for anything out of the ordinary using up CPU and I would look for anomalies such as a program using more memory than it should. I would also check the performance tab as well and go from there.

I would not think it’s a hardware problem because it wouldn’t take 2-3 days after every reboot to act up again. It sounds like some service is set to run at that time and it’s causing problems. Perhaps it is something in the task scheduler that shouldn’t be there.

So, when this happens, do you see anything using CPU in the task manager? It doesn’t have to be maxing it out at 100%, but I would expect to see something using a consistent amount of CPU to catch my eye if there’s something there to see. Is system memory being all used up or any one process using a very large amount of it? Is the activity indicator light on your rig blinking or flickering like it’s doing something? You mentioned that it takes programs 30 seconds to open, so if you try to open a program with the task manager already open so you can observe active processes, is there a CPU spike from anything other than the program you’re trying to open?

Also might be and idea to check with Task Manager the epoch by epoch levels of disk usage and networking activity.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Thanks for the ideas. I haven’t noticed any unusual CPU utilization during these episodes, but next time it happens I will take a closer look at RAM usage. I’ll also try opening a program while keeping an eye on CPU usage. Task manager is already up and running so that there’s a baseline for comparison.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Asking to clarify the environment. Sorry if already posted this information.

This is a Win7 system “on bare metal”,
operating as only a Win7 during the afflicted times,
there are no VM’s in use,
all diagnostics are referencing this one environment,
all methods attempted so far are directed at this one “online” environment.

My thought is that referencing from within a virtual environment, or directing tools to the wrong environment may lead to confusion.

Hi, yes, this is a Windows 7 system running on bare metal. No VMs involved.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I am wondering what kind of CPU/processor Cybertooth has on his Win7 computer as he did not mention that (was it an Intel or AMD CPU)?

It’s an Intel Core i7-3770, with 12GB of RAM installed.

Hope this info helps!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

? says:

have you booted a linux dvd or usb?

I ran a couple of live CDs to scan the Windows drive for malware, but that’s about it.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hello Cybertooth,

Please go to: http://www.gmer.net/
And then download and save the EXE to your computer’s desktop. Note that the GMER EXE file will have an automatically generated random file name. After saving the randomly named EXE to your desktop, double-click it and run it.

I am only interested in what its main screen presents after it is launched. GMER will quick report info about all running threads: Type, Name, and Value. Do not bother with, or try, any of the other buttons or check boxes in GMER.

What I need to know is if there are any reported threads which have no Name, as this is a sure sign of either a malware or rootkit infection.

If you don’t see any running threads which have no name, then close GMER and repeatedly launch and then close GMER several times (perhaps up to two dozen times) over a a period of several minutes (perhaps up to 10 minutes), until you finally see a running thread which has no Name. Do so with all other programs except your antivirus program closed.

The upshot is that GMER is my last resort for detecting state actor malware. Yeah, I got hit by state actor malware via CCleaner last year when Piriform was breached by China. Only GMER randomly caught the randomly running threads which had no assigned Name. Nothing else detected it — and I mean NOTHING ELSE even though I tried SEVERAL scanning tools. I was hit because my domain name was very similar to a potential targeted domain name. I had to restore all of my home Windows 7 computers from offline backups.

Oh, and for everyone, Avast (Piriform) totally incorrectly reported that no secondary payloads were dropped to anyone who received the initial payload, other than the identified targets. Why do I say this? Because I received the secondary payload on all of my home Win7 computers because my domain name was similar enough to one of the targets. Like I said, the secondary payload was so good that absolutely nothing other than GMER could randomly detect it as one or more unnamed running threads.

2 users thanked author for this post.

SueW, adj19

Thanks, @GoneToPlaid. I’ve downloaded GMER and will try it, but will wait until the issue recurs (based on the previous pattern, likely sometime today/tonight). I have a couple of monitoring tools running to keep tabs on resource usage and would prefer to keep them open for the time being.

That’s a real bummer that you got hit by a state actor just because your domain name was close enough to one of their targets. Good thing you had adequate system backups! I don’t have a domain name or run a website, so at least in that respect I wouldn’t expect to be targeted by major-league hackers, but you never know so I’ll keep GMER at hand.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I just replied to Cybertooth re GMER, yet I forgot to log in. That anonymous post was from me.

1 user thanked author for this post.

Cybertooth

@gonetoplaid, is this the sort of “no name thread” you had in mind? (See the middle line of the three shown.)

I didn’t run this with all other applications closed, but at this point I just want to knowif that’s the sort of result I should be looking for.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

? says:

With all the preceding technical advice I’m stumped as to why the problem isn’t visible. If your machine runs linux nominally you would would think the os and\or hardware isn’t the problem? I’ve never “grayed out,” windows 7 even running it on a 2002 Dell 4300 Dimension with an 845 intel board and 1GB ram and a 2.8ghz processor. I have grayed out linux many times running it on usb sticks though.

MSE wanted to run random background scans which would trigger higher cpu usage so I turned that off. I run with task manager and event viewer on to monitor and noticed lately that the svchost for the event viewer sucks up lots of extra RAM after updating MSE and even more after doing a quick scan, and since I sleep the system instead of turning it off, the only way to bring it back down is to close the event viewer and re open it.

‘m guessing that you have already opened the bottom of the event viewer and gone through all the logs there as well. So, I hope to hear all about how you fix this baffling problem.

Yeah, the basic problem is that it seems to build up gradually until reaching some threshold of inoperability (when it becomes evident that the PC is no longer working properly).

I’ve had Task Manager open to the Processes tab since last night, and this morning I launched the Resource Monitor in anticipation of something happening today. Before going to bed, I took a screenshot of the processes from Task Manager, sorted by memory usage (“working set”). First thing I did this morning was to check the current usage, and noticed that svchost.exe (NETWORK SERVICE) had gone up by 100,000Kb since last night.

I also notice that the computer’s response to my typing (as I type this) is clearly lagging. This wasn’t happening last night, but it has happened previously before Windows Explorer and browsing turned to molasses.

One other sign is that the thumbnails that normally pop up when I hover the mouse pointer over a taskbar icon, are no longer showing up this morning.

And yet Task Manager says memory usage is only at 46%.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Could you switch to TaskMan’s Performance tab, > View > check the Show Kernel Times setting and upload a screenshot please?

@satrow, here’s the screenshot you requested:

(FWIW, the view with Show Kernel Times selected looks identical to that without it selected.)

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

It’s showing kernel spikes of ~8%, that’s above the limit where the most sensitive gamers would notice the ‘lag’ and around the point where I would begin to detect it – try dragging a window around the screen and see if you notice the kernel line more that way (you might even notice/feel some ‘stutter lag’ as you do so)

It’s often better to show CPU% as one graph, you can then see several minutes of ‘action’ when you drag TaskMan to full width, dragging the height to 10 squares to the graph makes it easy to work out the %. Open a screenshot in the native photo viewer and enlarge it to see the kernel activity clearer.

There’s little sign of excess paging, the pagefile’s using @1.2GB max. It might be a ‘bad’ driver, what’s the audio output like, any stuttering/dropouts?

Your other stats look reasonable (but I use a very restricted subset of the W7 default Services, etc., so it’s difficult for me to do any direct comparisons), could be some startup software, maybe something resident installed by the PC OEM (I’ve seen an HP with their software ‘helper/updater causing similar issues.

Here’s my rig’s current stats, long uptime but basically just 2x browsers running:

1 user thanked author for this post.

Cybertooth

I finally saw what you mean: it’s the red line, which was hard to see before putting Task Manager into full-screen mode.

The spikes continue at about the same magnitude as you said.

FWIW, back in the Processes tab, the RAM Working Set used by svchost.exe (Network Service) keeps climbing. Last night it was at 426,000K, this morning it was up to 530,000K, and now it’s reached 608,000K.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Right-click the offending svchost.exe and select ‘Go to Service(s)’ in the dropdown, list/screengrab the highlighted Services.

Cybertooth wrote:

@gonetoplaid, is this the sort of “no name thread” you had in mind? (See the middle line of the three shown.)  I didn’t run this with all other applications closed, but at this point I just want to know if that’s the sort of result I should be looking for.

Yes. In GMER, every running thread should list the full path and file name which launched the thread. If GMER can’t see the path and file name which launched the thread, then neither can the OS. Apparently MBAM can’t see it either.

When I got the secondary payload(s) via the infected CCleaner, GMER intermittently would show that I had around a dozen running threads with no name — as in no path and file name which launched those threads. Installing the updated CCleaner which claimed to remove the initial payload did not resolve the issue. System Restore did not resolve the issue. I downloaded and tried several AV and rootkit scanners. None of them could detect anything. Only GMER did. I had to restore all of my computers from offline backups after booting using Macrium’s USB recovery media.

The following is just the first step. Please download and run MalwareBytes Anti-Rootkit (MBAR) BETA from here:

https://www.malwarebytes.com/antirootkit/

See if MBAR can identify any installed rootkits. Do not try to remove any identified rootkits until we are sure about what you have been infected with. Removal procedures of any rootkits, back doors, and any additional payloads can depend on what was identified. You may have to get tailored help from one of the online specialty forums which assists users in properly removing whatever was identified, to make sure that nothing else has been missed, and to clean up any remaining damage.

I need to know what version of MBAM you are using, and if you are also running any other type of AV software along with MBAM.

2 users thanked author for this post.

Cybertooth, geekdom

MBAR reports the system is clean:

Meanwhile, GMER reported (abeit with several programs open) a “rootkit”…

…which when hovering over it in Windows Explorer turns out to be the “BitDefender Active Threat Control Filesystem Minifilter”. VirusTotal gives it a threat score of 0/66:

You’d asked for the version of MBAM and what other AV software I’m using. It’s MBAM Free v.3.6.1. I also use BitDefender Free and HitmanPro.Alert (paid). Used to have Norton Internet Security on this machine.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

? says:

maybe run Sysinternals:https://docs.microsoft.com/en-us/sysinternals/downloads/

Autoruns? i found a process named simply “X” on Vista years ago.

also Process Explorer, can drill down all the way,

and Process Monitor with the correct filters set.

i run them live from the web site, or from a stick so i don’t have to download them to my machine(s). if you want to go all the way or need to, then get the “symbols,” file. you can run virus total as well? happy hunting and i hope you find a resolution soon!

1 user thanked author for this post.

Cybertooth

Thanks for the good wishes. I’ll run one of the programs you suggest and see what turns up.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

? says:

i don’t like it when the windows mystery problems pop up, if you aren’t familiar with the Sysinternals tools there was a long learning curve for me, i guess the Autoruns would show any extra baggage in the quickest way. if you close the Event Viewer does the memory drop off accordingly? you can get the process number of  offending svchost (network service) in task manager and track it from there…

fingers crossed!

2 users thanked author for this post.

Cybertooth, geekdom

The process ID for the instance of svchost.exe that I’m suspecting is 1792, which is associated with Cryptographic Services, DNS Client, Workstation, and Network Location Awareness.

I’ll see if I get the chance to launch Autoruns tonight, it’s going to be a busy evening at home.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

? says:

no worries, hope you can use the tool(s). if you go to the link at the bottom of the individual tool pages there is an option to run “live,” or download. i put them on my toolbox stick. the only trace i find is in the registry having to do with the license to use. HKLM>SOFTWARE. you can delete the entry with no apparent adverse effects if it offends you. there is a quick guide to using Autoruns on howtogeek:

https://www.howtogeek.com/howto/12837/use-autoruns-to-manually-clean-an-infected-pc/

some others on google as well.

the Process Explorer is a pumped up version of task manager and you can go to the process and drill down to the individual threads in the offending process. if you mouse over the individual svchost(s) there is a detailed description of the individual processes within.

https://www.howtogeek.com/school/sysinternals-pro/lesson2/   and/or,

https://www.pcworld.com/article/3181348/software/how-to-use-process-explorer-microsofts-free-supercharged-task-manager-alternative.html

the Process Monitor is more intensive as it grabs a sample of the selected running processes and allows the user to peer inside.

sounds like you are on the right track having identified the suspect components of the surging svchost.

seems that GTP has isolated the problem regarding the 3rd party program? MBAM?

p.s. running 120 processes? my win 7 is trimmed down to 28 32 with the intel bluetooth running.

nominal at 600mb memory in play.

cheers!

Cybertooth wrote:

MBAR reports the system is clean. Meanwhile, GMER reported (abeit with several programs open) a “rootkit” which when hovering over it in Windows Explorer turns out to be the “BitDefender Active Threat Control Filesystem Minifilter”. VirusTotal gives it a threat score of 0/66.

You’d asked for the version of MBAM and what other AV software I’m using. It’s MBAM Free v.3.6.1. I also use BitDefender Free and HitmanPro.Alert (paid). Used to have Norton Internet Security on this machine.

Alrighty. It appears that your computer is clean. Give me a few minutes to review your original post and comment since I want to suggest two possibilities.

Cybertooth wrote:

My Windows 7 computer has had an annoying issue in recent months. A few (2-3) days after a reboot, both Internet browsing and Windows Explorer start getting very sluggish. No matter the browser, websites open slowly and applications take 30 seconds or more to open. Even the Start menu and the Notification Area take a long while to respond to clicks. Sometimes (but not always) the taskbar grays out while the PC is doing whatever it thinks it’s doing, then finally it comes back to the usual color and the desired action finally takes place. Eventually, Internet browsing comes to a complete halt as I can’t reach new sites or even refresh open tabs. Anybody have an idea of what could be going on?…

None of this has made any appreciable difference: I’m still having to reboot the machine every couple of days because Explorer slows down to a crawl and Web browsing ceases to function. I suppose I could go in and stop or disable some services, but I don’t feel comfortable enough in my Windows knowledge to just start disabling services, although I do have some possible candidates. The PC is Group B, updated through the September patches (haven’t yet applied the recently green-lighted October set). What could be causing this? Web searches haven’t been particularly helpful because I have twin problems and everything I’ve found refers to one OR the other of these issues, but not both together.

Hi Cybertooth,

Thanks for your reply about which version of MBAM you are using. You stated that you are using MBAM 3.6.1. Have a look at this MB page which lists the issues which have been (or supposedly have been) fixed in each of the recent releases:

https://www.malwarebytes.com/support/releasehistory/#malwarebytes-premium

In particular, note that the 3.5.1 branch supposedly: Fixed issue where anti-ransomware module could cause high CPU and memory use.

MBAM version 3.6.1 (which you are using) was released back on September 19, 2018. MBAM version 3.5.1 was released back on May 8, 2018. This time frame may be significant since you mentioned that you have been having the issues you described “in recent months.” The upshot is that your issue may be with MBAM’s anti-ransomware module. You can disable the MBAM Anti-RransomWare (ARW) module and see if your issues go away.

A good way to check if it is indeed the MBAM ARW module which is causing your issues is to do the following:

1. Keep the ARW module enabled.
2. Open Task Manager and turn on the columns which I indicated with a yellow box in the attached image.
3. Watch and see if the memory Working Set and/or the memory Private Working Set for some, many, or all programs increases over time. This would indicate that the ARW module is causing the memory Working Sets to grow over time, and that the ARW module is not performing proper memory cleanup. Many years ago (around 2010) Panda’s free cloud AV program had the exact same issue.

You might notice that the Page Faults column for my computer (in the attached image) shows thousands of page faults for every running process. All of these are completely harmless soft page faults. These soft page faults are generated by Panda because Panda operates differently in comparison to nearly all other AV programs. This is also why Panda never required the special registry key when Microsoft implemented its first attempts to mitigate Meltdown back in January 2018. I am not trying to plug Panda in any way. I simply wanted to explain why my computer shows thousands of totally meaningless soft page faults. On the other hand any hard page fault is the result of bad programming, and should never occur except possibly when testing programs which are in the alpha stage of development.

Now do the following:

1. Disable MBAM’s ARW module and reboot.
2. Open Task Manager and monitor step #3, above, to see if your issue is resolved.

If your issue was resolved, then perhaps MBAM is having a conflict BitDefender? I am guessing that you are running both MBAM and BitDefender at the same time? One should never run more than one AV program at a time, unless the other AV program (such as HitmanPro.Alert) was specifically designed to not interfere with other AV programs.

A note about HitmanPro.Alert. I too paid for it — 3 licenses. Yet I stopped using it for two reasons. I had some compatibility issues, and testing of this and similar types of products indicated that these products were marginally effective. Instead, there are entirely new classes of anti-ransomware and anti-exploit products which have become available.

Best regards,

–GTP

 

2 users thanked author for this post.

cesmart4125, Cybertooth

@Gonetoplaid, thanks a bunch for the detailed instructions.

I’m using MBAM Free, which doesn’t have the ARW feature activated:

We may need a different approach, then. What do you think?

I did add the columns you suggested to Task Manager and am monitoring them anyway, since the pattern you identified could of course still be going on, but caused by something else.

Thanks, too, for the insights about HitmaPro.Alert. I’ve been using it for a couple of years and am satisfied with what it does (most of the incompatibilities have been ironed out), but I’m definitely curious about the new classes of anti-exploit products that have come out in the meantime.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

All right, it’s happening again. I’m typing this from a different PC.

Browsers having trouble opening new web pages or refreshing currently open ones (although it hasn’t come to a complete halt yet), and the Taskbar grayed out while I was trying to maximize an open program (Windows Photo Viewer, to see the previous Task Manager screenshots for comparison), although eventually it managed to open. The same thing happened when I wanted to maximize the Resource Monitor.

Working Set memory in svchost.exe is at 760,056K and Private Memory at 694,004K. Page faults are at 10,129,349 and climbing, FWIW.

The subprocesses involved in process ID 1792 are CryptSvc, Dnscache, LanmanWorkstation, NlaSvc, and TapiSrv.

CPU usage is at 4-5%.

As a test, I tried opening the Hard Disk Sentinel discussed earlier in this thread. It requires elevated rights, and the prompt for that took several seconds to come up. Took about a minute for the program to launch. Next I closed it by clicking on the red X button and it took 30 seconds to close. There was also a “(Not Responding)” indication after the program name in the title bar.

Firefox window opened but the browser can’t load the home page (Startpage.com).

Now one very surprising thing I found in Resource Monitor: the Network section shows several processes under svchost.exe as having the address “(www.)facebook.com.” [Note: I added the parentheses because when I type the actual address shown by Resource Monitor, the blog software here automatically adds “http://&#8221; to the address, which is not what I’m seeing. Grrr!!!] For some of these, under the “Image” column right after “svchost.exe” it says “(LocalService)”, while for others it says “(LocalServiceAndNoImpersonation)”. Why on earth would svchost.exe be interested in Facebook, and what is this “no impersonation” business??

What may make this even more interesting is that I have (www.)facebook.com (as well as facebook.com) in my hosts file as a no-go zone. (I did the same thing on my Vista PC and it hasn’t experienced any slowdown or other issues.)

And for some reason, some of the programs I’m running also have PIDs associated with (www.)facebook.com, including BitDefender, Heimdal Pro (another type of security software), and even Pale Moon. I took a screenshot but I couldn’t save it to this computer via the network, nor could I of course post it via the affected PC; I had to save it to a USB drive and bring it over to this computer to attach to this post:

And that’s about all I can report tonight.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Alrighty. You pulled the original SSD which you clowned to a new SSD? Perhaps it is time to take the original SSD to a local shop and have them scan it for rootkits and malware. At this point, you so do need to know what you are dealing with.

1 user thanked author for this post.

geekdom

Hi @gonetoplaid, I’m in the process of checking the previous SSD. Scanned it with Norton 360, Norton Power Eraser, and HitmanPro on one computer, and it came out clean. Currently it’s being scanned by MBAM Free on another PC, after getting examined by BitDefender on that same PC without issue.

For good measure, I also intend to check it with the Eset and F-Secure online scanners, as well as the TrendMicro Anti-Threat Toolkit and the Emsisoft Emergency Kit.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

This is no more than a guess, but you mention the Cryptographic (CryptSvc) service being in the process giving you problems above. I have been having problems with that service and outgoing internet accesses for a few months. I first wrote about it on AskWoody back in May at https://www.askwoody.com/forums/topic/patch-tuesday-problems-and-fixes-but-theres-no-cause-for-alarm/#post-191998.

As hinted by my follow-on replys this issue persisted and every few weeks a fresh batch of unrecognised outgoing accesses for the then unknown to me “thing” using svchost.exe occurred and I just added the new IP to my blocking list. A few weeks ago I realised that this had become a long list so I started to look into the issue.

I searched online to see if there was any pattern to the IPs and found that they were for one of the large ISPs here in the UK (Virgin Media and NTL its previous name before re-branding), Google and something called “AS3356 Level 3 Parent, LLC” in the USA (some server company?). None of these struck me as particularly good or bad in themselves although I had no known reason to contact them.

To try to narrow down what was making the outgoing accesses I separated out the services into separate processes as I described towards the end of my post earlier in this thread https://www.askwoody.com/forums/topic/windows-7-pc-gets-very-sluggish/#post-230785 This showed that it was the Cryptographic Service (CrptSvc).

Its description in the services window indicates that among other things it “retrieves root certificates from Windows Update” which to me (a non-expert) suggests that it should make internet accesses to update things? It was then a question of trying to find an appropriate Windows Firewall outgoing access rule to allow CryptSvc to actually work, even though I tried rules to allow TCP, UDP, any protocol and even any service I still got the same issue. The only thing which worked was to set up a svchost.exe rule which allows outgoing access for anything (all programs and services)! As I understand it, in Windows anything can use svchost.exe, so basically this is opening the outgoing door for anything in the PC which seemed too loose to me.

I eventually found a work-around at  https://social.technet.microsoft.com/Forums/en-US/27ded2ad-cc85-4c0a-9b41-c6b469a20aab/windows-firewall-and-windows-update-win-81?forum=w8itpronetworking by the contributor “Uwe” on Tuesday, June 13, 2017 towards the end of that thread and this has worked for a couple of weeks now. BTW: Uwe’s step 5 “Add a firewall rule to allow outgoing traffic for mysvchost.exe.” means an outgoing rule to “Apply to all programs and services”, but “mysvchost.exe” is only used by CryptSvc as set in the Registry (Uwe’s step 4), so essentially the filtering is done by the Registry setting not the firewall rule. Neat!

Now how does any of this relate to your issue? Honest answer is I do not know if it does, but consider:

1) CryptSvc may be implicated in both our problems.

2) We have both had problems for a few months, but the problems are intermittant and are not triggered by any obvious event.

3) Are your unexplained Facebook accesses the same sort of thing as my unexplained Google, VM and AS3356 Level 3 Parent, LLC accesses? Is CryptSvc trying to get updated Certificate data from these places as just general sorts of places where such data may be found? I don’t know!

This is just speculation, but it might be good idea to separate out the 5 services including CryptSvc you mention above into separate processes as I describe in #230785 above to see which of these it is which is causing your problem to narrow things down further. (This does involve a PC reboot, so you may need to wait a further few days for a result.)

HTH. Garbo.

 

1 user thanked author for this post.

Cybertooth

Garbo, thank you very much for the ideas and links.

I read them and will have to think about it carefully. I don’t know very much about networking and firewalls, and when I run up against a rule like “default deny block incoming TCP” (or whatever, this is just a made-up example), my limited mind stumbles over the double negative: OK, so am I “blocking” the action, or am I “denying” it, or am I “denying the blocking”…??? Before long I start feeling like this:

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

What is “CryptSvc” for, and who needs it?

If the answer is “not much” and “no one in particular”, then if one disabled it, would that be, as one might hope for the sake of Cybertooth’s mental health, the end of this story?

(Added later) Or maybe not:

https://www.bleepingcomputer.com/startups/cryptsvc.dll-25643.html

Sorry, Cybertooth!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Cybertooth

Yeah, the Cryptographic Services is pretty important, unfortunately.

I’m not sure that I’m up to the task of digging so deep into the workings of Windows, or of monitoring network traffic with any hope of pinpointing the source of the problem. I think that, as a practical matter, beyond what I’ve already tried my choices are now limited to:

1. Living with the problem indefinitely;
2. Replacing Windows on that box with Linux.

The prospect of re-installing all the programs I have on there is so disheartening as to be out of the question for me. If it came to that, I really would rather run with the penguins.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

? says:

Cybertooth,

not wanting to “flog the dead horse,” i hope you aren’t “infected,” if you want to look at your network traffic while the sluggish is going on try netstat if you don’t have another traffic analyzer (like wireshark)

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netstat

“netstat -n -o” you can set it to self update with a seconds elapsed, like so: netstat -o 5, for refresh every “5” seconds, then you can look up the ip addresses?
<pre class=”x-hidden-focus”>

1 user thanked author for this post.

Cybertooth

That sounds good. I’ll run netstat next time the PC slows down (after this morning’s reboot, I expect that to be happening by the end of Saturday).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Just to give an idea of the virtual hopelessness of tracking down something like what I’ve been experiencing, consider the following.

In the space of 16 hours between Wednesday night (when the sluggishness recurred) and mid-day Thursday (when I rebooted the PC), Event Viewer shows 28 instances of Event ID 7011:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

So I looked up Event ID 7011 and found this Technet article. The recommended “solution” is to increase the default time value, which struck me as singularly unhelpful. And indeed, one comment below the end of the article characterizes this idea as,

Something like your car engine is noisy, turn the radio volume up.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

I am confident that your computer is not infected. Please try resetting Windows Firewall to its default values and then reboot. I suggest this since I have seen some funky problems with Windows Firewall, even when it is disabled and when I am using a third party firewall. I also suggest this if you did have a previous malware infection in the past which you removed. Did you have any previous malware infection in the past which you thought that you had completely removed? If yes, then even though the malware infection itself was removed, then it could have affected other things — such as Windows Firewall.

Just a thought for what its worth.

Best regards,

–GTP

P.S. And if the above doesn’t resolve your issues, then I will ask you to PM me a full Speccy output as a text file. Before you do so, I will post instructions about how to remove confidential information from the Speccy text file.

 

1 user thanked author for this post.

Cybertooth

@gonetoplaid, I don’t remember this PC ever being infected with malware.

I’ll reset the Windows Firewall (it used to be managed by Norton Internet Security, when it was installed here) and reboot. That will push out the next expected episode of sluggishness to Sunday instead of Saturday.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

It’s not hopeless, you need to troubleshoot and break it down logically to localise the error/misconfiguration/infection/hijack or w/e.

Describe what hosts file you have and the size; a large hosts file + DNSCache enabled = ‘lag’ + probably those, or similar, errors in your logs. My hosts file is 18+ MB, DNSCache is disabled.

Next step might be to compare network settings for your browser(s) against the Internet Options in Control Panel, Connections tab and LAN settings. My settings are manually set as below:

1 user thanked author for this post.

Cybertooth

@satrow, my hosts file is 445KB. I use the hosts file provided by Safer Networking (the folks who make Spybot Search & Destroy). I also added Facebook to the hosts file.  🙂

In the LAN settings dialog, I have “Automatically detect settings” checked. And in both Pale Moon and Firefox, in Connection Settings I have “Use system proxy settings” checked.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

satrow

Now deselect ‘Automatically detect… ‘ and set the browsers for ‘No proxy’ and give it a test.

? says:

Cybertooth,

humm, burning up lots of air time on this, best bet would be to find the offending process(s) and go from there. using task manager is a good start and Process Explorer makes it possible to get down even further.

maybe you have looked at your dns cache using ipconfig? and what happens if you flush it?

https://en.wikiversity.org/wiki/Computer_Networks/Ipconfig/DNS_Cache_Options

lots of moving parts involved which is why i take everything off that i don’t need so any problem that may arise stands out and can be dealt with. i’m hooked directly into the DHCP and don’t use any sort of proxies so someone else who is a proxy person may have good advice there. i run with the stock “acme” hosts file.

i do hope you soon find out what the problem is without to much additional brain damage, and would love to learn about the solution.

PS GTP’s “take it to the shop, ” is always a viable option if you become weary have a reputable and affordable local “Geek Squad.”

 

1 user thanked author for this post.

Cybertooth

I did wonder if it might help to flush the DNS cache and start that fresh.

OTOH, all these measures seem to be aimed at fixing the Internet part of the sluggishness, but there’s still the Windows Explorer sluggishness part which is what made researching my problem so maddening.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth,

Explorer often probes the network and can turn awfully slow when for example, you have a network drive for a VPN that isn’t yet connected… It seems like it waits for a network timeout before responding again. I help someone with a computer that is set up like this, so you open Explorer and you need to wait a while whenever the VPN isn’t connected, so I wouldn’t be surprised if your problem is network related that you might have issues with Explorer as well as the browsers.

1 user thanked author for this post.

Cybertooth

@alexeiffel, thanks for explaining how Windows Explorer and Internet surfing could be related. I didn’t know that was possible. So maybe if we fix one side of the issue, that’ll take care of the other side.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

AlexEiffel

Time to make a fresh data backup (if you don’t have one) & reinstall from scratch.

2 users thanked author for this post.

BobbyB, Cybertooth

Ugh, that would definitely be a last resort, and one against which I would seriously weigh just making the switch to Linux if I’m gonna go through all that pain anyway.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

It would definitely be less work than that to take a backup, then start uninstalling things and retesting.  Trial and error, narrow it down, then when you know, restore the backup and uninstall just the thing that’s malfunctioning.  If it’s software at fault, of course.

From what you wrote, I don’t think it’s a network issue.  Slow/blocked connections to or from the network should not slow the entire system, including the start menu and such.  If it’s not a process grabbing all of the memory and it’s not a process grabbing all of the CPU time, my gut says a driver… or hardware, of course.  I haven’t seen all of the thread, but I know you’re familiar enough with Linux to know you could use a live USB drive to test it.

Edit: Ha!  This is a non-sequitur in context.  I thought of the Linux comment and conflated that with the Aero theme comment in another thread.   I was thinking that other comment was written here, but since I already wrote this here, I will leave it for continuity.

I’ve seen a lot of themes that claim to be Windows 7ish for various desktop environments, but I’ve never tried any.  I’ve always liked Classic!

For KDE, what they call widget themes are really more or less their own theme engines– you can grab a new engine like QtCurve from the repo, select that in the Widget themes option, and then check out the QtCurve themes available, or make your own with the extensive options in the UI.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

OK, I’ve reset the Windows Firewall as @gonetoplaid recommended and also made the changes to the proxy settings that @satrow proposed, then rebooted.

Based on previous experience, we won’t know what effect these steps may have until sometime Sunday.

P.S. I also have the Brave browser (which is based on Chrome/Chromium), but I haven’t found a way to tweak the proxy settings there as with IE and FF/PM.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Progress report: after making the changes that satrow and gonetoplaid recommended, I rebooted. This has been the experience tonight:

* Pale Moon started acting sluggish as soon as I opened it, with repeated “(Not Responding)” episodes and a spinning circle as I tried to scroll around or type text here.

* The Brave browser (for which I couldn’t find the way to change the proxy settings) is taking inordinate amounts of time loading websites, but it seems to work normally afterward.

* Launching non-browser applications is also taking unusually long times. Resource Monitor shows a spike in network activity when launching a program, although that might be related simply to the application’s looking for updates.

I haven’t seen the taskbar graying out.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Revert the changes I suggested and see if there’s any difference in behaviour. A reboot shouldn’t be necessary but pages might need forced reloading (Shift + Refresh/reload/F5) or browsers restarted.

What’s the kernel activity been like since the reboot? Does Resource Monitor indicate any activity on the data drive?

OK, the browsers are behaving well now, with no slowdowns. Launching applications is also back to normal.

According to Resource Monitor, most of the disk activity that’s taking place is on the system drive (the SSD). In Task Manager’s network tab, there’s the occasional kernel spike up to 13% or so.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I noticed tonight that the Hard Disk Sentinel is reporting that my data (not OS) HDD’s health is at “45%,” with 8 “bad sectors” that “were moved to the spare area,” 264 “weak sectors,” and 216 errors that “occurred during data transfer.”

Is it possible that the data drive could somehow be the cause of all these troubles, or is this more likely an unrelated issue?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Yes, it sure can, if there’s anything over there it’s trying to read.  What is on the data drive?  Is it feasible to move the data to the boot drive or to disconnect it for the test?  I would consider that drive to be extremely suspect and prone to fail at any time, so rescue your data while you can!

It could even be a background process reading the data… defragger, antimalware, that kind of thing.  If it tries to read data from a sector that the drive is having difficulty reading, it will keep trying to read the data for a while, and the entire system can drag down while it’s waiting for the drive to provide the data.  I’d say there is an excellent chance you found the issue, and at the very least, get your data safe while you still can.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

2 users thanked author for this post.

geekdom, Cybertooth

The HDD contains downloaded files and programs, PDFs saved from the Web, and Windows Media Center recordings (mostly World Series and playoff games 🙂 ). It definitely would be feasible to disconnect it for a few days to see if the slowness issue goes away.

Hard Disk Sentinel rates this 45% health level as “acceptable,” but like you I’m dubious. Out of curiosity, I changed the “health calculation method” from default to a stricter method “recommended for servers,” and that yielded only a 13% health rating. Whether or not this is the source of the sluggishness, it looks like I’ll be making a trip to Amazon or Staples very soon.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Sure can, Cybertooth. I once had a PC that became extremely slow because I think Windows keeps retrying to read the sector it can’t read over and over without telling you. Switching the HD solved the problem.

So it would also make sense that at some point after many hours on, you come across this same bad zone of your disk and then you start slowing down.

 

1 user thanked author for this post.

Cybertooth

Thanks, @alexeiffel. Looks like the experts agree that it’s possible for a troubled drive to cause the symptoms I’ve been describing.

We’ll know for sure by early next week if replacing the HDD takes care of the problem.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

AlexEiffel

The HDD contains downloaded files and programs, PDFs saved from the Web, and Windows Media Center recordings (mostly World Series and playoff games 🙂 ). It definitely would be feasible to disconnect it for a few days to see if the slowness issue goes away.

Hard Disk Sentinel rates this 45% health level as “acceptable,” but like you I’m dubious. Out of curiosity, I changed the “health calculation method” from default to a stricter method “recommended for servers,” and that yielded only a 13% health rating. Whether or not this is the source of the sluggishness, it looks like I’ll be making a trip to Amazon or Staples very soon.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth wrote:

I noticed tonight that the Hard Disk Sentinel is reporting that my data (not OS) HDD’s health is at “45%,” with 8 “bad sectors” that “were moved to the spare area,” 264 “weak sectors,” and 216 errors that “occurred during data transfer.” Is it possible that the data drive could somehow be the cause of all these troubles, or is this more likely an unrelated issue?

Like Ascaris said, this sure can cause issues. Please install and run Piriform’s Speccy and upload a screen capture for the affected hard drive, similar to my attached screen capture. Also, is System Protection enabled on the affected hard drive? Please see my other attached screen capture.

Hi @gonetoplaid, System Protection was enabled on the HDD.

Here’s the screenshot for that disk:

Let me know if you need to see the SMART info at the bottom of the page.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

Can you post another screenshot which shows all of the S.M.A.R.T. table?

This was my post. I forgot to log in.

I looked up that Seagate drive’s model number. It is reliability issues and is one of those drives for which Seagate knocked its warranty period down to 1 year. You should immediately copy as much salvageable data as you can to a new hard drive. If you use a backup utility to clone the drive, you will have to configure the backup utility to ignore errors. Macrium Reflect, for example, has a setting to ignore errors.

1 user thanked author for this post.

Cybertooth

Thanks, @gonetoplaid. I’m getting a new HDD and copying this one over to it this weekend. (Sorry Amazon, you’re just not fast enough 🙂 .)

Here’s the screenshot of the rest of the SMART data for that disk:

In the first screenshot, oddly, Speccy calls this one an “SSD” (see after the model number).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hello Cybertooth and everyone else,

I am glad that you are getting your drive’s data copied over to a new hard drive. I just went through this exact same [edited] about a week and a half ago (having to immediately clone a few Seagate hard drives to new hard drives), after discovering that Seagate’s 3TB hard drives are the subject of a class action lawsuit.I had a few of the Seagate 3TB hard drives which are at issue. My only saving grace which prevented failure was that I never defragmented any of my 3TB hard drives in nearly 5 years of operation.

I think that the issue was an inherent flaw in Seagate’s newly advertised (at the time) “magnetic shingle recording technology” (or something like this description) in which written data was allowed to somewhat overlap previously written data on adjacent tracks and sectors, and along the tracks and sectors themselves.

I believe that more hard drive models from the original manufacturing time frame (2012, 2013, and possibly into the first quarter of 2014) should be involved in this class action lawsuit.

Following are some URLs for interesting reading about both the Seagate 3TB hard drive failure rates and about the class action lawsuits. The last URL is a link to the law firm which has filed two class action lawsuits regarding the defective 3TB Seagate hard drives:

Backblaze pulls 3TB Seagate HDDs from service, details post-mortem failure rates

Seagate faces class-action lawsuit over 3TB hard drive failure rates

Seagate Hard Drives — Hagens Berman — National Class Action Litigation Firm based in Seattle, WA

Note that I do not consider any of Seagate’s more recently manufactured hard drives to have any issues. In fact, I am using over a half dozen of them within my home computers. The upshot is that I believe that this is a “manufacturing time frame” thing in terms of whether or not one is using a Seagate hard drive which is potentially vulnerable to a sudden and relatively quick failure.

A warning to all: If you are using a Seagate hard drive which was manufactured at any time from the beginning of 2012 to early 2014, and if Piriform’s Speccy utility shows more than zero reallocated sectors, either copy the data from that hard drive to a new hard drive, or clone the hard drive to a new hard drive.

Best regards,

–GTP

2 users thanked author for this post.

SueW, Cybertooth

GoneToPlaid, Well, this is disturbing news: “A warning to all: If you are using a Seagate hard drive which was manufactured at any time from the beginning of 2012 to early 2014…”

(1) How does one tell if a Seagate external hard drive is ca. 2012 – 2014? There are no dates on the cover of the HDs, at least the one I have. And the cover is glued to the base plate.

BTW: I have a 4 TB Seagate HD I bought last year to use as a “Time Machine” for my Mac.

(2) What is the difference between “copying” and “cloning” the contents of an HD to another?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

@gonetoplaid, the HDD is being imaged by Macrium Reflect as I write this. Just one thing: in an earlier post, you wrote that

If you use a backup utility to clone the drive, you will have to configure the backup utility to ignore errors. Macrium Reflect, for example, has a setting to ignore errors.

I’m pretty sure that tonight I neglected to do that in Reflect. Would you recommend going back and repeating the process, this time making sure to adjust that setting for the image?

(In case it matters, I’m “imaging” the drive rather than “cloning” it. That is, I’m making an image to an external drive and then putting that image on the replacement HDD.)

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

The “ignore errors” setting is necessary when Macrium Reflect cannot finish because of errors.  If you get it imaged successfully, you should be good.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Cybertooth

It’s a Seagate, so you can go to the Seagate site and download their Seatools utility.  It has a Windows version and a bootable .iso version.  After the backing up is complete, you might want to run that and see what it comes up with.  My guess is that it will not give the drive a “pass” as it is.  Tools like that can sometimes revive a drive, but that would depend on whether the soft and hard error sectors are constant or whether they are constantly increasing.  If they’re stable, the software can scan and mark any sectors with errors bad, so the drive will never try to use them anymore.  If no more bad sectors appear, the slowdown and the risk to your data will be gone– but that’s a very big IF.

The sudden appearance of bad sectors in some areas of the drive is often just the beginning.  I’ve tried to resuscitate drives that have started on this downward spiral, and often the new errors start happening during the repair scan, getting to the point that it will take weeks to finish the job at the current rate.  In other instances, it may finish the scan and pronounce the drive repaired, but as soon as you put it into service again, the soft sectors start appearing again, then start turning into hard errors, and the whole thing begins again.

I have a drive that is now in my backup server that had a couple of soft sectors on it.  No hard errors (sectors where the error is so severe that the data is completely unreadable, rather than one that takes a while to read but is ultimately recoverable), but just the soft errors were enough to cause me to want to investigate further.  I did a repair scan using, I believe, the HGST tool (it’s a Hitachi drive, from the time before they became HGST), and it fixed a few soft errors and pronounced the drive okay.  I don’t trust it fully… I keep redundant backups on it, things that it wouldn’t be catastrophic to lose (a backup of a backup of the original, so I would have to lose the original and the backup before the one on the HGST would ever be needed).  It’s been running fine for a couple of years since then, with no more issues in SMART.

My trust is a little bit better on that drive now that it has behaved for a long time, but then I don’t really trust any drive all that much anyway.  I’ve had too many suddenly fail without warning to ever trust them very much!  Always have your data in at least two places, and more is better.  For each of my important PCs, I have multiple levels of backup on my backup server, on different drives (it has five drives, I think), and I have another one on my WD external HDD, and yet another on my Seagate HDD.  I’d go even further and use something like Backblaze too, safely encrypting things locally before I send it, if I had enough upstream bandwidth.

If Seatools can fix the drive, you can put it back into service, but don’t use it for anything that would break your heart to lose.  With what GTP said about that model, I’d always be suspicious of it even after it was fixed.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

@ascaris, maybe it’s a coincidence (or maybe it’s not), but today for the first time I noticed that, on opening Windows Explorer, the HDD in question had a yellow triangle with a “!” inside. The SSD (system drive) has a green circle with a check mark inside it. Hmmm.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

If you right click the drive in Explorer, then go to the Hardware tab, what does it say for the drive in the info box at the bottom?  Normally it would say it’s working properly, but that ! icon suggests that Windows has a message about that.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

All it says is “This device is working properly.”

Wonder if running Hard Disk Sentinel somehow suggested to Windows that “something” is wrong with the drive despite its “working properly.”

Device Manager doesn’t show anything wrong with the HDD, either.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Can you publish a screenshot of the SMART data as recorded by HDS?

Probably the overlay over the drive icon is added by HD Sentinel.  I’ve never seen those indicators myself!

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Cybertooth wrote:

Hi @gonetoplaid, System Protection was enabled on the HDD. Here’s the screenshot for that disk: Let me know if you need to see the SMART info at the bottom of the page.

I looked again at your posted screen capture. Note that the raw values for for the read and seek error rates are through the roof. This Seagate drive is failing and is the cause of your issues.

OscarCP wrote:

GoneToPlaid, Well, this is disturbing news: “A warning to all: If you are using a Seagate hard drive which was manufactured at any time from the beginning of 2012 to early 2014…” (1) How does one tell if a Seagate external hard drive is ca. 2012 – 2014? There are no dates on the cover of the HDs, at least the one I have. And the cover is glued to the base plate. BTW: I have a 4 TB Seagate HD I bought last year to use as a “Time Machine” for my Mac. (2) What is the difference between “copying” and “cloning” the contents of an HD to another?

First, I need to revise the date range to very late 2011 to possibly early 2015, depending on how long a given drive model was manufactured.

You can use Speccy to get the hard drive’s model number and its serial number. You can Google the model number to see when it was first introduced to the market.  Googling Cybertooth’s drive model ST2000DL003, it appears that it was announced in December 2011. Here is info about his HDD:

https://www.storagereview.com/seagate_barracuda_green_2tb_review_st2000dl003

You can type in your Seagate drive’s serial number into this Seagate Warranty page to get info about your drive’s warranty and its model number:

https://www.seagate.com/support/warranty-and-replacements/

I did this for Cybertooth’s drive serial number. Attached is a screen capture which shows “Warranty Information Not Available. Please contact support.” So then I clicked on the green Product Support button which took me to another web page. I then clicked on “See all documents” and downloaded the PDF data sheet which is dated 2013. I was shocked to see, for the HDD models listed in this data sheet, that the rated Power-on Hours is only 8760 hours or exactly 365 days. Here is a link to the data sheet for Cybertooth’s HDD:

https://www.seagate.com/files/www-content/product-content/video_3_5_pipeline-fam/pipeline-hd/en-us/docs/video3-5-hdd-ds1783-3-1309us.pdf

 

1 user thanked author for this post.

Cybertooth

GoneToPlaid,

Thank you so much. I googled, as you advised, my model number, and got from this site: https://www.storagereview.com/seagate_4tb_backup_plus_portable_drive_review the news that it was introduced in mid-2015, so it is probably outside the “danger zone” that you mentioned. Because I am using this external HD to back up the Mac, I can always replace it with another HD if this one were to fail, and the “Time Machine” utility will automatically  back up the whole Mac’s internal disk into the new external one when I plug it into the Mac, so that is covered. But it is not happy news that Seagate disks are defective. Particularly low-cost, high-capacity ones such as those of this model, that is bound, for both reasons, to be a popular one that is likely to have been selling well.

Now I am hoping that the problem with some Macs’ SSD that Kirsty brought up the other day is not one I may have to deal with, ever: https://www.askwoody.com/forums/topic/apple-recalls-issued-nov-9th-2018/ Fortunately, mine has a 15″ screen, the problem, apparently, being only with 13″ machines.

Also, I hope Cybertooth finally finds a solution to the very annoying problem that is the main topic discussed here, but manages to do so without having to rebuild the PC, or vastly modify the software that runs on it.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Cybertooth wrote:

I’ve been dealing with this thing all day, which is why I haven’t been posting today. Here’sw what’s happened since last night: Went to bed making an image of the failing HDD with Macrium Reflect. (@gonetoplaid: Since you asked, the drive is internal and is stored horizontally.) When I came back to the PC this morning, the Macrium progress bar was at 100% but there was an error message with a code number, indicating that the image was unable to finish. I took a screenshot but I can’t get to it at the moment, for reasons that I’ll explain later…Now it looks like the “failing” drive can be read just fine on a different PC, while stuff on the “healthy” brand-new SSD is all screwed up.

Hi Cybertooth,

Okay, so the situation was as bad bad with the failing hard drive as I thought. Don’t bother connecting it to any computer at this point. Put back in your original SSD since apparently the new SSD somehow got messed up, and since you initially thought that the original SSD was causing your issues. You have already scanned the original SSD six ways from Sunday to verify that it doesn’t contain any malware.

A NOTE TO ALL: Older versions of Macrium, after you restore an OS image, leave System Restore in a TURNED OFF state! Whenever you restore a Macrium OS image, please remember to immediately check that System Restore is enabled for your restored OS hard drive!

I think that Macrium Reflect may have successfully imaged your failing hard drive, yet at the very end the Windows Volume Shadow Copy Service crashed when it tried to resolve any pending commits to the failing hard drive or to the OS SSD drive.

Did an actual Macrium image get created? If yes, then launch Macrium Reflect, select the image file, and have Macrium verify the image. Verification of a Macrium image is way faster than the time it took to do the backup — like at least 10 to 20 times faster. I dunno because I never thought to time it. Let’s pray that the image verification is successful! If it is, then you can restore the image to a new hard drive.

Heck, even if Macrium fails to verify the image, you could tell Macrium to NOT verify the image before restoring the image to the new hard drive. In this case, Macrium will end up restoring everything which it possibly can. In either case, you will then need to do the following:

After you restore the image to a new hard drive, then you will need to check the new hard drive for errors. You know — right-click on the drive letter, click on Properties, then click on Tools, and then click on Check now… in the Error-checking box. I figure that up to 95% of your data was successfully recovered after doing this error-checking cleanup on the new hard drive.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

Hi GoneToPlaid,

When I went back to it sometime this afternoon, Macrium was unable to see the image of the data drive. It was there in Windows Explorer, but the Reflect software did not find it; as far as Reflect was concerned, it didn’t exist.

Ultimately I deleted the file to make room for the manual file copy (which is still going on, with about an hour to go).

I’ll put the original SSD back into the PC, probably tomorrow, and see what happens.

P.S. Thanks for the tip about resetting System Restore after using Macrium Reflect.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi OscarCP,

I am using three of these Seagate 2.5″ 4TB Backup Plus hard drives as data backup drives. I removed the drives from their USB3 enclosures and mounted them in removable SATA drive caddies. (See the attached photo montage.)

Note that I do not use conventional backup software (Macrium, Acronis, et cetera) to back up to these 4TB drives. Instead, I use ViceVersa Pro to back up my 4TB data drive partitions to these backup drives. I use Macrium only to back up my OS hard drive or to occasionally clone an old hard drive or a hard drive partition to a new hard drive. You see, I constantly think about data overwrite cycles onto backup hard drives, especially backup hard drives which use new technologies such as SMR (see below) and/or lasers to heat the magnetic surface so that the magnetic surface becomes more receptive to recording the flux from the drive’s write head

The upshot is that while SMR and laser technology appears to perform very well in the lab, such technologies could end up having issues in the real world over time. The Windows Disk Defragmenter performs defragmentation in several stages. Hard drive manufacturers must love it since it can prematurely wear out hard drives. Just think about it. During defragging, the hard drive can heat up considerably. If the hard drive gets really warm, then the result can be a lot of “high fly writes” in which the drive head (due to heat) is flying too high over the drive platter when writing data. The result is a significantly weaker recording of the data! Combine that with the way that SMR works. The converse can also occur as well, since by default, Disk Degragmenter is configured to start soon after the computer is booted up. In this case, the drives have not yet reached an optimal operating temperature. And in this case, the results is a lot of “low fly writes” in which data is overly strongly recorded! Both high fly and low fly writes can play havoc with SMR technology.

As noted in the link which you provided, these Seagate 2.5″ 4TB and 5TB drives use Shingled Magnetic Recording (SMR) technology in which all data written to the drive is automatically written sequentially. Thus, very rarely (if ever!!!) defrag SMR drives! See another link about SMR which explains how SMR works. After reading the following link, it should be obvious why you should only very very rarely defrag SMR drives since all data was sequentially written in the first place. Here is the link for the SMR article:

https://www.storagereview.com/what_is_shingled_magnetic_recording_smr

Yet wait a minute. The issues potentially become more severe with the latest helium filled hard drives. Why? Because helium filled hard drives allow the drive heads to float much closer to the drive platters. The upshot is that with helium filled hard drives, the tolerance for the head flying height over the platters is significantly smaller. Helium filled hard drives should be kept spun up all of the time so that they are operating at close to their ideal operating temperatures. In fact, it is assumed that helium filled hard drives will always be spun up all of the time since these high capacity hard drives are meant for use in server and NAS applications in which these hard drives are always online. I guess the overall upshot for this paragraph is: Think before you buy, and think about how you will use it.

I do plan to keep harping to everyone that it is a potentially bad idea to constantly defrag your hard drives, and in particular your OS hard drives. For example, I used one <span style=”font-size: medium;”>Seagate ST3000DM001-1CH166 3000.5 GB hard drive</span>, which is the subject of a class action lawsuit, for a bit over 4.5 years. This drive uses SMR technology. I never had a single issue with this drive since I never defragged it once during those 4.5+ years.

Best regards,

–GTP

 

I compared Cybertooth’s two November 10 screen captures. Here are the numbers, followed by what I calculated:

Cybertooth’s first screen capture, posted on November 10, 2018 at 10:18 am…
Read Error Rate: 6D91B00 hex = 114,891,520 decimal
Seek Error Rate: 324E9D3 hex = 52,750,803 decimal

Cybertooth’s second screen capture, posted on November 10, 2018 at 12:45 pm…
Read Error Rate: 7324330 hex = 120,734,512 decimal
Seek Error Rate: 324FCBD hex = 52,755,645 decimal

HDD Read and Seek Error Deltas after approximately 2.5 hours…
Delta Read Error Rate = 5,842,992
Delta Seek Error Rate = 4,842

The HDD is failing so fast that Cybertooth is going to get only a couple of shots at saving most of his data. Even then, some data may be corrupted. My guess is that his HDD’s platter spindle is failing badly, especially if his HDD uses Maxtor’s defective spindle design.

Cybertooth, is this HDD an internal drive, or is it in an external enclosure? In either case, how is the drive oriented — vertically or horizontally? If the Macrium backup fails, please power off the drive and answer these questions before proceeding with any other attempts to either back up or copy the HDD’s data.

 

4 users thanked author for this post.

Elly, Cybertooth, OscarCP, satrow

I’ve been dealing with this thing all day, which is why I haven’t been posting today. Here’sw what’s happened since last night:

Went to bed making an image of the failing HDD with Macrium Reflect. (@gonetoplaid Since you asked, the drive is internal and is stored horizontally.)

When I came back to the PC this morning, the Macrium progress bar was at 100% but there was an error message with a code number, indicating that the image was unable to finish. I took a screenshot but I can’t get to it at the moment, for reasons that I’ll explain later.

So I decided to start copying the stuff on the HDD by hand, starting with the documents. They copied over to the SSD (C: drive) just fine. Then I moved on to the rest of the files there, excluding the Recorded TV folder which is very large. When the copying process got to a certain file (a 15GB .IMG file for the Kobo e-reader), it said that it needed permission to copy it; I gave permission and it tried to continue but the process failed.

And not only did it fail, but the data drive (the troubled HDD) disappeared from Windows Explorer!

I restarted the PC and started over again. Got to the same file, tried the same thing, and the same thing happened: the E: drive vanished.

Next, I tried rebooting into Windows, this time with the intent to copy around that particular Kobo file. Except that now I got a BSOD that looked exactly like the one described in the first post on this sevenforums.com thread.

Great. Now [what] do I do. So I try rebooting. I get back into Windows and open Windows Explorer–and the miscreant E: drive isn’t there at all!

OK, based on my reading about the BSOD (that wasn’t the only site I read), I decided to boot into Safe Mode, in case it was some driver misbehaving. Got into Safe Mode and tried to open Windows Explorer… and this time it takes a very long time to respond, after which I get a small dialog (or whatever they call it) from Explorer.exe saying that, “Server execution failed.”

Sometime this afternoon (I’ve done so many things that I’ve lost track of the exact sequence), I loaded Kubuntu 16.04 from a DVD, and it too was unable to find the data drive.

Thinking that the problem might be related to the effing HDD, I shut down the PC to take the HDD out. Killing two birds with one stone, I mount the HDD onto a Windows 7 laptop using a USB3 disk caddy, while I reboot the Windows 7 PC with just the SSD in it.

Now get this:

1. The HDD mounted just fine in the laptop. Every time I tried to copy the Downloads folder with that Kobo image on it, it failed and the HDD disappeared from Windows Explorer just as on the original PC. Finally I decided to try to copy everything ELSE on the drive EXCEPT for that .IMG file. There’s a lot of stuff to copy over, but I have managed to copy everything I’ve tried and the TV programs are in the process of getting copied to an external drive. (I’d like to keep my Detroit Tigers playoff and World Series games, especially as it doesn’t look like they’re about to reach the playoffs again anytime soon.)

2. But even more surprisingly, after rebooting into the Windows 7 PC with only the SSD system drive connected, I can’t open Windows Explorer or even the Control Panel. Attempts fail with that same “server execution failed” message. ???

* * *

So the reason I can’t provide a screenshot of Macrium Reflect’s error is that it’s in the Pictures library on the SSD, and I can’t browse the PC with Windows Explorer or open anything on the SSD that requires using the links on the right side of the Start menu. (I can, however, open programs that are on the left side, including the Command Prompt, as well as programs that have icons on the desktop.)

One further data bit: at some point yesterday (Saturday), I looked at System Restore and noticed that it had been turned off and no restore points were available. I re-enabled it and quickly created a restore point. Two further restore points have been created since then. I’ve tried the two most recent ones; the first one didn’t solve my Explorer problem, and the second one failed to “complete successfully.”

I haven’t a clue as to what the heck is going on with this computer. Now it looks like the “failing” drive can be read just fine on a different PC, while stuff on the “healthy” brand-new SSD is all screwed up.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

Somehow my post

https://www.askwoody.com/forums/topic/windows-7-pc-gets-very-sluggish/#post-232318

didn’t show up as directly replying to you. Please read it.

Best regards,

–GTP

 

Cybertooth wrote:

Hi GoneToPlaid, When I went back to it sometime this afternoon, Macrium was unable to see the image of the data drive. It was there in Windows Explorer, but the Reflect software did not find it; as far as Reflect was concerned, it didn’t exist. Ultimately I deleted the file to make room for the manual file copy (which is still going on, with about an hour to go). I’ll put the original SSD back into the PC, probably tomorrow, and see what happens. P.S. Thanks for the tip about resetting System Restore after using Macrium Reflect.

I pray that the manual file copy works. If that hiccups and fails, then I will give you instructions about installing ViceVersa, configuring ViceVersa to ignore errors, and letting ViceVersa do the copying of whatever it can copy from the failing hard drive. I have a feeling that this will be your final chance if the present file copy fails.

It looks like the manual copy worked! I have successfully copied everything that was on the HDD to new places. I opened a sampling of the documents, which are the most critical files, and every one opened fine.

Now on to the SSD. Before moving to replace the new SSD with the old one, what do you think of the approach proposed on this page?

Alternative ideas that make it possible to avoid the replacement are also welcome, of course.

 

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I might suggest trying the old SSD and seeing if it works fine and that you don’t have any Windows Explorer issues. If its all good, then you could use Macrium to again clone it to the new SSD. Have Macrium shut down the computer when the clone completes. Remove the old SSD before firing up the computer with the cloned SSD.

I am delighted to report that, after putting the new data HDD inside the case and booting up with the current SSD, everything appears to be working normally. There were no blue screens, Windows Explorer is working, and the right panel of the Start menu is working.

Because the original issue was surfacing 2-3 days after each reboot, we won’t be sure that it’s completely fixed until sometime Wednesday. But for now, things are looking promising and, after an intense week of troubleshooting and nail-biting, I’m just relieved that the PC is back at full operation.

I hope this doesn’t jinx it, but I want to give my sincere gratitude and appreciation to everyone who participated in this discussion, offering ideas, tips, and information. While the experience with the computer was frustrating, the experience dealing with it here at Woody’s could not be topped.

Thank You!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth wrote:

…Before moving to replace the new SSD with the old one, what do you think of the approach proposed on this page? Alternative ideas that make it possible to avoid the replacement are also welcome, of course.

I went down the rabbit hole suggested by the link you posted. I DO believe this will solve your problem of getting the “server execution failed” message. There is a link to a MS KB article on the site you referenced above, and I went there as well for further clarity on the procedure.

However, before making the changes listed in the Microsoft KB bulletin (KB886549), make sure the listed default location actually exists in the first place.

To do so, go to the command prompt, which should drop you at C:\Users\(your username). If it doesn’t, then navigate to it by first typing “cd\” then typing “cd users\(your username)”. Once there, simply type the directory command, “dir”. That will give you a list of all the files and folders in that location. If a “Documents” folder is listed, you’re all set to proceed. If not, then simply add it back in with the command “md Documents” (without the quotes, of course). Please notice there is a space between the letters md and the beginning of the word Documents.

Once you’ve verified the existence of the folder or have successfully created it, then proceed as directed on the Microsoft Knowledge Base page I linked to above. That should “cure” your error with Windows Explorer.

I’m guessing that the reason for the error is that Explorer is being told where it’s supposed to find key core components of it’s functionality and when it can’t find one or more of them, it probably comes to a grinding halt because it doesn’t know what to do next.

BTW, once you’ve restored the “pointers” within the registry and put this hiccup behind you, feel free to install the new SSD you’ve acquired as @GoneToPlaid has suggested and use it as your new data drive.

HTH

R/

Bob99

EDIT: Congratulations to @Cybertooth on being able to get the computer fully “upright and functional”. He posted his results while I was typing and researching my response above. 🙂

1 user thanked author for this post.

Cybertooth

A correction to something I said in post #232298: the internal drives in this PC are kept in a vertical position, not horizontally. I misspoke (miswrote?).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

SSD’s can be mounted in any orientation as there are no ‘mechanical’ parts. However, when it comes to HDD’s, I’ve always mounted them on the horizontal plane in PC’s. AT, ATX, uATX etc are industry standards which have horizontal bays for HDD’s.

I don’t think I’ve ever seen a HDD mounted on the vertical axis which may, or may not add gravitational stress to the HDD reading arm. Interesting you should mention that..

Windows - commercial by definition and now function...

The specifications for all of the conventional hard drives (as opposed to SSDs) I’ve read all say it’s fine to mount the drives in a vertical orientation.  The effect of gravity on the arm is minimal compared to the actual force it generates to seek anywhere on the drive in a hundredth of a second, and they self-align to the servo track(s) on one or more of the platters anyway, so there won’t be any trouble finding the correct track after the first seek.

It would not hurt to check with the manufacturer regarding permissible mounting orientations if you’re nervous about it.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

GoneToPlaid

I agree. That is why I mentioned that it was many years ago when there was a debate about mounting hard drives vertically, since back then self-align technology didn’t exist. You are entirely correct that the G forces on the actuator arms during movement far exceed G. Regardless of the hard drive’s orientation, the most important thing is to make sure that the drive is mounted securely. I am very keen about using four screws when installing a hard drive, so as to minimize all operational vibration.

Years ago there was some debate about whether or not it is okay to mount hard drives vertically. Personally, I have never been keen about mounting hard drives vertically since it adds gravitational stress to the platters (cyclic motion into and out of a gravity well). On the other hand, I have seen many major brand desktop computers in which the hard drives are mounted vertically.

Not to mention the major brand high-availability datacenter servers and storage systems where disks were mounted vertically… could name several models from NetApp and HP that I’ve personally used that were like that.

Though not all disk models were certified for use in those.

Why is GoneToPlaid not an MVP here? Shouldn’t he be? I think he should be.

1 user thanked author for this post.

Cybertooth

I agree 150%.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Sessh

A follow-up on my question in #232330:

I checked my registry against the default values listed on the page that’s linked to in that post. The only difference is that the value for Personal (in both places) is set to E:\Documents E.

Currently there isn’t a drive E: installed. This deviation from the default couldn’t possibly be causing that “server execution failure” error… or could it? If it is, then the solution could be as simple as installing the replacement data drive and designating it as drive E:.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Oy, wow was that repercussion for Shingled Magnetic Recording ever disclosed on a box or in easily accessed literature for end users? Thank you for sharing your knowledge.

GoneToPlaid wrote:

The upshot is that while SMR and laser technology appears to perform very well in the lab, such technologies could end up having issues in the real world over time.

Do you have any data to substantiate this or are you just being paranoid?

GoneToPlaid wrote:

after discovering that Seagate’s 3TB hard drives are the subject of a class action lawsuit.I had a few of the Seagate 3TB hard drives which are at issue. My only saving grace which prevented failure was that I never defragmented any of my 3TB hard drives in nearly 5 years of operation.

Again, how do you know this? A sample size of one does not a study make.

cheers, Paul

Toshiba, unlike many of its competitors, is not yet willing to use SMR in any enterprise class products. HAMR technology is just beginning to come to market. The Seagate ST3000DM001 drive doesn’t have a rotational vibration sensor to counteract excessive vibration in heavy use scenarios. Defragging a hard drive is a heavy use scenario. As mentioned, I never defragged my Seagate 3TB hard drives — not once — during the nearly 5 years of operation.

MVP Edit: Removal of HTML

I am delighted to report that, after putting the new data HDD inside the case and booting up with the current SSD, everything appears to be working normally. There were no blue screens, Windows Explorer is working, and the right panel of the Start menu is working.

Because the original issue was surfacing 2-3 days after each reboot, we won’t be sure that it’s completely fixed until sometime Wednesday. But for now, things are looking promising and, after an intense week of troubleshooting and nail-biting, I’m just relieved that the PC is back at full operation.

I hope this doesn’t jinx it, but I want to give my sincere gratitude and appreciation to everyone who participated in this discussion, offering ideas, tips, and information. While the experience with the computer was frustrating, the experience dealing with it here at Woody’s could not be topped.

Thank You!

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

GoneToPlaid, geekdom

How’s the kernel activity looking now?

1 user thanked author for this post.

geekdom

Yeah, that is a good question. Let’s hope that Cybertooth reports that there are no more long kernel spikes. I am still wondering if Cybertooth will still see memory usage growing for any processes other than web browsers. I still think that this issue was a side effect of the failing hard drive.

1 user thanked author for this post.

satrow

@satrow, I’ll monitor this and see what it looks like.

In the less than two minutes since I opened Task Manager, kernel activity has been pretty steady at <= 4%, with just one brief jump to 12% when I launched the Resource Monitor.

BTW, I’m curious: what does kernel activity (or spikes) indicate?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

The red line indicates kernel activity. See Wikipedia:

https://en.wikipedia.org/wiki/Task_Manager_(Windows)#Performance

The upshot is that the OS only allows highly trusted stuff to run in kernel mode. Stuff like device drivers, core parts of the OS, core parts of antivirus software, et cetera.

Best regards,

–GTP

 

2 users thanked author for this post.

satrow, Cybertooth

Kernel activity according to Task Manager has been very low–lower than I remember it being before switching HDDs. Generally sticking to the less than 4 percent range, with smaller and less frequent spikes.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

satrow

(Trying to make this digestible, I only have a rudimentary understanding of the intricacies of Windows Internals, it’s not going to be close to 100% accurate.)

Kernel activity indicates mostly directly controlled hardware level activity at a higher CPU Priority than given to User Applications, the main upshot of ‘higher’ % kernel activity is that anything at a lower CPU priority will have to wait longer in a queue until there’s an available Thread to use; added to this, anything else that needs to access the same driver/hardware functions will also face an extended wait – thus my earlier comparison to ‘lag’ – the higher the kernel %, the longer before your actions, or those of the software you’re running, will take effect.

Task Manager, and many of the similar 3rd party software, runs at High Priority, they can ‘interrupt’ or jump the queue much faster than an ‘ordinary’ program.

The CPU regions are often shown as ‘rings’, the innermost ring, Ring 0, is the kernel, the most privileged and protected zone; outside that, Rings 1 and 2 are mainly hardware drivers and Security software drivers; the applications we all use daily on the Desktop have low privileges and usually Normal Priority and are loaded in the outer ring, where they are prevented from directly accessing anything from the inner Rings to prevent crashes/blue screens, etc.

https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/user-mode-and-kernel-mode

https://en.wikipedia.org/wiki/Protection_ring#SUPERVISOR-MODE

https://en.wikipedia.org/wiki/Hybrid_kernel#NT_kernel

https://docs.microsoft.com/en-us/windows/desktop/ProcThread/scheduling-priorities

1 user thanked author for this post.

Cybertooth

Thanks @satrow for the explanation. I understand the concept now a lot better than before.

BTW kernel activity this morning is the same as last night: quiet and uneventful.

This thread plus last week’s thread about Linux/Windows networking have been quite an education!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

This is splendid news! It sounds like your remarkable persistence throughout this long ordeal has finally paid off.

1 user thanked author for this post.

Cybertooth

One quick take-away from this thread (and I’m figuratively looking in the mirror while I type this) – ALWAYS give the complete hardware and software picture when initially presenting the issue.

It’s very easy to let our own biases control the information we present; I probably wouldn’t have initially mentioned the existence of the separate (and later determined to be dying) data drive if I were Cybertooth – after all, it looked like something Windows-related, and that was certainly confined to the boot SSD, right?

3 users thanked author for this post.

Bill C., Cybertooth, satrow

Also: hardware trumps software – ensure the hardware is fully functional at the basic, non overclocked level first.

2 users thanked author for this post.

Bill C., Cybertooth

jabeattyauditor wrote:

One quick take-away from this thread (and I’m figuratively looking in the mirror while I type this) – ALWAYS give the complete hardware and software picture when initially presenting the issue. It’s very easy to let our own biases control the information we present; I probably wouldn’t have initially mentioned the existence of the separate (and later determined to be dying) data drive if I were Cybertooth – after all, it looked like something Windows-related, and that was certainly confined to the boot SSD, right?

Now that was a really good post. I totally agree. Were I in Cybertooth’s shoes and if I was using a SSD for my OS drive and if I had also seen steadily increasing memory consumption by running processes, then I too would have initially assumed that either the OS SSD was having issues or that the OS’s SSD drive may have become infected by malware. Either was what many of us suspected.

All of us should thank Cybertooth for being so relentless in terms of further communicating his issues, along with all steps which he took.

The upshot is that this episode should become an important “case file” so that step by step procedures can be developed in order for anyone to provide important and useful information to us about their computer and its hardware, yet also how to properly sanitize the useful hardware reports so as to not disclose any confidential information. I had sent a PM to Cybertooth about how to use Piriform’s Speccy to output a text file about his computer, and about the steps to then take in order to remove any confidential information before uploading the Speccy output for all of us to examine.

I wish that I could upload my simple TXT file instructions, along with an example of a sanitized output from Speccy for my main computer, but I can’t since the forum does not allow either ZIP or TXT file attachments.

 

1 user thanked author for this post.

Cybertooth

@gonetoplaid laments

I wish that I could upload my simple TXT file instructions, along with an example of a sanitized output from Speccy for my main computer, but I can’t since the forum does not allow either ZIP or TXT file attachments.

This sounds very useful. Pasting the .txt inline as an OP for a new topic in
https://www.askwoody.com/forums/forum/askwoody-support/pc-hardware/questions-how-to-troubleshoot-hardware-problems/
would make such instructions easier to find at some future event. Adding a screenshot should be possible as well.

It happened again.

This morning I went back into the office and clicked on the Notification Area arrow/triangle to check on things, when the Taskbar went gray again and the spinning circle spun within the box of the Notification Area.

Eventually that settled down and my next step was to open a new browser. Sure enough, while the browser (in this case, Brave) did launch, it could not get to the home page. Browsers that were already open (IE11, Pale Moon) could not refresh their open tabs.

Kernel activity in Task Manager was very low, in the 1-3% range.

So it wasn’t the failing HDD.

As this thread is already extremely lengthy, I propose to the mods that we move any discussion stemming from this post over to a new thread, which we could title “Windows 7 PC gets very sluggish, Part 2”, linking back to this one for reference

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

Please list what third party plugins are installed in your web browsers. In particular, I am curious about any plugins which were installed by Bitdefender.

Best regards,

–GTP

 

Hi GoneToPlaid,

Here’s a screenshot of the Pale Moon plugins:

The add-ons list for IE11 is much longer but almost all of them have been in there for several years. There are no add-ons associated with BitDefender.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Do you ever use Silverlight for anything? I never have. I uninstalled Silverlight a years ago, and then I hid 16 attempts by Microsoft to reinstall Silverlight onto my Win7 computers via Windows Update.

Also, I never installed the Foxit PhantomPDF plugins into my web browsers. Instead, I configured my web browsers with the choice of either downloading a PDF or to open a PDF within Foxit instead of within the web browser. I am very careful about what plugins I install into my web browsers since I have encountered a few plugins in the past which have memory leaks. These memory leaks, even when the web browser was doing absolutely nothing (just sitting there on the Google search page and with no other open tabs), would cause the web browser’s memory usage to grow over time. Eventually the web browser became so sluggish that it was unusable.

Try disabling the Foxit plugin in your Pale Moon browser.

It’s installed on this PC, but TBH I don’t remember ever needing it for anything. Do you suspect that it could be a source of the troubles?

Your question about plug-ins got me thinking about the ones I have installed. There is one plug-in that’s given me some grief in the couple of years I’ve had it: the Foxit PhantonPDF plug-in. I like it because it’s one of the very few plug-ins I’ve found that will let me print a Web page while preserving the hyperlinks on the page. But for a while it was occasionally causing crashes on some sites, and although that hasn’t happened for a long time I have to consider it a possible suspect. As a test, I’ve disabled it in IE11 and PM.

I will also disable Silverlight now and monitor developments. If the problem doesn’t come back after a couple of days, I’ll re-enable either Silverlight or the Foxit plug-in and see which of them is responsible.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

OK, things have taken a turn clearly for the worse. I rebooted just this morning, and tonight already the Taskbar has grayed out and programs are having a hard time opening, with “Not Responding” notices on the title bar. (I can still get on the Internet, for now.) As I’ve been reporting, up until today this was happening a couple of days after a reboot.

Update: Within 20 minutes of writing the above, I could no longer access the Internet and launching programs kept getting slower. So I had to reboot, this time less than 11 hours after the previous reboot.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth wrote:

It’s installed on this PC, but TBH I don’t remember ever needing it for anything. Do you suspect that it could be a source of the troubles? Your question about plug-ins got me thinking about the ones I have installed. There is one plug-in that’s given me some grief in the couple of years I’ve had it: the Foxit PhantonPDF plug-in. I like it because it’s one of the very few plug-ins I’ve found that will let me print a Web page while preserving the hyperlinks on the page. But for a while it was occasionally causing crashes on some sites, and although that hasn’t happened for a long time I have to consider it a possible suspect. As a test, I’ve disabled it in IE11 and PM. I will also disable Silverlight now and monitor developments. If the problem doesn’t come back after a couple of days, I’ll re-enable either Silverlight or the Foxit plug-in and see which of them is responsible.

Silverlight is just another potential security hole. Years ago I had to have it for only one particular web site which now no longer uses it. I recommend uninstalling Silverlight. It now has been several months since Microsoft has tried to push Silverlight to me via Windows Update. I guess they gave up on this dead horse.

I too need to print web pages as PDFs which preserve the hyperlinks within the PDF. Other solutions instead of PhantomPDF are available.

Best regards,

–GTP

 

All right, it’s been just under 11 hours since Silverlight was uninstalled and the Foxit PhantomPDF plug-in was disabled. That’s about the length of time the PC managed to go yesterday before needing to reboot, although we’ve already gone longer than that since the last reboot. If it doesn’t screw up in the next hour or two, the next critical point will be Friday evening.

@gonetoplaid, what solutions for preserving hyperlinks in a Web page printed to PDF have you found? The only other one that I know of is Adobe Acrobat, but I’ve been avoiding their newer versions because of their cloud push (which is why I switched to Foxit).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

RAM usage is practically unchanged since last night when the Foxit plug-in was disabled and Silverlight was uninstalled. I have deliberately kept all the same programs and browser tabs open since then.

The plug-in is my main suspect.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

geekdom

I don’t much like FoxIt, but I did use the free package briefly to complete forms. It got installed, used, and uninstalled. If your problem is the FoxIt plugin and you need it from time to time, enable it, use it, and then disable it. (If it were my computer, I would remove the FoxIt plugin after use.)

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Cybertooth

Now that is sounding quite good! I have a strong feeling that the Foxit web browser plugin has been part of your issue. Why do I say so? Because, given the version of Foxit PhantomPDF which you have, a memory leak issue in the free version of around the same version 2.x number was subsequently fixed in a later version 3.x. Memory leaks in various versions of Foxit seem to be a bit of an occasional yet recurring thing. Simply Google (without quotes) “foxit pdf memory leaks”. I use Foxit PhantomPDF at home, and it is used at the law office as well.

I am glad to hear that you don’t use Silverlight for anything. Given its history of security holes and near zero adoption, I am glad that you dumped it.

Now here is the really cool thing about this drawn out attempt to resolve your issues: Due to your persistence and your continued posts, we managed to separately identify that you had a failing hard drive which literally could have completely failed at any time.

1 user thanked author for this post.

Steve

You’re totally correct about that! Chances are that the HDD would have gone on to fail completely with nothing having been done about it. So this discussion has been incredibly valuable even if the original problem doesn’t get solved.

BTW thanks for the info about the Foxit memory leak, I wasn’t aware of that. I’ll look up the issue’s history and also see if there’s an update available for the version I use.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth wrote:

… @gonetoplaid, what solutions for preserving hyperlinks in a Web page printed to PDF have you found? The only other one that I know of is Adobe Acrobat, but I’ve been avoiding their newer versions because of their cloud push (which is why I switched to Foxit).

I generally use the free version of PrimoPDF since it does in most instances preserve hyperlinks when using PrimoPDF to print a web page as a PDF document. Note that this free version of PrimoPDF hasn’t been available for some time, yet I have its installer. Also note that PrimoPDF included an installer for OpenCandy. OpenCandy is malware which has not been functional for some time. OpenCandy is readily detected and removed by any decent antivirus program. The upshot is that, even though PrimoPDF includes two DLLs which would attempt to install OpenCandy, now nothing happens. Thus I keep using PrimoPDF since it works nearly all of the time in terms of preserving hyperlinks when it creates PDF files from web pages. I have even allowed PrimoPDF to be used at the law office since OpenCandy is dead, and since PrimoPDF simply works so well. I would have to Dropbox the installer to you.

 

1 user thanked author for this post.

Cybertooth

Cybertooth wrote:

… @gonetoplaid, what solutions for preserving hyperlinks in a Web page printed to PDF have you found? The only other one that I know of is Adobe Acrobat, but I’ve been avoiding their newer versions because of their cloud push (which is why I switched to Foxit).

Hi Cybertooth,

I trashed my previous reply to your question so that I could post this updated reply. Unbeknownst to me and apparently in 2015, Nitro replaced their free PrimoPDF which contained OpenCandy with the exact same thing yet without the OpenCandy DLL (ocsetuphlp.dll). The download link on Nitro’s web site is the “Download Free” button near the top left of the following page:

http://www.primopdf.com/

The download link on the above web pages takes you to this CNET page:

https://download.cnet.com/PrimoPDF/3000-10743_4-10264577.html?part=dl-10264577&subj=dl&tag=button

I downloaded this latest installer. The installer does not include a CNET wrapper. Then I extracted its contents and compared its contents to the contents of the installer which I had download in March 2012. All of the files in both installers are identical, except that the latest installer does not include the OpenCandy ocsetuphlp.dll. The only other change is that Nitro changed the time stamps for most of the files in the latest installer from 2009 and 2011 to 2015.

After installing PrimoPDF, go to its Options settings. Under Check for Updates >> Updates, turn off checking for updates. Under Check for Updates >> Streamline, do not enable “Allow PrimoPDF to run Streamlined” since this feature no longer works.

PrimoPDF behaves like a printer. You can change other settings for PrimoPDF by going to Devices and Printers and changing the printing preferences, just as you can for any other printer.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

Had to reboot again this morning.

Even though the Foxit PhantomPDF plug-in was disabled, “working memory” RAM usage for Pale Moon grew overnight from 471KB to 620KB.

All the other usual symptoms were in evidence: inability to reach the Internet, grayed-out Taskbar, slow opening of programs and closing of files. Clicked on the Start menu and it didn’t do anything beyond turning bright, so I couldn’t even shut down Windows the usual way, had to do it using Ctrl-Alt-Del.

I’m thinking of loading a Linux live CD on this computer for a couple of days to see what happens.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

What version of palemoon are you using?
There’s a new version out today: https://www.palemoon.org/releasenotes.shtml

Windows - commercial by definition and now function...

2 users thanked author for this post.

Cybertooth, satrow

Wow, there’s another one already?

I used the quiet period between the two previous reboots to install version 28.2.0 (32-bit), on Wednesday I think it was.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

The browser isn’t working at a kernel level, so while plugins can slow it down, it should not slow down the OS itself.  If you’re getting slowdowns in things like the taskbar, it’s either CPU being maxed out (which you already ruled out), a serious bug that is allowing a userspace program to intrude on the kernel, or it’s some issue that affects the kernel directly (driver, hardware, OS code itself).

Since it wasn’t the HDD (dangit), the thing about using a live USB to test it would be the next thing to try IMO, and then if it passes that, on to driver verifier in Windows and/or process of elimination.

The fact that inability to reach the net always happens with this seems to be a clue.  What kind of connection to the internet are you using from the PC end (meaning ethernet, wireless, etc., and what kind of adapter)?

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Cybertooth

It’s a wired Ethernet connection. FWIW, it’s fiber optic service (Verizon FiOS) but we’ve only had this service for a month or so, and the issue with this computer predates the arrival of FiOS.

Device Manager reports my NIC as:

Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)

I must confess, historically I haven’t had great success updating drivers on this PC. About four years ago I updated the Broadcom wireless LAN driver (which is seldom used), and the computer developed an enormous memory leak that would take up half of the RAM; when I reverted to the original driver, the problem went away. And this summer, when Norton suddenly stopped getting virus definitions, Norton tech “support” suggested I update the video driver (?!). That resulted in a BSOD and the installation of BitDefender in Norton’s place.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Updating the video driver should not cause a BSOD, so that’s a bit worrisome.  I don’t know that it is related, but there’s something amiss there.

In terms of drivers, Atheros (and its new owner, Qualcomm) chooses to put its customers at risk by not making drivers readily available to the public, telling them instead to go to their OEM for drivers.  This forces people to look to alternative (and potentially risky) sources when their OEM has stopped providing new drivers for a given PC (which is usually pretty quick– often the ones the unit came with from the factory is all you’ll ever get from the OEM). Telling users to go to OEMs that don’t care about a product once the warranty ends isn’t helpful to them.

On older cards like yours, it can be a problem because all of the manufacturers typically do this, so where are you going to get the drivers even if they are produced by the OEM?

Fortunately, the drivers are signed, so at least in theory, if they are altered, they will not be installed or will pop up a scary looking warning if you attempt to (depending on which version of Windows) install an unsigned driver.

Let me see if Woody is okay with me suggesting the place I use in a public message.

 

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Cybertooth

Okay!  Got the okay from Woody, so long as I include the caveats.

There’s a site I’ve been using for several years to get Windows drivers that I can’t get from the OEM (which is lots of them).  It was instrumental in getting Windows 7 and 8.1 on my Core 2 Duo laptop that only came with Vista!  It’s a French site, called station-drivers.com.  I’ve never had any malware or other problems with the site.  I wish I could remember who suggested the site, but it had to have been what I considered a trusted source, or I would not have paid any attention.

Norton reports the site as safe, FWIW.

Still, use caution whenever getting drivers from anywhere other than the OEM.  They should be okay as long as the signature is intact, but caution is always well-advised.  If QC/Atheros would just make them available (while explaining that it is best to get them from the OEM if possible), we wouldn’t have to resort to third-party sites, but they’re far from the only OEM at fault for that.

There are several new drivers for the Atheros card in question at the site.  That’s the link for the 64-bit version– I didn’t see if you posted the bitness of your Windows installation.  You may want to give it a try.  It’s up to you!  If the problem is in the driver for your NIC, this might fix it.

I would also disable the wifi in Device Manager while testing the wired Ethernet.  A driver can still cause issues even on in inactive connection if the device is enabled.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Cybertooth

Ascaris wrote:

The browser isn’t working at a kernel level…

I think that Ascaris is correct in terms of the Pale Moon browser. Microfix mentions that a new version of the Pale Moon browser was released today.

1 user thanked author for this post.

Ascaris

I agree with the memory leak theory. If it takes time to occur, that would be my guess. I’ll mention a few things hoping someone didn’t already mention. I haven’t fully read all the details.

Check all programs launching at startup. Remove what you don’t need. Check the old start menu programs startup folder and the 2 registry entries.

hklm AND hklu\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Bios update and disabling temperature sensors in bios.

Disable or remove all browser add ins.

Red Ruffnsore

1 user thanked author for this post.

Cybertooth

I just removed three items from startup (Adobe Acrobat, AcroTray, and the Catalyst Control Center), and checked the registry keys you suggested. Everything that’s there is supposed to be there, no “strangers” found.

Also unchecked several Norton-related items that were showing up in Autoruns.

It probably violates proper diagnostic procedure to make these changes on top of the other ones I’ve just made to take effect on the next reboot, but I’ve been dealing with this issue for weeks and the problem typically takes days to recur. Grrr!!!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Here is another idea that does not take long to check, it does sound like a memory leak type of problem, although in first post you mention checked Task Manager and no unusual cpu or ram usage is noted. Idea is just check if KB3078667 is installed: Control Panel – Programs and Features – left panel top View installed updates, right top Search KB3078667. If not check:

https://support.microsoft.com/en-us/help/3078667/system-malfunction-because-memory-leak-occurs-in-dwm-exe-in-windows-7  –  just read to see if sounds maybe is problem?

download link:   https://www.microsoft.com/en-us/download/details.aspx?id=48615

if when computer slows down again, can you post a screenshot of the Task Manager Processes tab, so that we can all visualize the cpu and ram usage, be sure to sort the highest usages at top.  Just some ideas, hopefully not dead end rabbit holes.  Good Luck.

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

Cybertooth

I would also be interested in seeing the performance tab, or its contents at least.  Seeing how the Total, Cached, Available, Free memory stack up (when its having a problem) might give a clue if it is memory related.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Cybertooth

So that we have a baseline (more or less; the system has been up for 13+ hours since the last reboot), here are the RAM figures as of this post:

Physical memory (MB)
Total 12174
Cached 5216
Available 7618
Free 2652

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

After some thinking, another idea is to run the built in Windows Memory Diagnostic Tool to test the physical hardware, remember, check the hardware also. Here is a link with pictures, note the first picture shows Windows 10 Start Search, but just type into the Windows 7 Start Search programs and files for:  ‘ Windows Memory Diagnostic ‘ = it will ask to reboot and takes some time.

https://helpdeskgeek.com/how-to/troubleshoot-ram-with-windows-memory-diagnostic-tool/

If you had a failing Hard Disk Drive earlier, maybe the actual RAM sticks are failing also ?

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

Cybertooth

I ran hardware diagnostics last, week, I think. Everything checked out seemingly OK… including the HDD that turned out to be failing!

But I guess it can’t hurt to try testing the memory again the next time a reboot is necessary.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

https://support.microsoft.com/en-us/help/3078667/system-malfunction-because-memory-leak-occurs-in-dwm-exe-in-windows-7%C2%A0  =  BAD Link above

remove  %C2%Ao  =  extra underline somehow added _

https://support.microsoft.com/en-us/help/3078667/system-malfunction-because-memory-leak-occurs-in-dwm-exe-in-windows-7

see if that works, or just search for  KB3078667

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

Cybertooth

Turns out that KB3078667 isn’t installed on this PC. However, while that patch has to do with dwm.exe, I’ve noticed in the last few days that there’s another process that begins to eat up increasing amounts of memory along with Pale Moon: the svchost.exe “Network Service.” Looking at the PID associated with this process, it’s 1884 and the following services are listed under it in Task Manager:

CryptSvc

Dnscache

LanmanWorkstation

NlaSvc

TapiSrv

Fifteen minutes ago, I took down the amount of “working set” RAM used by this process; it was at 267K.  Now it’s at 272K and trending upward.

Wonder if this could have something to do with what’s going on in this computer.

Update: A half-hour after posting this, Working Set RAM for svchost.exe (Network Service) is now up to 284K. I also see that CPU usage by this process is at 13%, with occasional drops to 0%.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

Please do go ahead and install KB3078667 since it is a required fix for its specific issue. I have KB3078667 on all of my Win7 computers since 2015. Just because a message box isn’t displayed, this doesn’t mean that memory can’t be eaten up over time even if a message box never gets displayed, even though the hidden message box would be displayed over time.

Here is the link for the KB article about KB3078667:

https://support.microsoft.com/en-us/help/3078667/system-malfunction-because-memory-leak-occurs-in-dwm-exe-in-windows-7

And here is the Update Catalog link:

https://www.catalog.update.microsoft.com/Search.aspx?q=KB3078667

Again, please install KB3078667 so that we can either see if this resolves your issue, or so that we can rule out the lack of KB3078667 being installed as being the cause of your issue.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

Hi GoneToPlaid,

I downloaded KB3078667 and went to install it, when Windows told me it was already installed.

So I did yet another search in Update History, and indeed it was nowhere to be found. But this time I also performed a search under Installed Updates… and there it is, installed on 9/20/2015.

This is so maddening. Why can’t both of these functions (Update History and Installed Updates) give consistent information??? It would have saved time and effort for everyone participating here. Having looked under Update History and not finding it, why would one think to also look under Installed Updates? (In my case, it was done out of frustration.) After all, logically speaking, if it’s not in the update history it means that it’s never been installed. Or so you’d think…

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Update History is not a good indication of what updates are installed.
If an update is installed through WU and you subsequently uninstall it, the uninstall is not recorded in WU history. But if you then reinstall the update through WU, it will show up twice in Update History. If you wipe the datastore, say to fix WU, (or some event does it for whatever reason) the history is erased. Then again it does not necessarily reflect what is actually installed.

Always use Installed Updates if you want to see what is installed on the computer.

3 users thanked author for this post.

Elly, Steve, Cybertooth

Much appreciate the info. So, the link that they put closest to the update installation button (“View update history”) is the less reliable of the two, and the link that’s tucked away over in the left corner (“Installed Updates”) is actually the more reliable one.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

If you are going to install this update, it will probably need a PC restart (they usually do), so this would be a good time to separate out the services into separate processes so that you can see which of these services it actually is giving a problem. I described this at the end of my post https://www.askwoody.com/forums/topic/windows-7-pc-gets-very-sluggish/#post-230785  a couple of weeks ago.

Also as you may have some combination of Windows Explorer (explorer.exe) and network problems, I have just checked my Windows Firewall settings and I have a Block outgoing access rule for all protocols and ports for “explorer.exe”.

I do not remember adding this, so this must have been there for some time. It is unlikely that I would have added this myself manually because it would not have occurred to me that Windows Explorer would need to make internet access so why would I need to set a rule for it pre-emptively. More likely is that “explorer.exe” did make such an outgoing access attempt for some reason and my Windows Firewall Notifier (WFN) (similar in functionality to the better known Windows Firewall Control (WFC)) would have blocked this by default and given me a notification. In the current climate of telemetry/spyware/invasion of privacy not thinking of an obvious reason to allow this access I would have used the notification interface to set the Block outgoing access rule. With an explicit rule in place I will have not received any later notifications of such accesses. I am not aware of any side-effects due to this Block rule, but I am just a basic home PC user not doing anything particularly complicated.

Anyway I don’t know if this is relevant in your case, but if your “explorer.exe” is making outgoing accesses for some reason and these are failing does “explorer.exe” freeze in some sense while waiting for a response to this failing outgoing access? I don’t know. Just a guess!

If you were to block the access, would the transaction end immediately avoiding any freeze observable to you as the PC user? Again I don’t know, but this might be worth a try. (Of course if you have more complex requirements needing “explorer.exe” outgoing accesses for some reason, then this would be a non-starter.)

HTH. Garbo.

1 user thanked author for this post.

Cybertooth

Thanks, Garbo.

I went back to your earlier post and followed the instructions to separate the processes for PID 1884. As you said, that should take effect after the next reboot. The processes involved are the ones listed in post #233963.

Will install CleanMem after that next reboot (and reboot again right away if you think it’s necessary for CleanMem to work optimally).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Referencing post #233968:

As of the post you’re reading (some eight hours later), the RAM numbers are:

Cached 5666

Available 7186

Free 1660

Working Set memory for svchost.exe (Network Service) is at 425K, with CPU usage still at 13% most of the time.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

@Cybertooth –

Above, in post 233881, you mention that your NIC is shown as an Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20).

Well, I googled your NIC and the first hit that came up was from Dell, for a driver for the NIC. So, to quote the “legendary” commercial from back in the day, “Dude, you got a Dell?” If the computer in question for this thread is indeed a Dell Inspiron 5xxx / 7xxx series or a Vostro Notebook 3xxx series, then you may want to go get the latest driver for your computer and install it. As you’ve pointed out above, the memory leak is coming from processes that are all networking-related. The page from Dell is right here: https://www.dell.com/support/home/us/en/04/drivers/driversdetails?driverid=t83w4

There were other pages listed as well, some from sites you don’t really want to go to for drivers, as they’re possible candidates for having “wrappers” or other types of crapware bundled with the driver. I also got a hit for the MS Update Catalog, but the drivers for Win 7 were all dated September and December 2011, which might be older than what you’ve already got installed. The driver listed on the Dell page was last updated in September 2013.

This brings to mind another thing you may want to try with help from others here such as @Ascaris or @GoneToPlaid. Go to you computer mfr.’s web site (no matter if it is Dell or HP or Alienware, for example) and find a copy of the driver you currently have and install it. The driver may simply have some issues that Windows may be unable to repair, but “reinstalling” a fresh copy of the same version may help clear things up. Just a thought.

I came to the above conclusion (of a bad driver) after reading the post above from @Ascaris, and your subsequent post about which specific services are tied in with the svchost process that’s leaking the memory.

R/

Bob99

1 user thanked author for this post.

Cybertooth

Bob99, thanks for the ideas. The computer is an HP. Here’s the drivers page for it. Apparently there’s no new NIC driver (the new wireless adapter driver being offered is, I think, the one that led to a huge memory leak for me a few years ago).

I didn’t realize you could install a driver over itself. This’ll be another new thing to try after the next reboot.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Thanks for the feedback, @Cybertooth . However, before getting into replacing drivers, please pursue @GoneToPlaid ‘s advice in his post just below this one, post #234040.

Cybertooth wrote:

My Windows 7 computer has had an annoying issue in recent months. A few (2-3) days after a reboot, both Internet browsing and Windows Explorer start getting very sluggish…

The PC is Group B, updated through the September patches (haven’t yet applied the recently green-lighted October set). What could be causing this? Web searches haven’t been particularly helpful because I have twin problems and everything I’ve found refers to one OR the other of these issues, but not both together.

Hi Cybertooth,

All of my Win7 computers are Group B, yet they are updated only through August. Perhaps there is an issue with the September security only update? Just a thought, yet I don’t think that this is the case since you mentioned that this issue has been occurring in recent months.

I now remember that in 2016 I had a similar issue on one of my Win7 laptop computers. Things would get slow when using Firefox, and then Panda AV would start popping up occasional messages that Panda had lost its Internet connection to Panda’s cloud servers. Whoa! I knew something was wrong. I had a hunch that it must be Windows telemetry when I saw that the maximum number of HTTP connections was exceeded. Sure enough, I discovered that in 2014 I had accidentally installed KB2952664. And sure enough, KB2952664 was periodically and silently getting updated when I would check for updates. There were 10 versions of KB2952664 on the laptop. Obviously the latest installed version had issues.

Let’s perform a “sanity check” to make sure that you don’t have any of the three infamous telemetry updates installed on your computer. Please see my post and Dropbox link for CMD files which can check if these telemetry updates are installed, and optionally to remove all installed instances of these telemetry updates. See:

https://www.askwoody.com/forums/topic/kb2952664/#post-172871

Note that my Dropbox KB2952664 folder has been replaced with the following folder name:

WIN7 — KB3150513, KB2952664, KB2977759

There are two CMD files in the above folder. One CMD file simply checks if any of these three telemetry updates are installed. The other CMD file does the same thing, and then gives you the option to have the CMD file automatically remove all installed instances of these telemetry updates.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

Hi GoneToPlaid,

That is a VERY cool pair of CMD files you created. Your instructions are a model of clarity.

According to the results, none of the telemetry updates is installed on this PC.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

Okay. So now we have ruled out the possibility that Microsoft telemetry might possibly be the cause of your issues. I think that we should focus on your network card and wireless card drivers.

Best regards,

–GTP

 

Cybertooth wrote:

Bob99, thanks for the ideas. The computer is an HP. Here’s the drivers page for it. Apparently there’s no new NIC driver (the new wireless adapter driver being offered is, I think, the one that led to a huge memory leak for me a few years ago). I didn’t realize you could install a driver over itself. This’ll be another new thing to try after the next reboot.

Hi Cybertooth,

Could you go to Control Panel >> Device Manager, and then for both your NIC and for your Wireless adapters and after double-clicking on each of these devices, post screen captures similar to my attachment? I ask since I want to make sure that I can find the latest drivers which precisely match the device IDs for your NIC and Wireless adapters.

Have you ever allowed Windows Update to install hardware drivers? I hope not since I have had past issues with Microsoft thinking that they know best — versus the actual manufacturers of the hardware. In terms of hardware drivers, I trust Microsoft about as far as I can throw a dead horse! Hardware manufacturers frequently update drivers for older hardware in order to resolve reported issues. Yet for older hardware, the hardware manufacturers do not go through the time and expense of getting these updated drivers certified by Microsoft.

Finally, have you checked in Event Viewer under Error and under Warning, and then under Windows Logs >> Application and under Windows Logs >> System for error messages?

Best regards,

–GTP

 

Hi GoneToPlaid,

These are the screenshots for the NIC and wireless adapter:

The only two hardware drivers that I remember ever trying to install are the new Broadcom wireless driver (which led to the huge memory leak) and the AMD video card drivers (which caused a BSOD). The video driver was updated via Device Manager; I can’t remember how I had updated the wireless driver but it may have been via Windows Update.

I’ll check the Event Viewer later today.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

Please download the ORIGINAL drivers from HP’s web site for your network and wi-fi cards, and save them to a convenient location on your computer’s C: drive. Following are the download links for these two original drivers for your specific computer:

Original Atheros Network Controller Driver
https://ftp.hp.com/pub/softpaq/sp56001-56500/sp56474.exe

Original Broadcom Wireless Network Controller Driver
https://ftp.hp.com/pub/softpaq/sp56001-56500/sp56209.exe

Then go to Device Manager an uninstall the drivers for your network and wi-fi cards. When uninstalling, make sure that you choose to delete the driver files.

After uninstalling these drivers, reboot your computer. Then install the original network drivers first, and then install the original wi-fi card drivers.

I suspect that a later network card driver, which fixed an issue when upgrading to Windows 8, may have created a bug if said driver is used in Windows 7. I have a feeling that you have no intentions of upgrading to Windows 8 or Windows 10.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

Thanks, GoneToPlaid.

I’m back in for a few minutes and then I have to run back out, but when I return to the office I’ll do the driver uninstall/install.

FWIW, here are the current RAM numbers (in MB):

Cached 7217

Available 7572

Free 398

Question: Should I do this before (with a reboot in-between), or after, or instead of Garbo’s idea described here? I ask because lately it’s been a couple of days after each reboot before the problem resurfaces.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Those RAM numbers look fine.  It’s “available” that is the pertinent number, not “free.”

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Cybertooth

GoneToPlaid wrote:

Finally, have you checked in Event Viewer under Error and under Warning, and then under Windows Logs >> Application and under Windows Logs >> System for error messages? Best regards, –GTP

I see 5 errors in the last hour (Service Control Manager, Event ID 7011) that say:

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

In addition, there are 25 SharedAccess_NAT errors (Event 31004) that go:

The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

The Taskbar is also graying out again. I’ll be lucky to post this before losing Internet connectivity again.

 

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Those 31004 errors don’t seem to be harmful.  There’s a MS article on the topic that states:

The two Events described in this article do not indicate any problem with the operating system nor do they cause any functionality issues with Internet Connection Sharing. These events can be safely ignored as they are incorrectly logged because a request to allocate zero bytes memory is invalid.

The first error, though, could be related to the slowdown, and it seems to support the idea of a network adapter/driver issue.  DNS is, of course, part of networking!

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Cybertooth

Ascaris wrote:

Updating the video driver should not cause a BSOD, so that’s a bit worrisome…

Ah, one would think. Yet this occurred to me when I stupidly decided to allow Windows Update to install what Microsoft thought was the latest AMD video driver for one of my computers, even though I normally never allow Windows Update to install new drivers. This BSOD experience reinforced my conviction to NEVER install any drivers which are presented by Microsoft via Windows Update.

Ascaris wrote:

There are several new drivers for the Atheros card in question at the site. That’s the link for the 64-bit version– I didn’t see if you posted the bitness of your Windows installation. You may want to give it a try. It’s up to you! If the problem is in the driver for your NIC, this might fix it. I would also disable the wifi in Device Manager while testing the wired Ethernet. A driver can still cause issues even on in inactive connection if the device is enabled.

Fantastic, @ascaris, glad that Woody gave the green light to post the link.

Now there’s a choice to be made: should I try installing one of the new drivers for the Atheros card, or should I try (re)installing the original driver as GoneToPlaid suggests? If the plan turns out to be to  try these solutions in sequence, which one should go first?

I’ll let you and GoneToPlaid decide.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I would suggest GTP’s way first.  If it doesn’t help, then try mine.  Always better to try with the lower risk one first!

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Cybertooth

Lars220 wrote:

After some thinking, another idea is to run the built in Windows Memory Diagnostic Tool to test the physical hardware, remember, check the hardware also. Here is a link with pictures, note the first picture shows Windows 10 Start Search, but just type into the Windows 7 Start Search programs and files for: ‘ Windows Memory Diagnostic ‘ = it will ask to reboot and takes some time.

https://helpdeskgeek.com/how-to/troubleshoot-ram-with-windows-memory-diagnostic-tool/

If you had a failing Hard Disk Drive earlier, maybe the actual RAM sticks are failing also ?

Ran the Windows Memory Diagnostic Tool upon rebooting this afternoon: everything checked out, fortunately.

BTW, just prior to the reboot, Working Memory usage had reached 620K and free RAM had dropped to 84K.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I suspect that the problem is some type of a memory leak. Sysinternals has a nice tool / utility called RAMMap that can be useful. Here are some links to check out – review:

https://www.ghacks.net/2011/08/09/use-rammap-to-list-all-files-currently-in-windows-ram/

https://searchwindowsserver.techtarget.com/tip/Using-RamMap-and-VMMap-Tools-to-Troubleshoot-Windows-Memory-Issues

Download:      https://docs.microsoft.com/en-us/sysinternals/downloads/rammap

When your computer slows down, please take screenshot of Task Manager tabs and post.

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

Cybertooth

Should I take a screenshot of every Task Manager tab? Full-screen or reduced size? And even at full screen, there are more services listed than can fit on a single screen.

I just want to make sure I provide the info you need.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

I went back through all of this thread for ideas. You mentioned that you did these things:

— Uninstalled Norton Internet Security and installed BitDefender.
— And this summer, when Norton suddenly stopped getting virus definitions, Norton tech “support” suggested I update the video driver (?!). That resulted in a BSOD and the installation of BitDefender in Norton’s place.
— Also unchecked several Norton-related items that were showing up in Autoruns.

Event ID 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Event ID 7011 can be caused by a corrupt content index catalog. The index catalog could have become corrupt when Windows had problems trying to index files on the failing hard drive. Go to Control Panel >> Indexing Options and click on the Advanced button. In the Advanced Options windows, click on the Rebuild button.

Event ID 7011 can also be caused by remnants of Norton Internet Security. Go to Control Panel >> Programs and Features, and uninstall NIS, Norton LiveUpdate and any Norton Add-ons. Don’t forget to remove any Norton add-ons for Outlook. Reboot after uninstalling these items. Then download and run the Norton Remove and Reinstall tool:

https://support.norton.com/sp/en/us/home/current/solutions/v60392881_EndUserProfile_en_us

Obviously you are going to use the tool to remove all remaining traces of Norton.

Best regards,

–GTP

 

GoneToPlaid wrote:

Hi Cybertooth, Please download the ORIGINAL drivers from HP’s web site for your network and wi-fi cards, and save them to a convenient location on your computer’s C: drive.

GoneToPlaid, I followed the instructions as far as the reboot, including the deletion of the current drivers. But I was not able to install the downloaded versions: as soon as Windows 7 came back up, it installed drivers on its own initiative before I could do anything myself with the downloaded drivers.

Here are the screenshots for the two drivers:

The info on the images suggests these are the very same drivers the PC was using prior to the uninstallation and reboot. But there is one difference: previously, in addition to the NIC and wireless drivers, I had a “Broadcom Virtual Wireless Adapter.” (I did not uninstall that one. Maybe I needed to?) Now, though, in addition to those three I also have one driver I had not seen before–a “Microsoft Virtual WiFi Miniport Adapter #2”.

Now if these newly installed drivers do turn out to be the ones I downloaded, I will be mightily impressed because I saved them to a folder in the C: drive that otherwise contains only Word documents.

Assuming that we got acceptable results from this procedure with the drivers, it’s a question of waiting and seeing if the same symptoms come back in a day or two.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

Please post screen captures of the Driver tab which is adjacent to the Details tab. That will tell you which drivers Windows is now using. And yes, the Microsoft Virtual WiFi Miniport Adapter is something that Windows 7 automatically installs whenever Windows installs drivers for a wireless network card. It is interesting that the Miniport driver was missing. It shouldn’t have been missing.

If you trust me, would you be willing to email me a full Speccy TXT report file and an Autoruns TXT file to my email address which I provided in a PM to you? I am going to be up for about another half hour if you also want to give me a quick call at home.

Also, don’t forget to do the Norton removal tool thing and to rebuild your search index file before you go to bed.

Best regards,

–GTP

Hi GoneToPlaid,

OK, I ran the Norton Removal and Recovery Tool and rebuilt the index catalog. For good measure, I went into Autoruns and deleted (AFAIK) all remaining traces of Norton/Symantec there.

Here are shots of the Atheros and Broadcom driver tabs:

Regarding the Speccy and Autoruns .TXT files, let’s wait on that until we see the effects (if any) of the numerous changes made over the last day or so. I’m running into the practical consideration that work is piling up while I keep going back to deal with this problem.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Excellent. You are using the correct network and wireless drivers shown on HP’s web site.

Hello Cybertooth and GoneToPlaid, I do not want to interrupt or interfere with GoneToPlaid excellent advise. Hopefully totally removing all of Norton, and the new Network Drivers will be the solution. Concerning a possible ‘memory leak’ type of problem, looking at the Task Manager Performance tab, note at lower left the ‘Physical Memory Available’. If the problem is a slow, 2 to 3 days, the Available memory will slowly diminish until the computer becomes unresponsive. Leaving Task Manager minimized in the bottom task bar will consume maybe 3.6 MB of memory, not much if you have 12 GB. The memory graph will slowly climb until it gets near 100% use, probably the computer will freeze around 97~98%. Only other tab to watch at this time is the Processes tab, click to show processes from all users, then click on the Memory column to sort the highest memory use to the top. We want to watch for 2 to 3 days and see what process is using (or leaking) the memory. Following is a nice link from microsoft technet about Troubleshooting using Task Manager, Performance Monitor, and sysinternals Ram Map. When you have time please review:

https://blogs.technet.microsoft.com/mspfe/2012/12/05/troubleshooting-windows-performance-issues-lots-of-ram-but-no-available-memory/

Thank you GoneToPlaid for sharing your skills with all of us.

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

Cybertooth

Hello Lars220,

Thank you for your post. That TechNet article was well worth reading, and should be the next thing for Cybertooth to try since I am running out of ideas. Anything you can come up with for Cybertooth to check or try would be most appreciated.

Please have a look at the drivers page for Cybertooth’s HP computer:

https://support.hp.com/us-en/drivers/selfservice/hp-pavilion-hpe-h9-1100-phoenix-desktop-pc-series/5154893/model/5212313

I am thinking that Cybertooth might want to uninstall (if mentioned) and then reinstall the original drivers (in the following order):

— Uninstall Intel Management Engine (via Control Panel >> Programs and Features) and reboot.
— Reinstall the original Intel chipset drivers since Cybertooth doesn’t plan to upgrade his OS from Win7 to Win8 or Win10 (thus no need to update the chipset drivers).

— Reinstall the original Intel USB drivers.
— Reinstall the original HP Bluetooth drivers.
— Reinstall the original graphics drivers.
— Reinstall the original Intel Management Engine drivers.

In other words, the idea is to get Cybertooth’s computer back to its original set of drivers with the exception of the updated Qualcomm Atheros AR9000 Series 802.11n Wireless LAN Driver which is now installed and which was provided by HP. Doing so would put Cybertooth’s computer back to a “if it ain’t broke, don’t fix it” mode in terms of the installed drivers for his computer’s motherboard.

We can later consider updating his ME, USB, and graphics drivers. Yet all such drivers would come straight from Intel and AMD, and never from Microsoft. Right now, we are after establishing a solid baseline in terms of the installed drivers for his motherboard.

With regards to the HP drivers, HP does strongly recommend installing the 2015 BIOS update for better UEFI security, yet this could not possibly be the cause of Cybertooth’s stated issues unless UEFI has been hacked on his computer. I seriously doubt this. The 2015 BIOS update doesn’t contain any new CPU microcodes since all are dated 2010 to 2013.

The only additional thing I can think of is whether or not Cybertooth’s computer is using its default BIOS settings. HP doesn’t give one too many options in BIOS for changing settings. Cybertooth, did you have to replace your motherboard’s CMOS battery at any time during the past several months? If so and after replacing the battery, did you boot to BIOS and load the factory defaults for the BIOS?

I pretty much have nothing else, aside from perhaps examining a Speccy output file from Cybertooth to look for anything out of whack under the Operating System and Network categories in particular.

Lars220 and everyone else, what do you think? At this point, Cybertooth is now using the published HP drivers for his NIC and for his Wireless, and everything so far has pointed to a memory leak in this category? Yet possibly something could have propagated upwards from using incorrect motherboard drivers? This is why I described, above, how Cybertooth can reinstall the basic motherboard drivers.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

Hi GoneToPlaid,

Nope, the CMOS battery in there is the same one that came with the computer. I don’t have any specific memory of changing BIOS settings on this PC, but that doesn’t mean I haven’t. On the next reboot I’ll go into the BIOS and take a look around.

If and when the time comes to uninstall and reinstall drivers, we’ll have to find a way to do it before Windows takes over and starts installing its own choice of drivers, as happened when I went to change the NIC and wireless drivers.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

That’s part of what’s been so puzzling about this issue. I’ve been monitoring the RAM usage in Task Manager, and what happens is that “free” memory steadily drops down to double digits (it was at just 84KB just before the last time I had to reboot), while “available” RAM remains fairly stable (at the last reboot, IIRC it was still over 7000KB). When the PC finally slows down to a crawl, the bars on the memory graph on the left will still be far from the top.

In terms of who or what is using the RAM, I’ve observed a slow but definite increase in memory usage by Pale Moon and a faster increase by “svchost.exe (Network Service)”. With the caveat that the things we’ve done since Friday may (or may not) have resolved the issue, here are the numbers shortly after the most recent reboot:

RAM:

Cached  4126

Available  8585

Free  4861

Processes (Working Set (Memory) column):

Pale Moon  295

svchost.exe(Network Service)  — [not listed]

And here are the current numbers:

RAM:

Cached  4107

Available  8744

Free  5028

Processes (Working Set (Memory) column):

Pale Moon  456

svchost.exe (Network Service)  175

(All open tabs and applications were deliberately kept unchanged overnight.) Looking at today’s figures, it’s a hopeful sign (maybe) that free RAM hasn’t dropped, but PM and svchost.exe seem to be continuing on their merry way to Molasses Land.

We’ll monitor these numbers for a day or two. In the meantime, when I get the chance to (deadlines are starting to loom large) I’ll review the Technet page that you provided. It looks like it’ll be as useful as it is informative. Thanks for looking it up!

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth,

I think you have, by now, tested your PC for so many things that you might have already tried this as well, but just in case, here it goes suggestion No. 1001:

Have you tried using some other browser than Pale Moon? Perhaps one not related to Mozilla/Firefox, let’s say IE11 or Chrome?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Cybertooth

Thanks for the suggestion, OscarCP. In most of the monitoring this week, in my private notes I’ve included IE11 RAM usage. But it’s been completely steady so I stopped monitoring it.

FWIW, I also use Pale Moon on my Vista PC. RAM usage goes up there as well, except that in that case I can refresh the tabs and bring the RAM back down, whereas on this PC doing that doesn’t help. Also, the Vista system never reaches the point where it just can’t get on the Internet any more.

Maybe I can try opening all the PM tabs in FF and see how things develop over time.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

This is normal for Windows (and Linux, and I would assume MacOS).

When a computer first boots, some of the RAM is taken by program files and data structures.  The rest is “free.”  Free memory is any memory that has nothing (logically speaking) in it… it’s just sitting there waiting for something to do.  Free memory will be at its greatest extent right after you boot.  (“Free” memory may in fact have data within it, but there’s nothing pointing to that data as being pertinent to anything, so the data isn’t useful in any way.  As far as the OS is concerned, a memory location is empty when there’s no process pointing to that location and claiming it as being in use.  That’s what I mean by “logically” empty.)

As you use the system, things will be loaded into the free memory.  When you close programs, the OS will keep some of it in memory “just in case” for later use. If there is a lot of free memory hanging around, it may also prefetch some things from the hard disk/SSD that it predicts you may want to use in the near future, based on what you’ve already done so far.  It’s constantly shuffling around what is in there, unloading stuff that hasn’t been accessed in a while, loading in things that are more likely to be needed in the near future.

All of that memory is now cached memory, not free memory.  It’s “cached” because the OS is using it to cache all kinds of data, libraries, and programs that are likely to be needed later.  It’s far faster when the things the OS needs are in memory than having to get them off of a disk… it’s a performance feature.  Even a speedy NVMe SSD is a lot slower than RAM, but the slower the disk, the greater the performance benefit of caching.

The cached memory is available just as free memory is, so that any program that requests more memory will immediately be able to get it.  The OS will assign free memory first, then begin repurposing cached memory, which just means it “forgets” its pointers to the data it has cached (essentially making it “free” at that point), then assigns the memory to the process in question.

Cached memory is convenient and quick to have when the OS finds a necessary DLL or such in that memory instead of having to go to the disk, but it can be cleared at any time without any problem… it just means the OS will have to get the data from the disk instead of the cache, which is the same thing that would happen if there was no caching in the first place.

In terms of memory management, there is no performance penalty to be paid when it comes time to repurpose cached memory when it is needed for a given process (program), as opposed to using free memory.  The entire caching system is designed for speed… it’s meant to be repurpose-able at an instant.

An OS running at maximum efficiency will keep caching things in free memory, and soon will have nearly no free memory, but plenty of cached memory, which means also plenty of available memory.  Available memory is free + cached.  Free memory is performance potential left on the table– a wasted resource.

If your available memory figure was low, then I would be looking to that as a potential problem.  Low free memory after a time simply means Windows is working as designed.

It’s also not unusual for services to use more memory as time passes.  As long as the memory consumption isn’t exploding out of control, using up all available memory, it’s not a problem.  RAM use by processes bounces up and down as they do their thing, and memory used can increase in time even without a memory leak, since the process has more data it needs to remember for a given session.  It’s not a cause for alarm until something is using way more memory than it should and not releasing it.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

3 users thanked author for this post.

jburk07, Cybertooth, Elly

FWIW, the memory your browser uses depends on how many tabs are open and what those tabs contain. My Win7 machine has nearly 39 days of uptime now and Pale Moon is bouncing around between 480K and 550K of memory with six tabs open and PM is always open with many tabs. Sometimes, I have eight tabs open and two are Youtube videos I want to watch later, I’ve seen Pale Moon using just over a GB of ram in those cases, but I have 16GB of ram in this thing so it’s no big deal.

I also use the 64-bit version of PM which I believe uses more memory anyway. I have not noticed any memory leaks with Pale Moon and memory usage is generally variable within certain ranges depending on what I’m asking it to do. I routinely leave this system running for 1-2 months without a reboot and have never had an issue with Pale Moon and memory leaks. Just offering a data point and yes, I update Pale Moon as soon as it’s available, so I am on the most recent version.

Hopefully, the driver changes will resolve your memory issues and you can get some work done.

My memory numbers at 39 days of uptime are:

• Total: 16299
• Cached: 6840
• Available: 12915
• Free: 6098

1 user thanked author for this post.

Cybertooth

Hopefully, the driver changes will resolve your memory issues and you can get some work done.

My memory numbers at 39 days of uptime are:

• Total: 16299

• Cached: 6840

• Available: 12915

• Free: 6098

I’m jealous!!  🙂

But seriously, thank you for the data points, they give us something to compare my numbers to.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth wrote:

Hi GoneToPlaid, Nope, the CMOS battery in there is the same one that came with the computer. I don’t have any specific memory of changing BIOS settings on this PC, but that doesn’t mean I haven’t. On the next reboot I’ll go into the BIOS and take a look around. If and when the time comes to uninstall and reinstall drivers, we’ll have to find a way to do it before Windows takes over and starts installing its own choice of drivers, as happened when I went to change the NIC and wireless drivers.

In this case, you would be reinstalling drivers right on top of whatever drivers are presently installed. Yet we can get to that later, if necessary. At this point, I am hoping the running the Norton removal tool and resetting the Windows search index, in conjunction with Windows having automatically reinstalling the correct drivers for your networking, may have resolved your issues. I looked at your post with your most recent RAM figures. It does look promising.

1 user thanked author for this post.

Cybertooth

OK, just to update the numbers from a couple of hours ago:

RAM (from Task Manager):

(previous figures in italics)

Cached  4213    4107

Available  7838    8744

Free  3958    5028

Processes:

Pale Moon  436    456

svchost.exe  217    175

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Just over six hours after the last readings, here are the new numbers:

RAM:

Cached   6522

Available   7691

Free   1237

Processes:

Pale Moon   463

svchost.exe   298

The system has been up for 21 hours. A noticeable lag has developed between typing or scrolling, and the response. This is usually the first symptom…

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi,

A couple of software related thoughts.

I’ve had issues in the past with using too large a .hosts file – is it possible to change back to the 1k older version that would have been saved as a backup and test?

Do you have Microsoft Office installed on the PC – have had issues in the past when Word is opened and then closed – it does not release all the memory it uses on its initial start and this eventually has a knock-on effect on the overall available.

1 user thanked author for this post.

Cybertooth

I do have MS Office installed on this computer, but here’s the maddening thing: when the computer gets sluggish, memory usage is still nowhere near complete. This morning I had to reboot again (after 28 hours’ uptime), and while “free” RAM was hovering between 0 and 100MB, “available” RAM was more than 50% and total RAM in use was around 34%.

Here are the figures from just before rebooting today:

RAM:
Cached 7894
Available 7951
Free 102

Processes:

PM 451K
svchost.exe 417K

 

The hosts file is less than half a megabyte in size (445KB, IIRC).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

What does TaskMan’s Performance tab show for Kernel Memory Paged/Non-Paged?

Right now, shortly after the reboot, it says:

Paged   312

Nonpaged   148

This could serve as a reference point as we march toward the next reboot.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

That looks fine.

What Extensions are you using in Pale Moon?

What sites does it have loaded now and have you had GMail loaded in it during this session?

@satrow, I have one DuckDuckGo search-engine results page and 7 AskWoody tabs open.  😉  That’s in preparation to do October’s Group B updates, including the SSU that has to be done first.

The PM extensions are Encrypted Web 5.1.5 and uBlock Origin 1.14.23b12.

I don’t use GMail. In fact, I don’t do e-mail on this computer at all.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

The most recent uBlockO for Pale Moon is the firefox-legacy-1.16.4.5, you might want to install ublock0-updater to keep it updated.

I’m pretty sure Encrypted Web is no longer supported, an alternative might be HTTPS Always if you want to keep forcing https (PM would normally get the https site versions anyway, sites that don’t have, or need, https would fail if you force https). HTTPS Always is available here.

1 user thanked author for this post.

Cybertooth

Huh, when I open the add-ons page and click on “check for updates,” PM tells me none were found. I’ll try the alternative method you offered.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

anonymous wrote:

Hi, A couple of software related thoughts. I’ve had issues in the past with using too large a .hosts file – is it possible to change back to the 1k older version that would have been saved as a backup and test?

Interesting addition and something I had forgotten about. Before I adopted much of Noel’s security strategy and was tinkering around with things, I first tried a large hosts file. I don’t recall how large it was exactly, but it was big. I had to ditch that strategy quickly because with the large hosts file, the internet took a few minutes to start working after a reboot and there was extra CPU usage. It was so long ago and such a brief experiment that I don’t recall more details, though. As soon as I put back the default hosts file, the problem immediately resolved. Apparently, Windows doesn’t like hosts files that are too large. I don’t know if that could cause your issues, though.

I’m trying to recall if I had system slowdown during those few minutes with the internet not turning on. I can’t say for sure there wasn’t. Not much help. 🙂

As stated above, I use a large hosts file (now 19MB) with DNScache disabled and can log into Steam and then join an online game inside 90 seconds of Windows(7) starting up, similar with web browsing. I doubt that a 0.5MB hosts file would have a noticeable impact.

I do run a streamlined Windows though and I try to keep reboots to a minimum – the last restart was in August:

1 user thanked author for this post.

Kirsty

Hi Cybertooth,

I really think that a Speccy output TXT file would help us get a handle on your computer’s issues. Things we need to see are what services are enabled or disabled, what the running processes are, and what is shown under the Network section in the generated TXT file from Speccy. Instructions for removing confidential information from Speccy’s generated TXT file, and an example, are in the “Speccy — How to sanitize its output TXT file” folder on my Dropbox. Here is the link:

https://www.dropbox.com/sh/ohvcinlscjvq6i5/AABwVmnwfFhw0fdtPBWsYmAba

Best regards,

–GTP

 

Doesn’t the online (Published output) sanitise them and make them a lot more accessible than a plain txt file output? Maybe you could run a test?

I just tried Speccy’s Publish feature. I wish that I had not since the Publish feature does a poor job of sanitizing potentially sensitive information.

Only directly under Operating System, this information is removed:

— Computer type: Desktop
— Installation Date: 02/28/2014 07:51:07 AM
— Serial Number:

Only directly under Network, this information is removed:

— IP Address– 192.168.XXX.XXX
— Subnet mask– 255.255.255.0
— Gateway server– 192.168.XXX.XXX
— Preferred DNS server– XXX.XXX.XXX.XXX
— Alternate DNS server– XXX.XXX.XXX.XXX
— DHCP– Enabled
— DHCP server– 192.168.XXX.XXX

Speccy’s Publish feature does not remove:

— My name which is part of USERPROFILE.
— Computer name, netbios name, dns name and domain name.
— The serial numbers of my RAM or hard drives.
— Additional entries which list the local IP addresses or the IP addresses for the gateway, dhcp and dns servers.
— Network share names which may be confidential.

So the only ‘sensitive’ info needs physical access to the PC to make any profit from it?

I wouldn’t say that at all.

Hello CyberTooth, I (we) see your are having sluggish issues with your windows 7. I admit I have not read every single post here, but would like to try and help.

GoneToPlaid you are doing great.

CyberTooth, GTP, and others, You might want to look at the below ideas to consider.

Have you tried Safe Mode with Networking?

Go to msconfig.exe (System Configuration Utility) and start the computer in selective startup mode with all services except Microsoft services disabled.
https://support.microsoft.com/en-us/help/331796/perform-a-clean-startup-to-determine-whether-background-programs-are-i

Look at Process Explorer from Systernals.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

Have you opened the PC to see if the motherboard has any bulging capacitors? I know you put in an SSD but did you look?

Satrow is right about a large Hosts file. With Windows XP, Vista, and 7 a Hosts file over 200 or 300K could greatly slow down browsing if DNS Caching service is left on. This may help. http://winhelp2002.mvps.org/hosts.htm

Removal of Norton was a good idea.

I hope you find it. Please keep us posted here for when you do find a solution.

A windows 7 user.

2 users thanked author for this post.

Cybertooth, OscarCP

Booting into Safe Mode and checking the capacitors are good ideas.

If and when a new reboot is needed, I’ll open up the case and look for bulging caps.

The drawback of Safe Mode is that the computer will need to operate in that reduced capacity for a long while, given that the issue doesn’t crop up right away. Still, it may be worth a shot if nothing else ends up working. Thanks for the idea.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Did anyone mention “ipconfig /flushdns”? Clearing all temporary internet files in any browser used.

Red Ruffnsore

1 user thanked author for this post.

Cybertooth

Just did that now, thank you.

Let’s see what happens.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth.

In your most recent post above quoting numbers you are still referring to svchost as a single entity, so I take it that you have not yet split the 5 suspect services into separate processes (separate svchosts) as I have suggested previously to try to narrow down which of the 5 services is causing the problems?

In the meantime you could check to see which of the 5 are actually running and possibly restart each in turn to see if RAM is released which might indicate the suspect service. (To see the services details either type “services.msc” in the start menu Run box or in Task Manager in the “Services” Tab select the “Services” button. This being “Windows” there will be other ways to achieve the same effect!)

For example on my W7 PC at present, of the 5 services you list in the suspect “Network Services svchost”, I only have “Cryptographic Services (CryptSvc)” and “Network Location Awareness (NlaSvc)” with startup type “Automatic” and running. The other 3 “DNS Client (Dnscache)”, “Workstation (LanmanWorkstation)” and “Telephony (TapiSrv)” have startup type “Manual” and are not running (nothing has triggered them to start). (This is a simple PC connected to the internet via a router and cable modem using an Ethernet cable and not in a LAN connected to other PCs, servers, network printers etc.)

On the Pale Moon (PM) side of things, I assume that you have add-ons (isn’t that why people continue with forks from older versions of Firefox – their preference for the more flexible, old-style add-ons?). Have you tried running PM with add-ons disabled to see if the problem is in the core PM or with its add-ons? (I assume PM has retained the Firefox “restart with add-ons disabled” option under the Help drop-down menu?) If it is with an add-on, you would need to work out which and possibly remove it.

Have you tried re-installing PM from scratch in case it has become corrupted during an update? You may want to save your current configuration before uninstalling to save time after re-installing and there is/was a small utility called “pmbackup.exe” to do this. (It is possible to backup/restore configuration manually by copying some folder(s) and copying back later, but without checking I don’t know which folder(s) it is and I believe “pmbackup” does this anyway.)

A more left-field idea: From memory I believe that you have BitDefender AV? Although this rates well in performance I have been put off trying it for long because it does not (or did not when I looked at it) allow much user control. Is it possible that it has identified something it believes is/was a threat of some kind and quaranteed it without informing you (as a mere user) and might this missing thing be causing you problems? It might be worth checking the BitDefender “Quarantine” (or whatever it may be called) if it lets you and if there is something there get a 2nd opinion about it using something like “Virus Total” just in case it is false positive. (I use Panda and Avira AVs and both give indications of what they are doing and allow exceptions to be set for false positives. I don’t like to be kept in the dark.)

HTH. Garbo.

1 user thanked author for this post.

Cybertooth

Anonymous  #234537  : ” Have you tried re-installing PM from scratch in case it has become corrupted during an update? You may want to save your current configuration before uninstalling to save time after re-installing and there is/was a small utility called “pmbackup.exe” to do this. ”

Wouldn’t the creation of a restore point before reinstalling PM achieve the same thing? (Control Panel/System/ Security)

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Why would Cybertooth want to “restore”?

What I was thinking, but did not explain clearly enough, was saving configuration for later, completely uninstalling PM e.g. using Revo Uninstaller or something similar to clean as much as possible (and maybe even searching the folder structure and/or Registry for further remaining stuff which Revo may have missed, but only if Cybertooth has confidence to do this), before installing the latest PM with as little as possible of its earlier installation still there and then putting back the saved configuration. If Cybertooth is prepared to spend the extra time it would be cleaner to set all of the configuration settings again from scratch in case these settings are to blame in some way, but it is possible that he has forgotten all of the changes made previously.

More generally I don’t use restore points myself so I don’t know how complete they are. After no more than a ~50% successful restoration rate with Windows built-in backup and restore mechanism in the past I prefer to do manual backups using non-Microsoft means. (I needed to restore a PC and after finding that the most recent backup I wanted to restore failed, I spent a dreary weekend working through about 12 backups I had squirrelled away and only about half would restore. In the end the 3rd most recent backup was the most recent that would actually restore. Not good!) In fact I prefer to keep my Microsoft footprint as small as possible.

Garbo.

 

Garbo,

Thanks for explaining the uses of the utility program Revo Uninstaller.

I mentioned using restore points to get the system back to its previous state at the time the restore point is created, because that has saved me some trouble in the past and caused me no problems. Using one of them also restores applications that have been updated after the creation of that restore point, to their state before those updates, so the updates become once more available to install, or are installed automatically again, depending on the settings one has chosen for that.

So, if Cybertooth, let us say, decides to first remove and then reinstall PM and before doing any of that creates a restore point, i.e. before removing PM, if there is any problem afterwards he can get back where things were before he removed PM, leaving him neither better nor worse than before doing that. Of course, this can be also a way to prevent lasting problems after patching or making any other change of some significance to the PC software, if something then goes wrong.

I also do not use the Windows back up feature, but do it by hand to an external disk. More as a matter of habit than for any more practical reason.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Garbo, thanks for reminding me of that idea to isolate the several svchost.exe processes. Because that was quite a number of posts ago, I’m putting the link in here as a more current memo to try that, assuming that the issue persists.

Regarding Pale Moon, the monitoring suggests a much slower increase in RAM use by PM as compared to svchost.exe, and in any case when the PC turns into a snail there’s still plenty of RAM left overall. But again, as when you can’t find the lost keys or phone in the “logical” places, it’s time to start looking in less likely-sounding places.

At your suggestion, I checked the BitDefender quarantine and (fortunately) there isn’t anything in there. I would have never thought of doing this had you not mentioned it!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

That’s the thing. When PM is just sitting there (perhaps on Google’s search page) the memory of PM and svchost shouldn’t be slowly increasing. We all are guessing that it is PM. I suggest closing all web browsers, and then watch the instances of svchost for a while to see if their memory usage creeps upward. It shouldn’t. 20 minutes should tell you all you need to know.

Best regards,

–GTP

 

Well, it wasn’t 20 minutes, but svchost.exe RAM usage when I closed PM 2.5 hours ago was 160,508 KB, whereas currently it’s at 192,084 KB. No browsers were open during that time.

With any luck, this will yield useful clues.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Well, that ain’t right. The memory consumed by the svchost processes shouldn’t be growing. The upshot is that the issue is not with your web browsers. Instead, it has to be with Windows itself or installed software.

I have 14 copies of srvhost.exe running on my primary Win7 computer, and their memory consumption does not grow over time.

1 user thanked author for this post.

Cybertooth

Two further hours later, svchost.exe is up to 215,576KB. Although I do have several PM tabs open now, so it’s not a direct comparison.

As far as I can tell, “svchost.exe (Network Service)” is the only element of svchost.exe whose RAM usage grows over time. Maybe it’s time to apply Garbo’s idea of breaking svchost.exe out into its various components, even at the cost of delaying the next episode of sluggishness.

FWIW, this PC is on a LAN with several other computers linked via a FiOS router that also handles telephone and TV service.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Enable the Peak Working set column to see what’s growing/shrinking over time. I have 3x svchosts that have a noticeably larger Peak than they do Current.

I like the idea that the browser is where we detect the symptom of delay, but may not be the cause of delay. In the spirit of GoneToPlaid’s suspect elimination effort. If the creep continues, isolate the system from the internet for an additional observation period. I would expect no change, but it proves the issue is local and gives protection for the next step. If the creep continues, turn off or disable the Active or other “live” function of Bitdefender for another observation period.

I continue to suspect leftover Norton pieces, despite actions to eliminate them. Bitdefender may be tripping over these without having something to quarantine. This would not be a flaw in Bitdefender as it would be accurately identifying code that has suspicious privileges without an associated program. I have known people to resort to a system clean install because they blamed incomplete removal of an uninstalled antivirus.

Of course if you eliminate browsers, traffic, and antivirus and still see the creep we need another idea. My next would be back to the graphics processor, because the delay seems independent of the CPU use. The system could be waiting on delay from the GPU.

More ideas for the mix.

1 user thanked author for this post.

Cybertooth

All right, I’m disconnecting the Ethernet cable from this PC when I go to bed tonight, then check the svchost.exe RAM usage in the morning.

Regarding the possible presence of Norton remnants, maybe I can go into the Registry and search for them.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Eleven hours after unplugging the Ethernet cable, RAM usage bysvchost.exe is at 252,604KB. I had left it last night at 241,836KB.

The level continued to climb overnight, but at a much slower rate than when the Ethernet cable is plugged in.

In the couple of minutes since I re-connected the PC to the Internet, that number has gone to 254,972KB.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

https://www.neuber.com/network-taskmanager/

@Cybertooth, bit of a stab in the dark here (pun not intended) but, see what you think of the above program, try online overnight and offline overnight.
Compare the two results should show the culprit for ethernet traffic.

Windows - commercial by definition and now function...

1 user thanked author for this post.

Cybertooth

@microfix, thanks for the tip about this program.

I downloaded, installed, and opened it, but I haven’t figured out yet how to get it to work. I’m at a popup that says, “Please wait. The computer names are being determined.” But nothing ever seems to actually get added to the list.

Also tried the offered hint, entering this PC’s name… and it tells me that it was not found!?!

I’m in a rush right now, was hoping that it would “just work.” Will have to sit down and read the documentation, bummer.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

In Task Manager and when showing all processes for all users, how many instances of srvhost.exe are running? Normally there should be several instances running. If not, then something is wrong.

Hopefully now you see why we are shooting in the dark until you post a sanitized Speccy output.

Best regards,

–GTP

 

Right now there are 14 svchost.exe processes listed in Task Manager: 5 with a “User Name” of SYSTEM, 7 are LOCAL SERVICE, and 2 are NETWORK SERVICE. Of all these, the only one whose RAM usage cracks 100,000KB is the branch of Network Service we’ve mentioned before; the next biggest one (at 86,000KB but apparently steady) is running under SYSTEM and is associated with a slew of services including Windows Update.

I’ll think some more about Speccy.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I also have 14 instances of svchost.exe running when Show processes for all users is clicked, while in Task Manager at the top menu “View” click to set view to see the options to “Select Columns” = open that small window, scroll down near bottom and put a check mark in box for “Command Line”, on my list it is the fourth from bottom. Then you may have to adjust the horizontal scroll bar at bottom of Task Manager to see the Programs  or Services that are related to each ‘svchost.exe’ entry. Maybe this will help us determine what is the problem child. Also you can move the column headings left and right to move un-needed information to the far right off the screen like. Otherwise maybe uncheck un-needed columns for the time being. Hope This Helps. HTH = had to check Microfix’s Acronyms list, thanks Microfix. (duh)

 

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

Cybertooth

@lars220, I added the Command Line column to Task Manager and the command associated with “svchost.exe (Network Service)” is:

svchost.exe -k NetworkService

Incidentally, RAM usage by that process is now at 238,640KB. Not a whole lot in the bigger scheme of this PC, but for my money that’s where the problem lies.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I am going to bookmark some links here concerning “svchost.exe -k NetworkService” for future reference and will read sometime later;

https://www.ghacks.net/2008/08/29/svchost-viewer/

https://archive.codeplex.com/?p=svchostviewer

https://superuser.com/questions/91867/how-do-i-troubleshoot-high-svchost-exe-usage-in-windows-7

https://www.sevenforums.com/general-discussion/369517-svchost-exe-netsvcs-draining-all-my-memory.html

That last link has 12 pages and will take some time. I’ll be back, later …

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

Cybertooth

Hello CyberTooth, Lars220 and all. Sorry to hear it is still not corrected.

Lars220 has a good list. Also investigate:

7 Ways to Easily Identify SVCHOST.EXE Service -(He mentioned Process Explorer)
https://www.raymond.cc/blog/identify-loaded-svchostexe-in-windows-task-list/

Svchost Process Analyzer -(probably mentioned on other sites. I have not used this.)
https://www.neuber.com/free/svchost-analyzer/

1 user thanked author for this post.

Cybertooth

I have the same sluggish problem. I am running a 2009 HP Pavalion P6000 series with a 1TB HHD, and Win 7 Home Premium 64bit, AMD quad core processor, 6 GB Memory. Is there no clear cut answer?

@BrianL, I’m afraid that the answer is definitely not clear-cut.  🙂  In fact, troubleshooting this issue has been frustrating as all heck, as well as time-consuming.

But now that so much work has been done here by so many knowledgeable people, maybe your issue can be dealt with more quickly. (Fingers crossed.) Please try the Svchost Process Analyzer that I mentioned in my post below and see what it tells you.

You can also try the Network Task Manager that @microfix recommended above and maybe you’ll have better luck with it.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I have to ask both of you if last year you both ever installed the malware infected CCleaner version ccsetup533 which was infected with Trojan.floxif. I did, and I got hit with a secondary payload which nothing could detect, except for GMER which when repeatedly run, would occasionally show unnamed threads which were running.

Microfix wrote:

https://www.neuber.com/network-taskmanager/ @cybertooth, bit of a stab in the dark here (pun not intended) but, see what you think of the above program, try online overnight and offline overnight. Compare the two results should show the culprit for ethernet traffic.

Several hours later, the Network Task Manager never did find any computers to analyze, even this one where it was running.

However, the original link was not for naught. After poking around a bit on that website, I found the Svchost Process Analyzer, which yielded the following results:

The service name for the first item in the lower pane (leftmost column) is “Win HTTP Web Proxy Auto-Discovery Service,” and the display name (second column) is “WinHttpAutoProxySvc.”

Maybe this provides some useful clues?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Naw. I ran the Svchost Process Analyzer and got the exact same two results as well, so that ain’t it. A Speccy output would really be helpful!

I read through the bookmarked links I posted above, but did not find anything conclusive. I think GoneToPlaid’s request for a sanitized “Speccy” report may be our next best path forward? In reviewing Garbo’s post # 234537 above  https://www.askwoody.com/forums/topic/windows-7-pc-gets-very-sluggish/#post-234537  – I suggest disabling the Services for the related svchost.exe -k Network Service. In Task Manager Process tab, I right-clicked that process, and then seleceted Go to Service(s) for the ScreenShot that I will try to post here:

At the bottom right is a box to go to Services, and from there maybe you can Stop, or Disable the Services one at a time, maybe set to Manual Start ? – anyone else have advice on this? By turning them OFF one at a time, maybe we can see if the very slow memory climb will stop.

HTH, Lars220

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

Cybertooth.

Garbo writes: I only look here every 2 or 3 days, but this thread seems to have been fairly quiet since last time. The current consensus is (was?) that the problem may be due to a memory leak and you seem to have 2 memory leaks, so taking these in turn:

1) Pale Moon (PM): While scrolling down this thread I stumbled on a small reply from you where you stated that you only have 2 PM extensions – PM’s version of uBlock Origin (uBO) and something which looks like PM’s version of “HTTPS Everywhere”. I use Firefox (FF) and only have the current uBO and “HTTPS Everywhere” – essentially the same as you, but up to date versions of these things.

So why continue with a leaky PM? Why not use up to date, continually maintained FF with these extensions, uninstall PM and bypass this memory leak? BTW: It may be possible to “export” your PM bookmarks and then “import” them to FF using the “Bookmarks > Show All Bookmarks” options in both browsers.

If you want to continue with PM, then I again suggest a clean install and re-install as I have suggested previously. (The bookmarks import/export should work with this also.) I think you wrote that the PM extensions were not being updated? Does this further indicate a corrupted PM installation affecting its extension installer?

2) One of the network “svchost” processes: As I 1st suggested a few weeks ago, separating the 5 suspect services into separate “svchost.exe” processes would show which of these individual processes and hence which individual services has the problem. You seem reluctant to do this.

The next best, but more complicated option I can think of is a variant of Lars’ suggestion above.

a) In the “Services” window (either type “services.msc” or click the “Services” button in the “Services” tab in Task Manager), scroll down the services for each of the 5 services “Cryptographic Services (CryptSvc)”, “DNS Client (Dnscache)”, “Workstation (LanmanWorkstation)”, “Network Location Awareness (NlaSvc)” and “Telephony (TapiSrv)” and make a note of their “Startup” type (in case you need to put these back later).

b) Work through these one at a time (suggested order below), waiting a few hours between each, change their “Startup” type to “Manual” (not Disabled!) and then click “Stop” to stop the service. There may be an immediate drop in RAM Usage BUT THIS DOES NOT NECESSARILY INDICATE THE SUSPECT SERVICE!!! Sorry about the emphasis, but this might be the obvious expectation 🙂 The thing to look for is if RAM usage starts to increase again, from this possible lower base line. If it does not, then this is your suspect service, but if it does increase again then your suspect service is still running and you need to try stopping the next one.

c) In terms of service order, obviously any not already running as seen in a) above are out of the picture (unless they run intermittantly). My gut feeling is that CryptSvc is the most important of these, so leave until last. My gut feeling is that DNS Client is least important (the description suggests it is an optimisation sort of thing), so maybe try this first. The others look to be Local Area Network (LAN) specific things, so maybe not relevant to a stand-alone PC connected to the internet via router/modem. For what it is worth I only have CryptSvc and NlaSvc set to “Automatic” (and running all of the time) and the other 3 are “Manual” and not running. (I have doubts for some time if I need NlaSvc, but I have not yet settled those doubts so left it as it is. It was my Firewall related problem with CryptSvc which prompted me to comment in this thread in the 1st place.)

Now this is less direct than separating out the services into separate processes and you need to keep track of what you are doing, but is an alternative. (I think this is what Lars was getting at, but I do not recommend setting to Disabled as he suggested in case these things do need to run to keep your PC running. Something else can trigger a Manual service to start if necessary, but not a Disabled service.) You will need to check the “Services” window often to make sure that services which should have been stopped are still stopped. Use the Refresh button (green near-complete-circle) in the top-left corner to refresh the window to get the latest state.

Hopefully this will identify just one service and you can then search for advice about memory leaks in just that one service rather than memory leaks in services in general (which is where we are now in this thread).

I still think separating out into separate svchosts is simpler and cleaner and more direct.

Of course these memory leaks may not be the cause of the sluggishness, but even if you eventually fix the sluggishnes by other means, these memory leaks may still bite you later so are worth sorting out in their own right (and we have no better idea about the sluggishness at present).

HTH. Garbo.

 

2 users thanked author for this post.

Cybertooth, Lars220

Garbo,

I did your procedure for separating out the svchost.exe services. I did this for the group that includes CryptSvc, Dnscache, NlaSvc, LanmanWorkstation, and TapiSrv, as this is the group whose RAM usage keeps growing over time.

My understanding is that this will take effect upon the next reboot, if and when that’s needed.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Some additional notes and random thoughts; Thank you Garbo for good information and advice, I personally am learning a lot from this forum thread discussion. Concerning Services I am now aware that “Disabling” them is probably a Bad Idea unless you/me, knows what we are doing! Thanks for that reminder Garbo. Just ‘Stop’ and set to ‘Manual’ start, and make notes like Garbo recommends. Garbo’s post about separating the Processes from svchost at post # 230785 – link for easy reference:  https://www.askwoody.com/forums/topic/windows-7-pc-gets-very-sluggish/#post-230785 has Run as Administator Command Prompt instructions that should be considered. I also like GoneToPlaid’s advice to run the GMER “all your rootkits are belong to us” malware scanner: http://www.gmer.net/ because we may be chasing our tails if there is a hidden rootkit involved here. JFYI, I tried the program ‘svchost viewer’ and it does not do much, that can’t be done with Task Manager and Sysinternals Process Explorer. The ‘codeplex’ download site did not work, but Major Geeks has a working copy:  https://www.majorgeeks.com/files/details/svchost_viewer.html  (my advice: don’t bother)  Instead, review this link:  https://www.techrepublic.com/blog/windows-and-office/identify-and-get-detailed-information-about-processes-in-windows-7/

All for now, follow Garbo’s advice above and hopefully we can learn more.

I just now tried editing the first two links, somehow they get an extra underline at the end that breaks the link. The bottom two links seem to work ok. I think when I paste the link I may be accidently pressing the spacebar? that adds the extra underline? Does anyone know about this?

 

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

Hi everyone,

Cybertooth emailed me a sanitized version of Speccy’s TXT output. I am waiting for his permission to upload it to a new Dropbox folder so that you all can poke through it. Already I see some potential issues:

— Windows Update is turned off, preventing WU to update itself and Windows Defender to be updated. I recall that some months ago there were Windows Defender issues. I always prefer to set WU to check, but not to download.
— Several running AV programs including Windows Defender which could be chasing each other’s tails.
— A leftover low level Acronis driver which needs to be removed since Cybertooth is now using Macrium Reflect. I have had issues in the past with the low level Acronis driver.
— Some CEIP tasks which are not disabled.

Cybertooth’s motherboard should have SLIP keys which would allow him to install Win7 Pro instead of his current Win7 Home Premium.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

About that Windows Update setting: I had turned it off as part of the Group B patching protocol, but then other events took over.  🙂  Contrary to what I said in my previous post, I guess that is a change I made to the system after the most recent reboot.

Rather than turning it back on and potentially polluting the troubleshooting process, I’ll leave it off until a new reboot becomes necessary.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

A couple of points wrt GTP’s post:

1) I also used to have the Windows Update service startup type set to Disabled most of the time while following the Group B security only updates from the Catalog approach and temporarily set it to Manual and start it once a month to pick up anything else of interest e.g. .NET updates, before setting it back to Disabled and stopping until the next month. However since fixing my CryptSvc firewall problem and discovering that there seems to be some connection between CryptSvc and WU, I now have the WU service startup type at Manual in case CryptSvc needs to start it, but it has not been running whenever I have checked it.

2) Wrt Windows Defender (WD), remember that this is W7 where WD is just an anti-malware type program (similar to Malwarebytes Anti-Malware (MAM) and Superantispyware (SAS)) and not a full-blown AV like the W8.1 and W10 versions of WD. The idea was/is that it could run alongside a 3rd party AV. (The later W8.1 and W10 WDs probably should not run alongside a 3rd party AV.)

HTH. Garbo.

 

1 user thanked author for this post.

Cybertooth

GoneToPlaid wrote:

Already I see some potential issues:

— Windows Update is turned off, preventing WU to update itself and Windows Defender to be updated. I recall that some months ago there were Windows Defender issues. I always prefer to set WU to check, but not to download.

Defender’s updated as recently as yesterday – Definition 1.281.414.0.

What CEIP tasks are you seeing (10k lines = snow blind)?

Progress report: It’s been about 51 hours since the last reboot. This (just over two days) is about the time that typically I’ve been having to reboot in recent weeks.

RAM usage by svchost.exe is up to 568,000KB and Pale Moon to 682,000KB. Both of these are higher than I’ve seen them recently when a reboot became necessary.

And yet, the PC is still running fine: there is no lag when opening the Start menu or an application; the Taskbar is not graying out; and I can still get on the Internet without issue.

I haven’t made any changes to the system (that I can remember) since the last reboot. Since then, the only activity related to this problem has been of the monitoring kind, with the use of the various tools that have been suggested over the last few days.

Two reboots ago, at GoneToPlaid’s request we installed the original NIC and wireless drivers. We then had to reboot less than 30 hours later. But after the most recent reboot, the computer is running strong with none of the signs that presage the need for a new reboot.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hello Cybertooth,

1. Windows 7 “windows defender” is an anti-spyware type program and some AV programs (AVG) will turn it off when they install. (Garbo said similar). If however you do have more than one anti-virus, only one should be running. (I do not mean the Windows 7 “defender” since it is not an anti-virus. Microsoft Security Essentials (MSE) IS the antivirus from Microsoft for Windows 7).

2. I still recommend you run the OS without any non MS services to see if it is a program you added. Go to msconfig.exe (System Configuration Utility) and start the computer in selective startup mode with all services except “Microsoft services” disabled.
https://support.microsoft.com/en-us/help/331796/perform-a-clean-startup-to-determine-whether-background-programs-are-i

Very good people here helping you, GTP, Garbo, Lars, Microfix, etc.

Hope you find the issue.

a windows 7 user

1 user thanked author for this post.

Cybertooth

I totally agree that very good, knowledgeable people are helping out here!

Only one AV is running here. The rest are intended (or, at least, they’re billed as) antimalware-type applications that will run fine alongside the AV program. For HeimdalPRO (now rebranded as Thor), the new AV element, named Thor Vigilance, is disabled as it’s only available in the premium version.

However… this got me thinking. Three months ago this PC had an issue where Heimdal could not connect to its server, and they recommended that I uninstall it and then install the latest version of their software, which brought me to Thor. One of the elements of Thor is the following (see screenshot):

This one, too, is a new feature in the Heimdal/Thor program. Is it conceivable that this VectorN could be related to, if not the cause of, the problem we’ve been dealing with?

Please do note that the Heimdal services themselves have not been an issue with respect to either RAM usage or CPU usage. But that involvement in analyzing traffic sounds suggestive. I will disable VectorN for a while and see what happens to svchost.exe (Network Services). For the record, these are the RAM figures right now:

Pale Moon   716,380

svchost.exe   607,316

 

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hello anonymous,

You so do need to join the forum since your experience would be most helpful to have here.

Best regards,

–GTP

 

Hi everyone,

Here is a link for Cybertooth’s sanitized Speccy file:

https://www.dropbox.com/sh/jh8jsirt7lqmpa9/AAAZ8d0LDPg-Y2kjU_feiHiYa

Best regards,

–GTP

 

FWIW: I find it odd that Bitdefender AV, Windows Defender, Heimdal DarkLayer Guard and Hitman Pro are all running..with a malwarebytes service running! I was always inclined to think that only one AV should be running.
At a quick glance..
disable these via services: Remote registry, application experience.

You may wish to run this also: https://www.grc.com/unpnp/unpnp.htm

Do you share music/video via networking? If not you may wish to disable the ‘Windows Media Player Network Sharing Service’ as this is a security issue from PC to router (open port)

Do you use/need Oracle Java? If so for what?
c:BVTBin (Build Verification Tests) where has this come from? anyone..

Noticed your RAM configuration: slots 1 and 3 have 2Gb modules in each and slots 2 and 4 have 4gb modules in each.
May i suggest for better efficiency of RAM: Swap them round when system is off (mobo is dual channel memory capable and will benefit from larger modules on slots 1 and 3)
i.e. 2off 4gb modules in slots 1 and 3 AND 2off 2Gb modules in slots 2 and 4.(speeds it up a bit)

Windows - commercial by definition and now function...

3 users thanked author for this post.

jburk07, Cybertooth, satrow

@microfix, to answer your questions–no, I don’t share music or video via networking. After VectorN in Thor has been disabled for a bit (see my reply to “a windows 7 user” above), I’ll disable that function.

Java is installed on this computer, but I can’t remember the last time anything that I did used it. Maybe Java should get the boot, too.

Interesting about the RAM modules configuration not being the optimal one. This is the way the PC arrived from the factory!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I agree with the RAM slot changes. After powering off, unplug the PC’s power cable and then press the power button in order to discharge any remaining power in the power supply. When doing so, you might notice the the fans spin for a second or so. Yet this is a later thing to do. Let’s focus on the other issues first.

You need to decide what AV you are going to use and ditch the rest, perhaps use malwarebytes in conjunction with your chosen AV.
disable the services as per post above and disable ‘Windows Media Player Network Sharing Service’ from services.
Download utility from GRC and ‘run as administrator’
I’ve never used Oracle Java for Years..same ilk as adobe flash-player.ghack!
Factory settings/ hardware configurations for everything can be utilized better IMHO
Better to have initial 8Gb of dual channel memory for the system rather than 4Gb..

Windows - commercial by definition and now function...

OK, WMP Network Sharing Service, Application Experience, and Remote Registry have just been disabled.

About Java: I found Java.exe from the Start menu, but when I went to uninstall it via Control Panel, it was not listed as being installed.

svchost.exe is at 622,412 after 1 hour of Thor VectorN being disabled.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

The Java.exe in your start menu. Where does it point to on your computer?

If I understand your question correctly, you want the path to java.exe. It’s

Program Files (x86) –> Common Files –> Oracle –> Java –> javapath

Let me know if you wanted something else, thanks.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

That looks correct. Please uninstall Java if you don’t use it for anything.

Java is in the Program Files (x86) folder, but it’s not listed in the installed Programs in Contorl Panel. Should I just manually delete the Oracle directory? Do something else?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I used to use this, a few years ago to remove Java completely:
https://singularlabs.com/software/javara/javara-download/

Windows - commercial by definition and now function...

1 user thanked author for this post.

Cybertooth

Hi Cybertooth,

I agree with Microfix. Stick to and run only one AV program. In other words, pick your poison and stick to it for the time being. Your present choice appears to be Bitdefender which is a known good product.

The free MBAM is fine to occasionally run as a sanity check. Yet after running MBAM and doing a scan, you should right-click on its system tray icon and unload it. The free MBAM should never load at startup. I also occasionally run the free version of Hitman Pro as a second sanity check. It doesn’t leave anything running after you run a scan and then close the program.

Other than the free versions of MBAM and Hitman Pro and your primary AV program, dump all of the rest since you must eliminate the “dragons chasing their tails” scenarios which inevitably result in less overall protection. This has been repeatedly proven over the years by various testing organizations.

Windows Defender is notoriously slow and not particularly effective. Update it, and then disable it. Yet do periodically enable it and update its definitions, and then again disable it. This is what I do from time to time (once every few months).

I paid for HitmanPro.Alert and I had issues with it. I dumped it after reading reviews that it wasn’t particularly effective. The same thing goes for MBAM Anti Exploit (MBAE). Blown money on both. Ah whatever. I let paranoia get the better of me.

I see that Seagate scheduler is a running service, yet I think that you now use Macrium Reflect? I too use Macrium since it has always worked for me and since they have excellent customer support. I don’t care about backup and restore speed. I only care about reliability. I dumped Acronis years ago due to issues and the inability to restore what Acronis said was a good backup. Getting rid of the residual Acronis low level drivers is tricky. One has to first delete the related registry keys before removing the Acronis drivers. I have to perform further research about this. Or perhaps others here can help with regards to this specific issue.

Definitely uninstall Java unless you absolutely need it for an online web site or if you have any locally installed Java applications. My guess is that you have no such needs. I dumped Java on all of my Win7 computers in 2012.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

Hi GoneToPlaid,

Please see my earlier post here; I only have one AV program running.

The current combination of antivirus and antimalware software has done well for me for a while. The only new element is the features recently introduced by Heimdal, which I offer as a possible culprit.

Oh, wait–I did add MBAM Free as a supplement to BitDefender Free when Norton was ditched. I’ll stop the service now the way Garbo recommends.

And yet… RAM usage continues to grow, now well past the level where sluggishness and inability to get on the Internet have been emerging, but without these symptoms occurring.

 

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

In Mbam Free, under settings, on the second tab maybe, there is a check box at the bottom “Start when Windows starts.” Uncheck it.

1 user thanked author for this post.

Cybertooth

OK, that’s done now.

2 days, 8 hours, and 21 minutes since the last reboot, and still working fine. Lately it’s been working for about 51 hours when not barely a single day.

Not sure if I can yet permit myself the luxury of thinking that the beast has been tamed. If the problem fails to come back for another day or two, the situation will be clearer.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Well reading this back in conjunction with the speccy report, serious AV paranoia is at work.
AV overkill will add to PC inoperarability, similar to the symptoms being encountered.

What’s the issue with sticking with one AV and an anti-malware utility and un-installing the rest you don’t use? How do you know these aren’t connecting on-line, conflicting in the background/ slowing your PC down even though the service is disabled?
I now see by this post #235031 you have re-enabled another protection that will more than likely cause conflicts and undo any progress made. We still need to establish what is causing the sluggish issue/s and if you continue to undo progress, well, nothing will be fixed. It’s your call and PC.. Sometimes one needs to be ruthless with a PC, and this is one of those instances.

Windows - commercial by definition and now function...

@microfix, since the most recent reboot the PC has now been on for more than three days without running into the problem. RAM usage by svchost.exe is currently at 842,880KB which is nearly twice the level it’s been at when sluggishness began–and yet there are still no signs of a slowdown.

I had suspected VectorN, a new feature in one of the elements of my multi-layered security strategy. Turning it off did not slow down the increase in RAM usage, and turning it back on did not accelerate it.

This is now the longest period in weeks that this computer has managed to go without requiring a restart. It is not out of the question to posit that, whatever it may be, the acute problem (the one that cripples Windows Explorer and stops the PC from reaching the Internet) may have been resolved. There remains a memory leak, but this is manageable.

I will continue to monitor and report on the situation. Happy Thanksgiving.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

Microfix, satrow

I have no specific knowledge about your security programs (Heimdal etc.), but I use Panda AV and its “Panda Protection Service” has a dependency on CryptSvc one of our suspect 5 services (in the combined svchost process), so do any of your security programs also have a dependency on CryptSvc?

If you go to the Services window, find the “Cryptographic Services” entry, double-click to open its “Properties” and select its “Dependencies” tab, you should see if there is a dependency. If there is, then it might be this which causes CryptSvc to behave oddly?

I keep focusing on CryptSvc because that is what caused me firewall problems from May until I sorted it out a few weeks ago, but I suppose any of the other 4 suspect services might have a dependency with one or more of your many security programs.

BTW: If you also have the free, scanner only version of Malwarebytes Anti-Malware (MAM)  you do not need to have its service running all of the time. There is an on/off slider in the MAM Settings > Protection page to “Start Malwarebytes at Windows Startup” and setting this to Off (which I recommend for the free version) changes the Malwarebytes service startup type to Manual and the MAM service does not run from PC startup. You can still run a MAM scan when you want by starting MAM using the desktop or start menu shortcut. You will not see the Batman style icon in the Notification Area when it is not running. If you change the “Start Malwarebytes at Windows Startup” setting to Off and then “Quit Malwarebytes” (right-click its Notification Area icon), the MAM service startup will be changed to Manual and the service will stop.

HTH. Garbo.

3 users thanked author for this post.

AlphaCharlie, GoneToPlaid, Cybertooth

Garbo, you suggested that

If you go to the Services window, find the “Cryptographic Services” entry, double-click to open its “Properties” and select its “Dependencies” tab, you should see if there is a dependency. If there is, then it might be this which causes CryptSvc to behave oddly?

In services.msc, the dependencies for this service are”Remote Procedure Call (RPC)”, with “DCOM Server Process Launcher” and “RPC Endpoint Mapper” under it.

Hope this yields a clue.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

CryptSvc depends on these 3, but they are all Windows services so that is OK. This is the same as my PC. I have ”Remote Procedure Call (RPC)” startup type Automatic and the service running, “DCOM Server Process Launcher” startup type Automatic and the service running,  and “RPC Endpoint Mapper” startup type Manual and not running.

However in the lower pane my PC shows that “Application Identity” a Windows service and “Panda Protection Service” depends on CryptSvc. You will not have the Panda service, but do you have “Application Identity” (Manual, not running)? Are any of your security programs also listed here?

BTW: I remember that you were running a lot of malware scans halfway up this thread in case you had become infected by something. Did you have all of your many current security programs before that time or did you just install these things for that scanning exercise? In other words did your PC behave strangely before installing this stuff or did you already have this stuff installed when it started behaving strangely?

Garbo.

 

1 user thanked author for this post.

Cybertooth

Application Identity is indeed listed in the lower pane, and it’s the only item shown there.

However, I disabled it earlier today on Microfix’s suggestion.

BTW: I remember that you were running a lot of malware scans halfway up this thread in case you had become infected by something. Did you have all of your many current security programs before that time or did you just install these things for that scanning exercise? In other words did your PC behave strangely before installing this stuff or did you already have this stuff installed when it started behaving strangely?

Yes, all that was already installed when the PC started behaving strangely. The newest member of the “club” is the latest version of Heimdal/Thor with the VectorN feature, but that and BitDefender Free and MBAM Free all came into the system at about the same time (mid-August).

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth wrote:

Application Identity is indeed listed in the lower pane, and it’s the only item shown there.
However, I disabled it earlier today on Microfix’s suggestion.

my bolding

@cybertooth, I think you’ll find I did not ask you to do that at all.

Microfix wrote:

disable these via services: Remote registry, application experience.

from this post #234965

Windows - commercial by definition and now function...

1 user thanked author for this post.

satrow

My bad.

So, how does this difference affect the course of action?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hi Cybertooth,

Note that removing the Acronis low level drivers may be tricky. Don’t attempt to do so until I research the issue further.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

There are these Acronis clean-up utilities, maybe they would help or harm.

https://kb.acronis.com/content/40366
and
https://kb.acronis.com/aticleanup

1 user thanked author for this post.

Cybertooth

Ref. post #235010: an hour and a half after that report, RAM usage by svchost.exe (Network Services) is up to 642,572. Still no sluggishness evident, but it seems clear that disabling Thor’s VectorN didn’t stop the increase in RAM use by svchost.exe. I’m turning it back on.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

It is now just over four days working well with no reboot. Longest it’s managed to run since the whole issue surfaced.

At the risk of jinxing it, it looks like the acute problem may have been solved.

If the PC continues like this, I will keep re-enabling functions that have been disabled, one by one until the problem reappears.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hello Cybertooth, Yes, slowly turn on programs you had turned off. Go slow. Use it a few days. It does not appear to be SVCHost since that has climbed, but no sluggishness.

It looks like it may had been MBAM background service if I read right. We have seen the same problem a year ago when MBAM updated. It too was running in the background. VERY slow computer until that background process was turned off. We also have seen MBAM affect Firefox. I can not remember what it was, but turning off the MBAM background service corrected it. After much arguing with MBAM they acknowledged and corrected the issue.

MBAM is a good program and has protected us, but when one adds more and more security there are more chances of one program interfering with another or the OS.

Keep us posted!

a windows 7 user

1 user thanked author for this post.

Cybertooth

Thanks for the specific heads-up about MBAM, which adds further weight to the sense by so many in this thread that it should not run resident. Having ditched Norton, it may take a while to settle on a good combo of services to replace it; I’m not certain that BitDefender Free is a complete replacement for the paid Norton Internet Security.

Aactually rebooted a few times today as I went ahead and installed the pending Windows updates, including the lingering ones KB3138612 and KB3177467. The PC (Group B) is up to date through the October 2018 Windows and .NET patches.

Now we’re starting fresh. Just to be on the safe side, that VectorN Detection from Heimdal/Thor is disabled once again, and MBAM resident remains disabled. Once the computer has gone more than two days without a problem, the plan is to start re-enabling stuff, waiting 2+ days between each new action. Maybe MBAM will be the first to get re-enabled since it seems to be a leading suspect.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Lars220

Hello Cybertooth, Good plan! I (we) also recommend you add Spyware Blaster from Brightfort which immunizes browsers and the older 1.6.2 Spybot Search and Destroy which does NOT run in the background (turn OFF “tea timer”) and is still being updated. It too will immunize your browsers.

For further web protection consider using AdBlock Plus.

Some may agree or disagree with this but we have been using those for well over a decade on ALL of our PC’s and friends/family too.

a windows 7 user

1 user thanked author for this post.

Cybertooth

A couple points. First, it’s great that we are much closer to narrowing it down now.

So, I stopped using any and all AV and real-time Malware protection and have gone without for about a year now. It’s clear to me that they don’t really do much of anything except get in my way and interfere with things I’m doing when I don’t want it to.  I run Pale Moon with uBlock and uMatrix which puts everything fully in my control without all the AV stuff. Also, I have DualServer set up using blacklists that update daily which complements the other things perfectly. Anything third party while surfing is blocked by default by uMatrix and uBlock, so that stuff rarely ever gets through to the third layer. Haven’t looked back since ditching AV software. I still have MWB free which I use to scan infrequently and it never turns up anything. I also have EMET set up and monitoring internet-using software.

Speaking of MWB, the recent comments here reminded me of when I used to use MWB real time protection. I ultimately had to turn it off because it was slowing down my browsers. Not so much the rest of the PC, but there was a delay when doing things like typing in the browser or trying to scroll down a page. Switching off real time protection fixed it immediately and switching it back on unfixed it immediately, so I stopped using it. I don’t know if it’s still that way now, though.

Still, I agree with other posters here that you’re overdoing it with the AV stuff. One should be all you need if any. Perhaps MWB real time protection should be the first thing you switch on when you’re ready to start testing.

2 users thanked author for this post.

Cybertooth, satrow

Thank you Sessh.

a windows 7 user

That sounds good. MBAM will be the first to be turned back on if the machine is still running strong Sunday afternoon. IIRC, some recent test results suggest that MBAM may have lost some of its protection magic anyway.

Your security setup is reminiscent of the way many do it in Linux, where the use of AV software is rare.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth.

Garbo writes: Do not forget that you still have a couple of memory leaks which if they continue will eventually mess up your PC whether you experience “sluggishness” before this happens or not.

Now that you have finally re-booted, keep an eye on any of the svchosts now only containing one of the suspect 5 services whose RAM usage increases remorselessly. If you use Process Explorer hovering the mouse pointer over its entry will give the service name of the errant service. Unless it is CryptSvc, you could try setting its startup type to Manual and stopping the service to see what happens (something else which needs it may restart it – TBD). If it is CryptSvc it will require more investigation. (I suppose that there is a small possibility that the latest Windows Updates you have since installed may have changed things?)

Wrt Pale Moon (PM) I still suggest thoroughly uninstalling it using Revo Uninstaller or something similar before either installing the latest version or using Firefox (FF) instead (your extensions uBlock Origin (uBO) and HTTPS Everywhere (or its PM equivalent) being available for both). BTW: If you persist with PM, that tool to backup and restore PM profiles “pmbackup.exe” which I wrote about earlier is available to download from the PM website at https://www.palemoon.org/backuptool.shtml

Another thought wrt PM and BitDefender: From memory BitDefender has a plug-in which it adds to a browser which (I think) offers something like Web Of Trust (WOT) like or Microsoft “smartscreen” like functionality, checking if websites you visit have a bad reputation in some sense. Does your PM have this? If it does and it is a Firefox plug-in, then it may be intended for current Firefox and may not be compatible with PM, a fork from a much earlier version of Firefox. Do any of your other many security tools also have plugins or extensions in PM which may be incompatible?

BTW: An “anonymous” above suggests “AdBlock Plus (ABP)”, but this just does some of the same as uBO, so you would not want to have both installed in your browser. It is possible to do more with uBO than ABP so I use uBO with the “medium” security settings (look it up) which it is claimed is roughly equivalent to the combination of “ABP plus NoScript”. (I think that uMatrix also provides similar functionality to NoScript, but I have not used it.) My point: Just as too many security tools which may conflict is not a good idea, too many browser extensions doing similar things which may conflict is also not a good idea.

HTH. Garbo.

PS: The latest MalwareBytes AntiMalware (MBAM) is version is 3.6.1. If you don’t have it you can go to the ‘Settings > Application’ tab and click on “Install Application Updates”. Such an update may start a “Premium” trial, but if you don’t want this it would be cleaner to go to the ‘Settings > Account Details’ tab to de-activate the trial immediately rather than wait for it to expire later.

There was a serious MBAM failure in January (I think?) due to a badly formed definition update I think, but they fixed it within a day or so. By chance I had not switched my PC on at that time so missed it, but read about it later. I have the paid for premium version (I bought a lifetime licence when these were available a few years ago) running all of the time in parallel with Panda AV and these co-exist without problems even on my aged PCs.

 

 

1 user thanked author for this post.

Cybertooth

Garbo, prior to today’s reboot I finally applied the recommendation to split the svchost.exe (Network Services) process into its five constituents, and after the reboot they showed up separately in Process Explorer.

Looks like we have gained useful information from this measure already: RAM usage by Dnscache has grown from 95,400KB five hours ago, to 155,000KB currently. The other four elements in that service don’t seem to have grown appreciably.

You wanted to know if Pale Moon had any AV-related plug-ins or extensions installed, from BitDefender or others. Nope, none are in use.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

OK. Now we are cooking!

It is good that it is only 1 service and it is good that it is NOT “Cryptographic Services (CryptSvc)”.

My (non-expert) understanding of DNS Client (DnsCache) is that this is a non-essential, optimisation kind of thing which Microsoft believe will improve internet operation. (I guess a parallel is indexing which is not essential but which they believe improves searching? Anyway …) I have had the DNS Client startup type set to Manual and this not running for as long as I can remember without any problems that I’m aware of.

I tried a little experiment: I started the DNS Client manually (using services.msc), noted the RAM usage in Process Explorer and left it for 10 minutes. On returning nothing had changed significantly. I then started visiting a few web-sites using Firefox and after a couple of sites experienced the “sluggishness” which prompted you to create this thread. Looking at Process Explorer, the RAM usage had increased 3-fold (after only 2 or 3 sites) and the CPU column showed that one of the cores was maxed out (~50% in a dual core processor). Firefox was unusable! Going back to the “services.msc” window to stop DNS Client and things quickly returned to normal.

So my advice (as a non-expert, practical experimenter) is change the “DNS Client (DnsCache)” service startup type to Manual (I don’t recommend Disabled) and assuming that it is running at present Stop it.

HTH. Garbo.

PS: Now for the Pale Moon re-installation from scratch/replacement?

 

1 user thanked author for this post.

Cybertooth

Garbo, thanks for the insight. Depending on what others think about it, this sounds like a real and simple solution to the RAM problem!

The information pane in Services.msc says for Dnscache that, if the service is stopped, “the computer’s name will not be registered.” Not sure what that means or what the practical effect might be, but apparently you’ve been doing fine with it set to “manual.”

Reinstalling Pale Moon is more of a major surgery. I’m not ruling it out, though. Let’s see how these other measures work out.

BTW I do have Firefox on this computer, but I’ve kept the version frozen at 43 because it’s the last version where my plug-ins to “convert a Web page to PDF” still work. (These are plug-ins that not only print a page to PDF, but also preserve the clickable hyperlinks.) I only use FF when I need to print a page, and that only after first visiting the site with another, up-to-date browser.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Garbo writes: My previous comment shows not just a potential “solution to the RAM problem”, but a connection between the increasing DNS Client service RAM usage and browser “sluggishness” to the point of temporary browser lockup (one of your symptoms at the start of this thread)!

BTW: As well as using up to date Firefox for most browsing, I also have a need for a pre-Quantum version of Firefox for a couple of catch-up TV websites here in the UK which do not work properly with the latest Firefox (or did not last time I used them). I have a portable version of this earlier Firefox and this remains separate from the installed latest Firefox.

I do not know if this might work for you, but old portable versions of Firefox can be found at https://sourceforge.net/projects/portableapps/files/Mozilla%20Firefox%2C%20Portable%20Ed./   There are several version 43.<something> portable Firefox downloads listed there.

HTH. Garbo.

PS: Wrt the comment from “a windows 7 user” just below, I currently have a 834KB Hosts file. This was originally a Spybot Search and Destroy (S&D) creation 10 years ago or more (during the XP era) and although I have long since abandoned S&D I kept the Hosts file. I have added to it every few months using HostsMan or if I have seen anything useful on sites like this (or gHacks which often has browser articles).

 

1 user thanked author for this post.

Cybertooth

Hello Garbo and Cybertooth, You are correct on the DNS Cache. It is there to make web browsing “faster” but if you have an anti-spyware program that adds to the HOSTS file it could slow your browsing down considerably. It may take 30 seconds to load a page. I have seen this (at work) and have had DNS caching OFF on my computer for years. I did see once, turning off DNS Caching on Windows 8 or 8.1 did affect the “metro version of IE” but did not affect the “standard version of IE”. Some images did not load.

Please see the below for more information on HOSTS file and DNS Caching. (Satrow mentioned similar on the 19th).

With Windows XP, Vista, and 7 a Hosts file over 200 or 300K could greatly slow down browsing if DNS Caching service is left on. See: http://winhelp2002.mvps.org/hosts.htm

a windows 7 user

1 user thanked author for this post.

Cybertooth

Thanks “a windows 7 user” for the info.

I read the details on DNS caching in the mvps.org site, and came across the following:

<b>Important!</b> If you are using <b>Network Discovery</b> then the DNS Client service is required and should <b>not</b> be set to either Manual or Disabled.

My affected PC is on a LAN with my other computers. I actually do a fair bit of moving of files across the network, most of the time involving this PC. If the above advice is valid, then I should probably not disable DNS caching and instead use the workaround that’s offered next (closing the browsers and flushing the DNS cache).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

OK, I’m about to reboot the machine in order to carry out @satrow’s idea from last night. (The PC is running fine at present.)

Just prior to the reboot, RAM usage by svchost.exe stands at 281,840KB. Note that this is about 126,000KB higher than the last check 10 hours ago, and that the level at that time was about 60,000KB higher than it was five hours before then: so, FWIW, RAM usage seems to be increasing by some 12,000KB per hour.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

satrow

Hi to Cybertooth and everyone else,

We are getting way too many suggestions for Cybertooth. Please, let’s not inundate him with any more suggestions for the time being.

Cybertooth, I suggest a test which you can start late this night when you are ready to go to bed:

1. Disable anything which you very recently re-enabled.

2. Reboot your computer.

3. Do not start any programs.

4. Wait at least 15 minutes. Why 15 minutes? Because this is enough time to guarantee that all Windows startup programs, including Windows Update and any other programs which check for updates, have completed their tasks.

5. Launch Speccy and then save a Speccy TXT output.

6. In the morning and whenever you get around to it, launch Speccy and save another Speccy TXT output.

7. Sanitize both Speccy output files and email them to me. Then I can do a comparison between the two in order to see what has changed, and to hopefully spot something which is causing the consumed memory to grow. Also, please email me your LMhosts file.

Yeah, I know that presently your computer doesn’t seem to be experiencing the slowdown issues, yet the underlying issue of consumed memory growth has not been resolved. This really, really bugs me since the growing memory consumption issue simply should not be occurring.

Best regards,

–GTP

 

1 user thanked author for this post.

Cybertooth

No need for emails, useless for the rest of us, also forbidden/frowned upon on most fora. The idea being that the info is available to all, anything that may contain personally identifiable material, please DM Woody or one of the MVPs ahead of posting, we can then clean it up for you.

2x TaskMan screenshots (enable and show the Peak Working set) plus a screenshot from DriverView (set it up like the below image) should suffice.

There was (unsure if it’s the same now) a default W7 Task that was triggered 16.5 minutes after Boot so delay the first TaskMan screenshot to 20 minutes to (hopefully) ensure it’s finished, the next TaskMan screenshot should be after some heavy usage of your programs that you use daily Plus a long ‘rest’ time to allow things like browser/System memory recovery to run.

Some memory usage increase/decrease should be expected from Windows’ background processes/Services, they’re not all just sitting there doing nothing! Some User software, esp. browsers, will keep ‘ticking over’ on certain pages/sites, some pages might ‘drop out’ after 15 minutes to an hour, others will keep going until the connection is broken.

1 user thanked author for this post.

Cybertooth

@satrow, thank you for the link to DriverView. I’ve downloaded it and will carry out your procedure (with the heavy program usage) in the morning/afternoon.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

satrow

Here are the screenshots you asked for. The first Task Manager shot is from shortly after restarting the computer, before opening any browsers or other applications, while the second shot is from two hours later after performing a variety of tasks (browsing, printing, editing and saving files in MS Word). The DriverView shot was taken just before posting this.

A couple of comments on the drivers listed as “Unknown” and for which there is no description: the two files whose names begin with “dump” are said to be innocuous here, while the “rikvm” driver is associated with Cyberlink’s PowerDVD software, which is installed on this computer.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Hello Cybertooth, In your screenshots of processes, I see “tea timer” from spybot running. If you want this and like it then OK. We have always turned that off (unchecked it) since it did slow things down and bother the user too much. I mentioned earlier that we use SpyBot version 1.6.2 because we like the passive protections rather than the active protective services that run in the newer versions.

Thank you for reviewing the MVPS site. It has good information.

1 user thanked author for this post.

Cybertooth

I’m going to implement your and @satrow ‘s recommendation to turn off Tea Timer. Now that you mention it, I’m not sure that it has ever actually had any positive effect, certainly nothing visible, and in the meantime it’s always far and away the Task Manager leader in “Page Faults” (18 million as I write this, followed far behind by BitDefender’s vsserv.exe at 3 million).

However, since it’s running right now, in order to keep conditions as constant as possible for this session, I’ll wait for the next reboot before disabling it permanently.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Agree with the above on TeaTimer, it’s long been known to cause odd problems.

The memory usage looks quite good considering the large number of Processes running (almost into stock W10 territory!), Pale Moon stats look fine.

Have you checked that all the running software is still installed and that you want to run them actively – as in, do you use them all during every session?

There are ways to trim the Processes/Services of some of those programs/driver packages so that there’s less overlap/duplication/’junk’ running, others can be switched to ‘on demand’. GHacks is one of my first calls for details on trimming the more common software/graphics card driver packages.

1 user thanked author for this post.

Cybertooth

@satrow, thank you for reviewing the DriverView output.

The main candidates for elimination would be the four Acronis drivers near the bottom of the list. Macrium Reflect is much faster at making disk images and I had disabled the Seagate startup items in msconfig. Maybe I should just uninstall the Seagate DiscWizard entirely.

I admit that I don’t know very much about optimizing processes/services. I’ll poke around GHacks and try to learn this aspect of good computing.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Yes uninstall the DiscWizard if you no longer have need to configure a Seagate drive, or use the other software functions.

1 user thanked author for this post.

Cybertooth

Yes uninstall DiscWizard – and uninstall Acronis if you’re not going to use it – what about Windows Live, do you actively use any of it?

Has the HP Support Assistance and other non-printer HP software ever been of any use to you?

1 user thanked author for this post.

Cybertooth

Honestly, I wouldn’t even know what Windows Live is for. I guess I never gave it much thought because the resource usage is small.

OTOH, the HP support software has come in handy a number of times. But there’s no real reason to have that running all the time, right? I mean, when necessary I could just launch it from the Start menu, no?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Windows Live is (iirc) now unsupported by MS and it hooks into just about every User Process ime. Uninstalling it should lighten the load/connections.

Yes, the HP software should remain available from the Start Menu, though you may need to set any drivers to Demand start (not straightforward) to prevent them from running in the background – slimmer is better.

Try uninstalling them and check for their absence/presence during your next session with TaskMan and DriverView.

Did a Web search for “set drivers to demand” and got a lot of results about Uber and Lyft.  🙂  But nothing useful for our purposes.

If I uninstall those HP Support drivers and then decide they’re needed, how do I get them back?

This whole step feels uncomfortable. I think I’ll just disable (not uninstall) the HP Support Assistant Service in msconfig and see how things go.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

I can walk you through any drivers that are safe to set to demand, please keep to the basics to begin with. We can also discuss your Service settings if and when we feel it’s necessary but currently, with no discernible ‘bad’ Service, I’m unsure whether that would be needed to any great extent.

[My own Service settings are a little different to the ‘bare bones’ of BlackViper’s, 3+ days into the current session and I have 21 running, your needs are likely to be very different.]

I’m reluctant to enter into the complications of setting drivers to Demand, as I could not find any info about that on the Web.

At the risk of breaking troubleshooting protocol, I am going to act on a hunch: I’m restarting the Malwarebytes Service tonight. Something tells me that this may be at the root of the problem; if this is correct, then in less than 24 hours–maybe sooner–the PC will be back to acting sluggishly and unable to reach the Internet. (Right now it’s been 13 hours since the last reboot.) If the hunch is wrong, then I’ll start over again with that service disabled.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth, I think the phrase “set drivers to manual” may be another version of “set processes to manual” as in the “services.exe” section of windows. One can set a process or “a program’s process” to auto, manual, or disabled.

I always considered a “driver” more like the software to run a card or physical device in the PC, such as a network card, video card or sound card, etc.

The Black Viper site is good for setting processes to manual or disabled. I am sure other web sites have good ideas of what may not be needed as “automatic” in the settings.

a windows 7 user

MVP Edit: Continuation Topic here.

If I uninstall those HP Support drivers and then decide they’re needed, how do I get them back?

I don’t imagine you ever really would decide they’re needed, since the PC in question is a Windows 7 one, and therefore must be long out of warranty support.  You came here when you needed support, right, and not to HP!

This is the kind of bloatware (IMO) that I have always removed in the first hour of having the box open on every system where I left the original OS on it for any length of time.  Any trialware, any OEM updater-ware, any preinstalled antimalware programs are summarily dismissed.

If the hardware is defective within the warranty period, I’ve never needed any of that OEM diagnostic stuff to get the problem diagnosed and fixed.  None of the OEMs I’ve purchased from have ever insisted upon using that stuff.  While it’s under warranty, I just send it off and let them deal with it, and when it’s not under warranty, I’ve never found any value in any of their OEM diagnostic programs.

If you still want to keep the possibility open,  HP should have the whole thing available on their site.  Not only that, but you should definitely have a full backup image before messing with this stuff, so if you do, you can use that to get back to where you started.

I kind of backed off in this thread when there started to be too many chefs trying to help at the same time… even if they are all competent helpers, it just leads to a confusing morass when there’s too many people suggesting too many things.  When troubleshooting, you want to do one thing at a time so that when you get to the problem, you know which step corrected it (hopefully).

If I remember, one of the first things I suggested as a possible cause early on was aftermarket drivers, of which antimalware drivers (and the programs that go with them) are the most common first suspects.  Whether by trial and error (remove it and see if it helps) or by using things like the MS driver verifier built into Windows, which stresses bad drivers to the point that they will BSOD and reveal their badness to you, these things do tend to cause issues at times just like what you describe.

I did suggest taking a backup and removing things one by one and seeing if it worked… well, these things here would be among the first things I would get rid of.  Antimalware, OEM diagnostics (I’d actually forgotten that some people leave that on, heh!), and backup programs (Acronis in particular) are all things I’d remove up front, as they are all intrusive things that hook into all kinds of places int the system (part of doing what they do).

Having a good backup is essential here, because knowing it is there gives you the courage to rip stuff out and see what happens.  Hopefully disabling things like the HP Assistant will be enough, but you never know for sure until it’s removed (and you’ve verified that the various bits it might have left behind are removed too). I’ve seen way too many things that should have worked when x was disabled, but only actually started working when x was eradicated.

If you search any given program name with “manual uninstall,” it will often present you with a guide for doing just that, which is a good sign that the program in question does have a tendency to leave bits of itself behind.  Programs that uninstall cleanly don’t cause ongoing problems afterward that people have to write walkthroughs for!

Acronis True Image was/is notorious for leaving upper/lower filters on the system after it was uninstalled, and they have a cleanup tool to fix this that should always be run after an (attempted?) uninstall.  It’s unfortunate that Acronis has let quality slip so far, but they seem to be more focused on marketing and tie-ins to their cloud than in fixing bugs or listening to customers (lot of that going around these days).

Did you ever try the new driver for the Atheros or the Linux Live USB test?

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

2 users thanked author for this post.

Cybertooth, satrow

@ascaris, thank you for the further ideas.

My experience with OEM computers has been somewhat different from yours. 🙂  I actually have found the marketing ploy of OEMs providing preinstalled software to be helpful as it introduces me to products and services that I wouldn’t necessarily have found on my own. And I do use some of the stuff that (for instance) came with this computer, such as CyberLink PowerDVD and Power2Go. Earlier HP computers came with LightScribe Direct Disc Labeling, a neat technology that sadly didn’t seem to ever take off but which I will keep using happily until supplies of the CDs/DVDs run out.

Bear in mind that my first several computers came at a stage when I knew little about computing–for me, a PC was a box that performed magic and facilitated my work. The presence of these third-party programs alerted me to the fact that alternatives to Microsoft offerings did exist, a reality that may seem obvious now but which from my perspective was actually not at all self-evident at the time. So, far from being viewed as bloatware, they performed a valuable informative function for me, and even today I use some of them on a regular basis.

All that said, I do have a list of things to disable or remove, for which I will wait to see how the disabling of resident Malwarebytes does in terms of addressing the original issue. These are Spybot’s Tea Timer feature, the Seagate drivers, Seagate DiscWizard, everything associated with Windows Live, and Silverlight.

I haven’t yet tried running a Linux Live DVD on this computer (we’ve been trying a lot of other things), but I did install the original Atheros NIC driver (see here) as you and GoneToPlaid concurred back then.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Cybertooth, Here is a site that also can help in determining what to turn off in services. This is from the menu search box, type services and it will be at the top of that search list, open it. You will see all the services for windows.

Go to the Black Viper site and investigate setting your services to what he calls “Safe”. I have done this since Windows XP SP2. As time has passed by he has lessened the number of “disabled” suggestions. This started with XP SP3. I have mainly stuck to his XP SP2 suggestions of what to Disable, keeping in mind that Vista and 7 have more services.

http://www.blackviper.com/service-configurations/black-vipers-windows-7-service-pack-1-service-configurations/

You mentioned that you are using your LAN and sharing files. Keep that in mind as you turn off services. He has a very good explanation of each service by clicking on its name.

Again, I (we) have used his advice to turn off services that auto run and some are not needed at all by the stand-alone computer, and can be set to “disabled”.

Keep a record of what you disable. Go slowly in disabling a service do “one at a time”.

Make a registry restore point before you start. If you make a mistake or forget, you can restore the registry.

I think you will be happy with the results.
a windows 7 user

2 users thanked author for this post.

Cybertooth

Cybertooth..

Some comments on Pale Moon. Latest Version is 28.2.1 Version 28.0.0 had performance issues, excessive memory consumption, and other problems. Ver. 28.2.1 works very well here, on a x64 Win 7 machine. Also good on our Win 8.1 machines.

Also as suggested previously uBlock Origin s/b at 1.16.4.5

Machine here always Group B. Only runs MSE for any antivirus stuff.

Hope you get to the bottom of your problem(s).

1 user thanked author for this post.

Cybertooth

Thanks @jcn67. I just checked, and Pale Moon is at version 28.2.1, with uBlock Origin at 1.16.4.5. So we’re good there.

RAM use by svchost.exe (Network Services) is currently at 341,568KB. Twelve hours ago when I re-enabled Malwarebytes resident, it was at 189,344. RAM usage growth by this svchost.exe process has been 12,685KB per hour, actually not a lot faster than before re-enabling MBAM when the rate of RAM increase was somewhat over 12,000KB an hour.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

All right, I have no doubt now that MBAM is related to whatever is going on with this computer.

Less than thirteen hours after re-enabling Malwarebytes resident, the PC began to have trouble getting on the Internet. (I may not be able to post this on the first try.) Opening the Brave browser to Startpage.com took inordinately long, although finally it did. (The symptoms typically get worse over time until you just can’t get on the ‘Net at all any more and the browser times out.)

In addition, I was paging through a large Word file when all of a sudden it started having trouble scrolling. And then the telltale sign: the Taskbar went gray and the circle popped up and started spinning. Eventually that went back to normal and I was able to scroll through (and save) the Word document, but this is all the same kind of behavior we’ve been observing for weeks now.

More recently, I’ve read that MBAM scan results aren’t as good as they used to be back when. So I may simply uninstall it completely and move on to something else; several folks in this thread have kindly suggested alternative anti-malware applications and I’ll be looking into them. Or maybe I’ll just do without that particular layer of defense, as others have also proposed.

The next troubleshooting step will be to reboot, keep MBAM disabled, and see how long the computer keeps working well without it.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Sounds like multiple security software checking the network/internet connections might be the main issue, also Word/Excel/Notepad etc. will use the page file when you enter Edit mode and increase the kernel and disk activity loads.

If you’re happy that you have *something else* actively covering what MBAM does, disable MBAM from auto-starting then study your other Security software settings to ensure there’s as little overlap as possible.

HpHosts hosts file will give you roughly the same blocking list as that built into MBAM Premium (they’re part of the same stable), probably best to use a hosts manager like HostsMan to install/update it and turn off the DNSCache Service.

1 user thanked author for this post.

Cybertooth

I’m actively considering using a more extensive hosts file. I understand the concern that a large hosts file might slow things down, but I wonder if this wasn’t more of a concern back when we were on Windows 98 and PCs had 512MB of RAM.

What do you think of the following warning on the mvps.org site:

Important! If you are using Network Discovery then the DNS Client service is required and should not be set to either Manual or Disabled.

This PC is on a local network and I do swap files back and forth between it and other computers on the LAN.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

You can still use the ‘old-fashioned’ ‘Advanced File Sharing’.

All right, that didn’t look too hard. If the problem recurs, I’ll disable DNS caching and give Advanced File Sharing a try.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

satrow

On the subject of a Hosts file…

I have had a good experience with this …http://winhelp2002.mvps.org/hosts.htm

I have added some other sites to the end of the file, mostly based on Noel Carboni’s very informative posts in other threads on AskWoody. Just a thought for an option to the other hosts file mentioned through here.

1 user thanked author for this post.

Cybertooth

Thanks very much! I visited the mvps.org site. Please see my reply to @satrow just above yours here. Eager to get your opinion.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Machines here do not operate on a LAN. DNSCache is on because VPN I use turns it on.  VPN has protection to not leak DNS queries to 3rd parties.

Have not noticed any throughput slowdown because of size of hosts file. Browser has very minimal addons/extensions.

1 user thanked author for this post.

Cybertooth

This may all be a bit late but here are a few of my thoughts which may have already been posted as to Win 7 sluggish behaviour on a SSD in relation to a faulty thermal sensor.

As i have not read all of the posts some of what i mention may already have been brought up.

In relation to a faulty thermal sensor on the SSD it could be possible that the SSD is causing the system to throttle due to the false reading.

The BIOS / UEFI on many motherboards have settings in relation to certain temperatures of components such as the CPU and i believe if the BIOS / UEFI is getting a false high reading this may cause throttling and slow downs / sluggish behaviour of the system.

On other thoughts.

How full is your SSD in relation to its size ?. The old adage was to have at least 50% free, ( on the mechanical drives at least ). Not to sure on whats required with SSD`s.

You did mention you installed a 450G SSD so you should have plenty of free space.

Never defrag SSD<code>s as i have seen people that have tried which has then caused issues with SSD</code>s.

As for re-imaging the OS to a new hard drive i have never had to much success with this myself in relations to Drivers not being correct for the new hard ware that has been installed.

I have always found that re-installing the OS had been the better way even though time consuming. ( Jut make sure you have everything you need backed up ).

In relations to adding many other programs for testing sake may compound the problem even further as many do not un-install properly and leave many folders behind including trace remnants within the Registry. Too many will start to load up the system as many run automatically behind the scene.

Always remember which Processes / Services that you have disabled. ( jot them down for reference ).

In relations to programs that you have added and the Processes / Services that they invoke, even though you may have disabled them many do re-start on the next boot.

Also remember that to many different forms of security software don`t play well together.

These are a few of my thoughts, pls correct me if i am wrong on any as computers are a continual progression of learning through reading and trial and error testing.

 

 

1 user thanked author for this post.

Cybertooth

Sorry I missed your post from Sunday. Dozens of posts in this thread have disappeared, and the flow of the posts has been messed up such that many new posts (like yours) are showing up above posts that are days or even weeks older, instead of at the end where you’d expect them

Thanks for the many ideas. The SSD has some 330GB free, and the sensor is already reading 99C when I open the hardware monitor just minutes after a reboot. Maddening, isn’t it?

I’ve never imaged a Windows OS drive to a new computer, only to the same one, so fortunately hardware drivers haven’t been an issue and I’ve had good success with this procedure.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Please consider starting another thread. At the top of the new thread, provide a summary of the problem and solutions tried.

Request that this current thread be closed.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

It’s tempting, especially since the flow of the conversation has been broken.

Thing, is, so many different things have been tried that it would be time-consuming just to review and then summarize what they were. All the more difficult since dozens of posts were erased, so in replies there’s no reference to what they are replying to.

I’d be OK with picking up with a new thread, just to regain the logical posting sequence, with a link back to this one. Give this one the same name and append “Part 2” or “Continued” to it.

Mods, what do you think?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Garbo writes: The formatting of this thread has become messed up in my Firefox browser, so these comments are related to several points above, but all collected in one place.

In summary: We know that the svchost causing problems is DNS Client (DnsCache) and not the others in the previously combined svchost process. I normally have this at startup type Manual and not running, but if I temporarily start it and do some browsing the CPU and RAM usage of DNS Client increases significantly and the high CPU usage brings browsing to a halt – one of your symptoms. (I guess the high CPU usage could also bring Windows Explorer – your other symptom – to a halt if Explorer is sharing the same CPU core as DNS Client?) When I stop DNS Client both CPU and RAM usage drop and the browser becomes responsive again. So to me this suggests that this is the area to focus on.

My PC is not on a LAN, so I can safely not run DNS Client and have not run it for as long as I can remember, but you question if you need it for your PC in a LAN. I do not know the answer, but stumbled upon the following towards the end of https://superuser.com/questions/465293/how-does-windows-7-dns-client-work

“[Question] It would be nice to get DNS working with the DNS client on, but I might be OK without it, what do you think?

[Answer] The DNS client default is ON in order to maintain backward compatibility with systems that do not have complete DNS visibility, particularly domain systems that do not have complete DNS visibility before logon — making it impossible to find the authentication server. If you can login to Windows with the client turned off, it doesn’t need to be on.”

(My [] and bold above.) I am not a Windows PC network expert, but to me this suggests some sort of office situation where user’s login data is held remotely from each PC and needs to be checked before allowing the user to login. (A hot-desking situation maybe?) If you are not doing this, maybe you do not need DNS Client running? People more familiar with this stuff would be better qualified to answer this question than me.

Have you compared the DNS Client settings and Hosts file on this faulty PC with the corresponding things on your other PC(s) in your LAN? If they don’t have the problem and there are differences, maybe that will give a clue?

Some time ago I changed the entries in the Hosts file to 0.0.0.0 (from 1.0.0.127 or whatever it was) based on some advice at a site such as this. I forget the reason why, but it made sense to me at the time. What is yours? It might be worth trying 0.0.0.0?

BTW: Do not change the Malwarebytes (MBAM) service in “services.msc” and do not set it to Disabled. Just control this using the MBAM ‘Settings > Protection > Start Malwarebytes at Windows Startup’ slider (as the MBAM people intended) or you risk MBAM not working correctly when you want to do a scan. For the Free, scanner only version this slider should be Off (and the MBAM service not running with startup type Manual) as several of us advised some time ago.

HTH. Garbo.

 

2 users thanked author for this post.

Cybertooth, satrow

I forgot to add that the DNS Client service settings in the Registry are at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache

if you want to compare with your other PC(s).

HTH. Garbo.

 

anonymous wrote:

Garbo writes:

Have you compared the DNS Client settings and Hosts file on this faulty PC with the corresponding things on your other PC(s) in your LAN? If they don’t have the problem and there are differences, maybe that will give a clue? Some time ago I changed the entries in the Hosts file to 0.0.0.0 (from 1.0.0.127 or whatever it was) based on some advice at a site such as this. I forget the reason why, but it made sense to me at the time. What is yours? It might be worth trying 0.0.0.0?

The entries in the hosts file are set to 127.0.0.1. I’ll do a global search-and-replace to 0.0.0.0.

I compared the Dnscache registry setting on this PC with that of my Windows 7 laptop. The only difference, at least for the main branch (there are also Parameters, Security, and TriggerInfo subcategories) seems to be that the value for “Type” is 0x00000010 (16) on this PC, and 0x00000020 (32) on the laptop. FWIW, the laptop uses McAfee Internet Security, as compared to BitDefender Free (and previously, Norton Internet Security) on this PC.

Before disabling this service, I’ll wait to hear about it from you and others.

anonymous wrote:

Garbo writes:

BTW: Do not change the Malwarebytes (MBAM) service in “services.msc” and do not set it to Disabled. Just control this using the MBAM ‘Settings > Protection > Start Malwarebytes at Windows Startup’ slider (as the MBAM people intended) or you risk MBAM not working correctly when you want to do a scan. For the Free, scanner only version this slider should be Off (and the MBAM service not running with startup type Manual) as several of us advised some time ago. HTH. Garbo.

Hmm, I did both of those.  🙂  It’s disabled in services.msc AND also I flipped the switch in the program’s UI. Just reset it to Manual in services.msc.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Whatever the problem is, it’s not Malwarebytes resident after all.

Although that was doubly disabled (as I reported to Garbo above), the machine still did the same old same old this morning, less than a day after the previous restart. Had to reboot once again.

CPU and RAM usage were low according to Task Manager, as was kernel activity. Throughout this whole ordeal they’ve never approached red-zone levels, so rather than high usage I’m wondering if the issue may have to do with some conflict among processes.

Maybe the next step will be to disable the DNS Cache service, reboot, and watch developments. Thoughts?

P.S. BTW, the flow of the posts in this thread has been seriously messed up. You’d expect the most recent posts to show up at the bottom of the page, but many of them today (such as Garbo’s) have been showing up fairly well up the page, making it hard to locate the latest several posts. The old standby of searching for the word “new” is clunky, as currently there are 68 instances of it on this page.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Lars220

I also noticed that the flow of posts by date is getting confusing. I found something that may be helpful, but I have never used it. Hopefully some more experienced people can comment on the Microsoft Debug Diagnostic Tool v2 dated November 13, 2015:

https://www.microsoft.com/en-us/download/details.aspx?id=49924

From the above link that has a download link,

The Debug Diagnostic Tool (DebugDiag) is designed to assist in troubleshooting issues such as hangs, slow performance, memory leaks or memory fragmentation, and crashes in any user-mode process.

Hangs, slow performance, memory leaks, all sound like the issue here. Request some experienced computer people to review that link, thanks. Lars220.
<h2 class=”x-hidden-focus”></h2>

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

Cybertooth

Garbo writes: Wrt “The only difference, at least for the main branch (there are also Parameters, Security, and TriggerInfo subcategories) seems to be that the value for “Type” is 0x00000010 (16) on this PC, and 0x00000020 (32) on the laptop” the “Type” parameter difference is just due to the fact that your problem PC has “DNS Client” in its own svchost to aid debugging following my earlier suggestion. This is how Windows knows to create a separate svchost at startup, so is what I expect to see.

The contents of the Parameters sub-key include settings such as how long data is kept in the cache, so presumably how often the service uses CPU cycles to refresh the cache, so differences here may be relevant, but an expert in this area would know more than me.

I do not recommend setting the DNS Client startup type to Disabled and I have not recommended this previously. If you don’t want it to always run change it from Automatic to Manual. This means that if anything else needs it to run on demand later, that other thing can trigger it to start it. Setting it to Disabled would prevent something else starting it. (In general setting a service to Manual rather than Disabled is a safer option, unless you are completely sure it definately should be Disabled.)

I think that if I was in your situation I would make a system partition backup. Change the DNS Client startup type to Manual. Reboot and make sure you can get back in to the PC (considering my previous comment about the reason for DNS Client being Automatic being due to login with a remote Authentication Server). If you cannot login, then restore the system backup. If you can login, then DNS Client should not be running, so try the LAN file transfer stuff with other PCs to make sure that this all still works. If it doesn’t, change the DNS Client startup type back to Automatic and reboot. If all of your LAN file transfer stuff does still work, leave your PC a few days to see if the symptoms which started this thread re-appear. If the symptoms don’t reappear, assume the problem is “worked around” and get on with your life. If they do reappear, then someone else may have a better suggestion.

Given the amount of time you have spent on this so far, it might have been more efficient re-installing W7 again from scratch and re-installing all of your 3rd party programs from scratch. (I have read of people re-installing Windows with 3rd party programs left in place, but that seems risky to me so I would not attempt it.) Make sure that you have a copy of all of your “data” somewhere else before re-installing. (I have most of my “data” i.e. documents, music etc. in a separate D: partition completely separate from the system partition C: which makes it easier for me to re-install.) I believe that there is a thread on this site describing how to re-install W7 in an efficient way (possibly from the contributor “Canadian Tech”?).

HTH. Garbo.

 

1 user thanked author for this post.

Cybertooth

Garbo, I have a totally separate drive for data, fortunately. Setting the DNS Client to Manual will be the next change to make, assuming that the sluggishness returns.

If it comes to reinstalling Windows, I will think seriously about ditching Microsoft products for Linux. But we’re not there yet…

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Had to restart again tonight after about 34 hours. DNS Client (Dnscache) was set to Manual before rebooting, but a check of services.msc shows that it has already started. RAM usage shortly after rebooting is 19,188KB.

P.S. This post, from November 27, is showing up above 78 other posts in the thread that were posted beginning November 7. Can’t anyone in charge fix this??

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

woody

OK. So the question now is: What has started DNS Client?

I think you wrote earlier that the DNS Client properties (in services.msc) showed no other service dependent on DNS Client, but we know that MS information is not always complete, so does the properties tab for any of the other services show a dependency on DNS Client? (My point: Service A dependent on service B, should show A dependent ON B in A’s properties and B depended on BY A in B’s properties. Check each of the service properties in services.msc to try to find what started DNS Client.)

If you just stop the DNS Client service (using services.msc) without any reboot does it restart? If it does restart what other PC activity takes place between stopping it and it restarting?

If it does not restart despite your normal PC usage and hence the RAM and CPU usage does not increase does your PC continue normal operation indefinately? If it does not get restarted then maybe something is starting it in error at PC startup and a work-around could be to stop DNS Client a short time after PC startup (either manually or using a scheduled task).

If DNS Client restarts due to one of your many security tools (I think someone earlier mentioned his/her VPN?), do you really need that security tool? (The consensus a few weeks ago was that you have a lot of security tools and some pruning would be a good idea. In pruning leave BitDefender until last – you need an AV but maybe do not need the other stuff. (BitDefender is widely used, your other things I had not heard of. I think we have considered MBAM enough – it is fine in scanner only mode without its service continually running with the “Start at PC Startup” slider at Off). What differences in security tools do you have between your faulty PC and your other PC(s) which are working OK? This may give a clue.

BTW: As my intention with these suggestions is just to see what causes DNS Client to start (assuming DNS Client is the cause of your problems), you do not need to wait several days for the sluggishness to return between changes/PC reboots, the thing to look for is the RAM usage continuing to increase, not the sluggishness. These several day gaps make it difficult to follow this thread.

HTH. Garbo.

 

This thread has become garbled because posts have been removed by the originator.

I’m closing the thread.

If you’d like to pick up the discussion again, please start a new Topic.

Sorry about that.

MVP Edit: Continuation Topic here.

4 users thanked author for this post.

satrow, geekdom, PKCano, Microfix