Slashdot Mirror
How To Diagnose a Suddenly Slow Windows Computer?
Ensign Taco writes "I'm sure nearly every one of us has had it happen. All of a sudden your Windows PC slows to a crawl for no apparent reason. Yeah, we all like Linux because it doesn't do annoying things like this, but the Windows desktop still reigns supreme in most managed LAN work environments. I'm running XP with 4G of RAM and a decent CPU, and everything was fine, until one day — it wasn't. I've run spybot, antivirus, and looked at proc explorer — no luck. There is no one offending, obvious process. It seems every process decides to spike at once at random intervals. So I'm wondering if there's a few wizards out there that know what to look at. Could this be a very clever virus that doesn't run as a process? Or could this just be some random application error that's causing bad behavior? I've encountered this a few times with Windows PCs, but the solution has always been to just add more hardware. Has anyone ever successfully diagnosed this kind of issue?" And whether such a problem is related to malware or not, what steps would you take next?
Very commonly this happens when a hard drive reverts to PIO mode after Windows decides it has seen a few errors from the drive. You can verify this by looking at the properties of the IDE Controller to which the drive is connected in device manager. (IDE ATA/ATAPI Controllers/Primary IDE Channel/Advanced Settings tab, for example)
There is a VBScript that resets the drive back to DMA mode, and is effective if that is indeed the case.
This could also be an early sign of hard drive failure. I've seen plenty of drives that passed diagnostics but were very, very slow. Try checking the SMART data with something like HDTune.
I'll be the first of many to suggest:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Process explorer shows both CPU and I/O activity of all processes and services running. Here is the link: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Another option under vista is to use the "Reliability and Performance Monitor" in control panel.
Not a lot to go on, though as a freebie, XP doesn't do jack with that extra gig of RAM...You could put in 100gigs and it won't use any more than 3 (less you're using the 64 bit version, iirc).
Rootkits can run "under the radar". Might want to try software like RootKitRevealer, or Blacklight. A crappy one might grab a ton of cycles for a minute, but most of them are less intrusive.
Everything spiking at once sounds like that stupid "System Restore" process, or maybe a big swap dump (which is weird with that much RAM, but you know, it's windows.) Stupid programs like Norton can grab a huge chunk of resources every now and then for no discernable reason. Maybe some peripheral is crapping out?
Barring malware, I'd start writing down what's running when it spikes, and see if that tells you anything. Lot of programs can cause momentary spikes, but background processes usually don't. You could try testing some of the hardware but without anything specific to look for, you're going to have a hell of a time finding something.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
But rather than just checking SMART, get the manufacturer's test program. All the HD makers have one, just get the one appropriate for yours. It's the sort of thing you boot from CD and let run for a few hours, but it is the way to go. SMART can report ok even when a drive is dying but it is extremely rare (though possible) that the manufacturer's diags give it a pass when it is dying.
Check that, since a dying drive often makes things really slow (in part because it starts remapping lots of bad sectors).
Run for a while in safe mode and see if the problem persist. If it doesn't, then its probably a service gone haywire. Most likely candidates are printer services, anti virus services, scanner services.
Somehow my link didn't appear. Hijack This! should be able to be downloaded from http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
Hopefully one of those two will show up.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
2. look at processes tab
3. go view, select columns, put in all columns
4. now click on the title of each column, which will sort ascending/ descending, and analyze each column by itself, one at a time
5. look especially for processes that are doing heavy cpu or heavy i/o, or other bizarre exotic behaviors, like high thread count
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
My usual check list for this is:
1) Check the hard drive, SMART, or manufacturer diagnostics
2) Get the manufacturer diagnostics, and run a full hardware validation
3) If all is clean, check for things recently updated - a bad update may be clogging things
4) Check your anti-virus/anti-spyware software. Sometimes they can switch into extra-paranoid mode and slow things down horribly.
Mark Russinovich has an enlightening blog entry called The Case of the Slow System that might serve as an example of how, if you are are one of the planet's top 10 Windows experts, you can, with persistence, luck, and the proper tools, solve one of the obscure problems that are slowing down your wife's computer. This particular case pertains to Vista, but the general techniques are applicable to XP as well.
Some systems will slow down the CPU if it gets too hot. Check the fans and the temp in the CMOS if it can report it.
Keep the Classic Slashdot.
Indexing really slows things down. Also, check you AV and Spyware settings and think about turning off any real-time file monitoring. Indexing plus real time file monitoring equals slowness. Finally, run 'msconfig' and check what is starting up at runtime. If you don't know what it is, get rid of it. You can always add it back.
I once looked at a coworkers system and he had processes starting up at runtime that were called, I kid you not, A, B and blank (no name at all). Removing those restored his system.
Check the reported hardware (CPU...) temperatures, run the SMART tests on your hard drives and then open the case and check if all the heatsinks are where they should be and how warm they are to the touch. Also check if all the fans are operational. Take the opportunity to clear out the dust from the fans and your PSU. I've seen a lot of sudden slowdowns like that (I work as a tech in a datacenter) and most were hardware related. In one case the heatsink got unglued off of the northbridge.
From: http://www.kessels.com/Jkdefrag/
How do I disable the Windows built-in defragger?
Windows 2000 & 2003:
The built-in defragger is not started automatically.
Windows XP:
1. Download the free * Tweak UI utility from Micorosft.
2. Click on 'General' and untick the 'Optimise hard disk when idle' box.
Windows Vista:
1. Start -> All Programs -> Accessories -> System Tools -> Disk Defragmenter
2. Untick the "Run on a schedule (recommended)" box.
A glitch a day keeps the bugs away.
Harddrive failure could cause mastery hangup like that. The harddrive will retry for a few times, up to a few good ten seconds, causing all the I/O requests hanged for ten or more seconds.
The harddrive LED might be lit, but might be not. Also pay attention to the access sound, it will become very weird and repetitive when that happens. (Ya harddrive is getting more quiet now and the noise might get overwhelmed by the fan noise)
I experienced this for a few tens in the past ten years or so. (last time it happened on my laptop a few months ago). Again the symptom is - mystery hang up for a few ten seconds, then it went good (either retry success) or some application crashed (I/O error and HDD give up). Smart details usually can't show anything really that usual, or may be just 1 or 2 pending reallocation count, but SMART long SelfTest will usually do the job to catch the bad sector. Use "smartctl -t" in Linux.
At any case, replace the offending harddrive ASAP (after backing up all the data), because bad sector that keep recurring means something wrong with the head or alike, not just the specific spot on the media, and the bad sectors will spread like cancer!
Comment removed based on user account deletion
Comment removed based on user account deletion
check in this order: virus (look both for viruses and malware and bad scanners... I've seen antivirus scanner updates hose systems... use more than one virus scanner and more than one malware scanner but NOT AT THE SAME TIME!), drivers (might be badly written ,corrupt, or for wrong hardware), rogue processes (startup, services, etc), hardware (run chkdsk /f and defrag, check bios settings and make sure smart hd is enabled if possible and run a memory test), replace cables such as IDE that tend to corrode and cause errors, then start checking components (graphics, memory slots - use just one stick - if it improves use the same stick in another slot until there is a problem or you get to a stick that is causing problems) pci, dongles and adapters) If that fails run linux like you should have done in the first place. ;-)
Get a web developer
The general procedure I use is:
1) Get and install Debugging Tools for Windows for your platform.
2) Run kernrate.exe from the resource kit tools to determine if the problem is an I/O or CPU limit. (See here for how to get symbolic usage information.) If you do not see anything hogging the CPU, it's an I/O problem and you should go to step 5.
3) It's a CPU problem, so use the information from kernrate to figure out who's bogarting the CPU. If the process is services.exe, rundll32.exe, or System, you need to use something like Process Explorer to determine which file actually contains the code which is executing.
4) If that doesn't work, it may really be an I/O problem or a rootkit. If you suspect a rootkit, your main options are reinstallation or forensic analysis using something like a boot CD, TSK, and the NIST hash database to audit your machine for bad files.
5) Run Process Monitor and see who's responsible for all the I/O.
6) If that doesn't reveal anything, it might be a driver problem. Use Process Explorer to see if you have excessive DPCs (the Windows equivalent of a top half interrupt handler). Use kernrate to zoom in and see which driver is causing them.
Try and figure out though how it is being "slow"... is it CPU or disk activity or memory or what? Identify what is wrong with Task Manager and you will be much closer to fixing it.
If its coming from random processes... injecteD DLLs live in all processes and thus bugs in them can appear in any random process since the DLL is present in all of them. My personal example is WindowBlinds, which has had some compatibility problems... Visual Studio soared in CPU usage while idle, the last time I used it. A while ago there was a problem where Google Desktop would eat up memory until it crashed if Windowblinds was in use on the system. Use autoruns to check for such DLLs and disable any that belong to apps you don't use, and temporarily disable apps that you are using (such as Windowblinds).
The disk check idea earlier in the page is a good idea too.
As for ideas it might be automatic defragmenting, I looked into the way defragmenting works on NT a while ago to try and figure out if having files open is still a no-no when defragmenting a drive (it's not, the clusters can still be moved, yay) and I found out Vista's defragmenting task is low-priority process and IO... meaning it can't be the cause, as it will defer to anything else on the system that needs process or IO time. You wouldn't notice it running.
I went through a similar experience recently with my Windows XP machine - tore my hair out going step-by-step through every possible cause.
It happened after the out of schedule Windows update. Turns out that Microsoft, in their infinite wisdom, turned on my McAfee real-time virus scanner. I't brought my system to a crawl whenever I'd try to play World of Warcraft. I didn't show up anything on Process Explorer and my video worked great, but my latency would slowly spiral out of control until it became uplayable.
I suspect that the real-time scanner was trying to process all inbound trafic before allowing it to pass on the calling process and it just couldn't keep up with the data bandwidth. Even disabling various McAfee security services didn't fix it - only uninstalling McAfee worked. Now my system runs better than ever (after having defragged a dozen times, uninstalled every unnecessary process imaginable, and cleaned the exhast fans).
Long story short - uninstall your virus software.
Sincerely,
A Chinese Hacker
All your base are belong to us!
User maintains more than a dozen sockpuppet accounts on Slashdot.
Congratulations, you just invented a new word!
If it isn't a virus or hardware issue, perhaps you have too many memory resident programs loaded?
At the Start menu click "Run" and then type in "msconfig" it will allow you to see what services, processes, and start up programs are in use. Naturally you want your Antivirus to load at startup but not your instant messenger programs and other useless junk that clutter up CPU cycles and system memory. Get rid of a few startup programs first and then reboot and see if the system speed improves.
It could be a corrupted registry and that link is to Microsoft's site on how to troubleshoot that.
If you cannot resolve the speed problem that way you might have a bad system file or files that went corrupt.
First make sure that you have:
#1 The original XP install CD without any service packs.
#2 The slipstreamed XP install CD with the same service pack you are using.
Click Start and select "Run" and type in "sfc /checknow" and have those CDs ready when prompted for them.
Sfc is the system file checker and oddly enough it needs a non-service pack XP CD and an XP CD with your service pack on it. Best to make the slipstreamed version with SP2 or SP3 whatever you are using on it first. I hope you have the non-SP version of XP, if not borrow it from someone who does have it. This could be a tricky process but sometimes it works, but you need to reinstall all security patches after it runs.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Unplug the network cable in the back and see if the problem persists. The network is a common cause of this problem.
Especially if you have any kind of Windows network share drives, printers, etc. setup.
Any latency, etc. on the network and/or devices will cause windows to stall out for long periods while it waits for a timeout. Often this happens even when nothing is apparently accessing the network.
This is especially noticeable when using Microsoft stuff like Office, Outlook, Word, etc. .xls on the network which stops responding, you'll see Outlook & word also start acting up since they have so many shared components.
For example, if you open a shared
So in such a situation, unplugging the network cable might actually make things worse for a couple minutes until Windows stops retrying the network, then you'll see errors or a drastic speed increase.
I've noticed that pretty much anytime I've ever installed ANY printer drivers on a Windows machines I start noticing performance issues.
Antivirus software will often be a problem, check your auto-scan settings as these often get enabled or reset during automatic updates.
Fire up Sysinternals Tcpview and look for processes generating unusual traffic. Look for new connections coinciding with the perceived slowdown. Note the pid in tcpview then fire up Sysinternals Process Explorer and look for that pid - you'll be able to drill down and see exactly what file is running. This way instead of only seeing svchost.exe, for example, is doing weird things, you can see what files svchost has called.
It gripped her hand gently. 'Regret is for humans,' it said.
Some applications, even after being uninstalled leave behind crap that will slow you down. I don't entirely know how to describe it, since I'm not sure what's going on behind the scenes, but here's what I do:
.pst files or anything you might think is important in "C:\Documents and Settings\username\Local Settings" and "C:\Documents and Settings\username\Application Data" -- usually things used by Firefox and Outlook, etc. For the most part applications will rebuild from scratch.
1. Reboot the machine and log on as administrator (NOT your own account).
2. Rename your old profile -- "C:\Documents and Setting\username" -- to something like "C:\Documents and Settings\username.OLD" (you can't do this if you're logged on as "username" or if you haven't rebooted since you were).
3. Log off admin and log on as yourself. Windows will automatically create a fresh profile for you.
4. Open up applications (Firefox/MS Outlook/etc...) and see how it fares.
5. If it's looking good, go ahead and retrieve stuff from your old profile like your desktop folder and My Documents, or
If that doesn't do it, you could try some sort of registry cleaner, but if you're at that point I'd rather just reinstall Windows. Alternatively swap out for a hard drive from another computer. And if THAT doesn't work, then you know it's a hardware issue.
Actually you can but it takes a little forethought. Get together install media for Windows, all your software, and a large external IEEE1394 or USB disk. If you use a bunch of stuff you downloaded then put the installers on a flash drive. Do clean install of the OS, apps, patch it all up, set up a Desktop the way you want it, yadda, yadda. Now before you junk it up with your data make an image of it. ping.windowsdream.com has a good free tool to do this with though if you have Ghost or whatever then go for it. If this is all too much trouble to start with then do it this way the next time you need to do a therapeutic rebuild of your Windows box.
You should not use an imaging utility like PING or Ghost to backup your personal stuff. Well you can but its unwieldy. GoodSync is a decent free tool that can keep two separate directories in sync like say "Documents and Settings" on your machine and the external disk. The first run will take forever to copy your 40GB porno collection but subsequent runs will only schlep over new or changed files.
Storage is cheap, and software doesn't take a lot of space.
For my father, here is what I did:
Pair of 250 gig hard drives (my old ones). One formatted 50 gigs Windows, and 50 gigs just as a second NTFS partition. The other formatted as Linux.
Boot the Linux drive, then ntfsclone the Windows drive (be sure to use the -s option) -- even just with lzop compression, chances are you can fit quite a lot of images. Such as: Just after installing each item.
Standard backup solutions like rdiffbackup can be used for the other drive.
Then, when something goes wrong, boot Linux, use ClamAV to scan the data drive, and re-image the software drive. Problem solved.
Don't thank God, thank a doctor!
1) Download Malwarebytes' Anti-Malware, and run it. It was the only thing that found a virus on my computer recently, out of six packages (including two commercial ones).
2) Download HijackThis, if that doesn't work. Be careful with this package, though! You can do some serious damage to your computer by blindly following its advice. Read the forums.
3) How full is your hard drive? If the C: drive is full enough, fragmentation can dramatically mess up performance in a very short time. Clean and defrag. I personally find it worthwhile to use SmartDefrag, a much more powerful defragger than the one that's built into Windows.
4) Read your logs. Yes, Windows actually logs stuff! Go to "Control Panel-->Administrative Tools-->Computer Management" and then dig through "System Tools-->Event Viewer" TONS of useful information about what's not healthy on your system, including complete boot logs.
Good luck.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
One thing that happened to me, although this probably isn't the poster's problem, is that my pagefile got fragmented. So far as I know, this is the only problem that can be truly said to be unique to Windows. I have no idea why Windows puts its backing store in the filesystem. Surely the overhead of going through the filesystem is unnecessary. Perhaps it is a leacy of a time when the ratio of disk space to physical RAM was smaller, and having a growable swap space was desirable. I've never found dynamically growable swap something I've ever wanted in Unix.
In any case if you want to talk about brain damaged behavior, the way my pagefile got fragmented was that I run virtual machines for development purposes. This behavior has since been fixed (either by MS or VMWare) but launching the first virtual machine on Vista used to nearly crash the system for about ten minutes. What was happening was that Vista had used all the "unneeded" RAM for its various hare brained optimizations, and when you suddenly ask for one GB of virtual memory space it went into an epileptic fit trying to swap all that memory it was using out.
Now here's the really brain damaged part: I ended up (I discovered) with over a hundred thousand fragments in my pagefile.
How is that even possible?
The nearest I can guess is that Windows must, in its desperation to free up RAM with a full page file, take pages of memory and stuff them into the first free bit of space on the filesystem it can. This isn't a problem in Unix, where you just grab (I guess) the first appropriately sized piece of disk off a heap. While I suppose it might be possible for some kind of fragmentation to occur in a Unix swap partition, it's inherently an ephemeral problem that would tend to fix itself as the memory situation improves. In Windows, the problem persists even after you reboot.
When you run several virtual machines, you will swap unless you've got way more RAM than is normal for most users; more than many systems will accept in any case. I was mystified as to why my virtual machine performance, which I was extremely pleased with initially, became utter rubbish after a few months of usage, until I thought to check the pagefile. Ironically, dropping the pagefile altogether greatly enhanced the performance of the system, perhaps because it became more parsimonious with virtual memory space. Adding the pagefile back in, initialized to 4GB, fixed things.
So now, when I get a new Windows machine, I just do what I've always done in Unix: I set the pagefile system right at the start to something like twice the maximum physical memory I think I'll ever install. This leaves a margin of error for unexpected changes, like problems with updated virtual memory algorithms. It may be that most people seldom if ever need a backing store at all with current memory sizes, I do, and in any case at current disk prices 8GB of disk costs less than a cup of coffee at Starbucks.
One thing that occurs to me is that it would be even better to mimic Unix by creating a separate swap partition for the pagefile. It would have to be formatted of course, but if there's some kind of I/O crisis going on in the virtual memory system, this would at least tend to isolate it from the data in the real filesystems.
One question I don't know the answer to is whether on 32 bit windows with 4GB of RAM, there is any benefit to having a pagefile at all, given that RAM is larger than the usable virtual memory space, accounting for the addresses lost to memory mapped I/O. You can use PAE, but that seems kind of pointless to me. If you need it you should upgrade to 64 bit. But I don't know enough about how hardware support for virtualization works and interacts with the host operating system to say whether there might be any benefit when running virtual machines.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.