Slashdot Mirror
How To Diagnose a Suddenly Slow Windows Computer?
Ensign Taco writes "I'm sure nearly every one of us has had it happen. All of a sudden your Windows PC slows to a crawl for no apparent reason. Yeah, we all like Linux because it doesn't do annoying things like this, but the Windows desktop still reigns supreme in most managed LAN work environments. I'm running XP with 4G of RAM and a decent CPU, and everything was fine, until one day — it wasn't. I've run spybot, antivirus, and looked at proc explorer — no luck. There is no one offending, obvious process. It seems every process decides to spike at once at random intervals. So I'm wondering if there's a few wizards out there that know what to look at. Could this be a very clever virus that doesn't run as a process? Or could this just be some random application error that's causing bad behavior? I've encountered this a few times with Windows PCs, but the solution has always been to just add more hardware. Has anyone ever successfully diagnosed this kind of issue?" And whether such a problem is related to malware or not, what steps would you take next?
Very commonly this happens when a hard drive reverts to PIO mode after Windows decides it has seen a few errors from the drive. You can verify this by looking at the properties of the IDE Controller to which the drive is connected in device manager. (IDE ATA/ATAPI Controllers/Primary IDE Channel/Advanced Settings tab, for example)
There is a VBScript that resets the drive back to DMA mode, and is effective if that is indeed the case.
This could also be an early sign of hard drive failure. I've seen plenty of drives that passed diagnostics but were very, very slow. Try checking the SMART data with something like HDTune.
Sorry about that. I slowed it down for my own amusement. I'm a bastard that way.
-God
Run performance counters against the computer to see what might be spiking. (Hard drive usage, memory pages /sec etc...)
The greatest revenge in life is massive success.
Unplug the network cable in the back and see if the problem persists. The network is a common cause of this problem.
I'll be the first of many to suggest:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Watch porn in a virtual machine.
Bottom line, if your system has a sudden dramatic change in behavior for no visible reason, wipe your drive and reinstall windows. There are nasty things now that don't show up as a process, mearly using the windows kernel to spawn another thread to do whatever it wants.
Backup your data and do the safest thing. I usually run windows inside VirtualPC which means only using it for the programs that *require* windows, not for general browsing and stuff.
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
GeekSquad diagnosis:
Vista installed. Remove immediately.
Not a lot to go on, though as a freebie, XP doesn't do jack with that extra gig of RAM...You could put in 100gigs and it won't use any more than 3 (less you're using the 64 bit version, iirc).
Rootkits can run "under the radar". Might want to try software like RootKitRevealer, or Blacklight. A crappy one might grab a ton of cycles for a minute, but most of them are less intrusive.
Everything spiking at once sounds like that stupid "System Restore" process, or maybe a big swap dump (which is weird with that much RAM, but you know, it's windows.) Stupid programs like Norton can grab a huge chunk of resources every now and then for no discernable reason. Maybe some peripheral is crapping out?
Barring malware, I'd start writing down what's running when it spikes, and see if that tells you anything. Lot of programs can cause momentary spikes, but background processes usually don't. You could try testing some of the hardware but without anything specific to look for, you're going to have a hell of a time finding something.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Actually, the first thing you should do is close Firefox. I find that once you aren't using 10 GB of RAM to keep your 25 tabs open, the computer magically stops swapping.
But rather than just checking SMART, get the manufacturer's test program. All the HD makers have one, just get the one appropriate for yours. It's the sort of thing you boot from CD and let run for a few hours, but it is the way to go. SMART can report ok even when a drive is dying but it is extremely rare (though possible) that the manufacturer's diags give it a pass when it is dying.
Check that, since a dying drive often makes things really slow (in part because it starts remapping lots of bad sectors).
Run for a while in safe mode and see if the problem persist. If it doesn't, then its probably a service gone haywire. Most likely candidates are printer services, anti virus services, scanner services.
9.8 m/s^2 Sorry, it just flip out.
"Well, I think you know the answer to that."
My usual check list for this is:
1) Check the hard drive, SMART, or manufacturer diagnostics
2) Get the manufacturer diagnostics, and run a full hardware validation
3) If all is clean, check for things recently updated - a bad update may be clogging things
4) Check your anti-virus/anti-spyware software. Sometimes they can switch into extra-paranoid mode and slow things down horribly.
Between DiskMon, FileMon and Process Explorer - there should be nothing that you cannot see. The new generation of viruses that steal thread handlers from other processes are nasty, but very very hard to detect.
Add in wireshark, as the cause of many a slow computer has been a ISP provided DNS server that has suddenly decided to take it's sweet ass time about answering queries for A and PTR records. Usually a by-product of being under some external load that you know nothing about (it could be backing up, etc).
DiskMon in particular will show you any files that are being sought by any process, an incredibly valuable resource.
Every workstation in our company has the SysInternals complete suite installed in the C: drive. The help desk has been trained to use it. It solves alot of problems.
Mark Russinovich has an enlightening blog entry called The Case of the Slow System that might serve as an example of how, if you are are one of the planet's top 10 Windows experts, you can, with persistence, luck, and the proper tools, solve one of the obscure problems that are slowing down your wife's computer. This particular case pertains to Vista, but the general techniques are applicable to XP as well.
Some systems will slow down the CPU if it gets too hot. Check the fans and the temp in the CMOS if it can report it.
Keep the Classic Slashdot.
Check the reported hardware (CPU...) temperatures, run the SMART tests on your hard drives and then open the case and check if all the heatsinks are where they should be and how warm they are to the touch. Also check if all the fans are operational. Take the opportunity to clear out the dust from the fans and your PSU. I've seen a lot of sudden slowdowns like that (I work as a tech in a datacenter) and most were hardware related. In one case the heatsink got unglued off of the northbridge.
slashdot: Individual personalized tech support?
wtf kind of article is this?
fucking take it to a shop if you cant handle reinstalling windows
As a potential lottery winner, I totally support tax cuts for the wealthy
From: http://www.kessels.com/Jkdefrag/
How do I disable the Windows built-in defragger?
Windows 2000 & 2003:
The built-in defragger is not started automatically.
Windows XP:
1. Download the free * Tweak UI utility from Micorosft.
2. Click on 'General' and untick the 'Optimise hard disk when idle' box.
Windows Vista:
1. Start -> All Programs -> Accessories -> System Tools -> Disk Defragmenter
2. Untick the "Run on a schedule (recommended)" box.
A glitch a day keeps the bugs away.
and somebody marked it troll??? Come on, folks, get real.
Perhaps the hard drive is using an Infinitely Improbable File System.
Comment removed based on user account deletion
Comment removed based on user account deletion
I do not see this as easy when You deal with a bunch of RAID drives or similar setup, but booting something small (COUGH deamn small linux COUGH some disk test/recovery distribution) from CD and running it straight in memory may also help a lot in diagnosing a problem.
Just last week we had a 22 out of 22 Windows in one network shutting down network processes for no apparent reason, without any errors in log, without any HDD problems. After thorough search it seems somebody infected them with some kind of rootkit, but three AV programs could not weed it out. Only reinstalation helped.
Doing a good job is like spilling coffee on a dark suit, you feel warm all over, but nobody notices.
And when it turns out to be svchost.exe, send a nasty email to Balmer.
I've seen systems start crawling on stupid windows background crap that only shows up in the process tab as "System Idle Process."
Compared to using ps or top, I'm not a fan of the scanty process tools in windows. The only decent one is perfmon; it's "Performance" under "Administrative Tools."
Open it up, go down to the bottom, right click on the little window under the graph and choose "add counters." Go ahead and add them all, and start the monitor.
Okay, now that your brain is bleeding, stop it, remove all the counters, and actually read the names and add only the ones you think you need.
Pretty much everything that's going on in the system is measured there, so you can get a pretty good idea of what the problem is, and that may point you in the direction of solving it.
Just as an fyi: if you're dumping to a log, make sure you have an idea of how much space it's eating up. A big perf log can eat up your whole harddrive if you leave it running.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
check in this order: virus (look both for viruses and malware and bad scanners... I've seen antivirus scanner updates hose systems... use more than one virus scanner and more than one malware scanner but NOT AT THE SAME TIME!), drivers (might be badly written ,corrupt, or for wrong hardware), rogue processes (startup, services, etc), hardware (run chkdsk /f and defrag, check bios settings and make sure smart hd is enabled if possible and run a memory test), replace cables such as IDE that tend to corrode and cause errors, then start checking components (graphics, memory slots - use just one stick - if it improves use the same stick in another slot until there is a problem or you get to a stick that is causing problems) pci, dongles and adapters) If that fails run linux like you should have done in the first place. ;-)
Get a web developer
FYI DiskMon and FileMon have been superseded by ProcMon. I used it the other day because there were pinned items on my Start Menu I couldn't delete, so a simple filter for RegWriteValue when I pinned or unpinned something and I was able to find where the list lived and wiped it.
The general procedure I use is:
1) Get and install Debugging Tools for Windows for your platform.
2) Run kernrate.exe from the resource kit tools to determine if the problem is an I/O or CPU limit. (See here for how to get symbolic usage information.) If you do not see anything hogging the CPU, it's an I/O problem and you should go to step 5.
3) It's a CPU problem, so use the information from kernrate to figure out who's bogarting the CPU. If the process is services.exe, rundll32.exe, or System, you need to use something like Process Explorer to determine which file actually contains the code which is executing.
4) If that doesn't work, it may really be an I/O problem or a rootkit. If you suspect a rootkit, your main options are reinstallation or forensic analysis using something like a boot CD, TSK, and the NIST hash database to audit your machine for bad files.
5) Run Process Monitor and see who's responsible for all the I/O.
6) If that doesn't reveal anything, it might be a driver problem. Use Process Explorer to see if you have excessive DPCs (the Windows equivalent of a top half interrupt handler). Use kernrate to zoom in and see which driver is causing them.
I just did this the other day and found one of my sticks had 1000+ errors on it.
"During My Service In The United States Congress, I Took The Initiative In Creating The Internet." -Al Gore
Open a command prompt and type "OPTIMIZE" and hit the Enter or Return key (doesn't matter which).
If you get an error, type "OVERRIDE" or "SECURITY OVERRIDE" and then try the optimize command again.
Make sure you type these in all-caps (it's best just to leave the caps lock key on all the time, really).
After the optimization sequence is complete, reboot your computer. The best way to do this is to simply pull the power plug on the back of the machine and then plug it back in. Do this a few times just to make sure it's rebooted everything correctly.
If this doesn't work, go online from another computer and buy a Mac or something from Dell.
Whenever I see this happen, I fire up the task manager and sure enough, my arch-nemesis, the System Idle Process is there, taking up the bulk of the CPU time. Whenever I try to remove it, I get a message saying that the operation is not valid for this process. Kudos to whomever wrote this virus. Nothing seems to detect it, and nothing seems to be able to remove it.
When our name is on the back of your car, we're behind you all the way!
If it isn't a virus or hardware issue, perhaps you have too many memory resident programs loaded?
At the Start menu click "Run" and then type in "msconfig" it will allow you to see what services, processes, and start up programs are in use. Naturally you want your Antivirus to load at startup but not your instant messenger programs and other useless junk that clutter up CPU cycles and system memory. Get rid of a few startup programs first and then reboot and see if the system speed improves.
It could be a corrupted registry and that link is to Microsoft's site on how to troubleshoot that.
If you cannot resolve the speed problem that way you might have a bad system file or files that went corrupt.
First make sure that you have:
#1 The original XP install CD without any service packs.
#2 The slipstreamed XP install CD with the same service pack you are using.
Click Start and select "Run" and type in "sfc /checknow" and have those CDs ready when prompted for them.
Sfc is the system file checker and oddly enough it needs a non-service pack XP CD and an XP CD with your service pack on it. Best to make the slipstreamed version with SP2 or SP3 whatever you are using on it first. I hope you have the non-SP version of XP, if not borrow it from someone who does have it. This could be a tricky process but sometimes it works, but you need to reinstall all security patches after it runs.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
System Idle Process cannot make system crawl by definition - it's not even a process, it's just the line that shows how much of your CPU is not being utilized at all.
Thing is, when the system is crawling, it needs not be CPU. Random HDD reads/writes by one process can also kill performance for the entire system very fast, and yet the process will still show up as using 1-2% CPU time in Task Manager. You can change it to show the columns for I/O though and look there.
Only if it has a hard drive.
the diagnose is: the computer has the windows
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Actually, while I do somehow sped more time at home on my Windows gaming box than under Linux (so this isn't a blanket Windows bashing,) my superficial and uninformed impression was that, all else being equal, any Windows box I've seen seems harder hit by IO than any Linux/Unix box I've ever seen.
Yes, you can get a Linux box to crawl too, if the hard drive is stuffed and it can't swap for example. Or if the chipset isn't supported well by the drivers. (Rarer these days, but certainly possible.) Or whatever.
But Windows... seems a bit special. I mean try to copy a directory between two hard drives, or better yet from a DVD to HDD, and Windows seems to me basically stuffed. Even notepad can get about as responsive as a narcoleptic snail. And you can just about forget about, say, playing a game while that happens.
And that's before you even add such brakes as an anti-virus.
I've seen that behaviour in any Windows, from 3.0 to Vista, including a detour through NT 4.0. In fact in Vista let's just say there's a reason why so many people were pissed off at the indexer kicking in all the time.
My subjective impression is that I've yet to see Linux get anywhere near that unresponsive, in a similar scenario. Again, assuming that you don't have a nearly dead HDD and the chipset is supported in DMA mode.
But heck, even in PIO mode, I've used Linux in PIO mode and I've used, say, NT in PIO mode. (Thanks to a retarded IT department which installed the wrong IDE drivers.) Linux did obviously have poor file IO performance, but NT just freaking _froze_ for a second or two, for example, when minimizing or maximizing a window. (Presumably due to aggressive memory management which swapped more of a process out when minimized.)
Now admittedly I haven't actually programmed an OS at any point, so I'm probably talking out the arse, but I see no reason why that should happen at all. Any common source of IOWait has an interrupt. Even in PIO mode you don't have to poll until it's done. And DMA, now that was invented for the precise reason and purpose of transferring some data while the CPU services another process. It's why it's there. So there's no freaking reason for the whole OS to just twiddle its thumbs and wait. Even if one process is waiting for _paging_, you can still yield to another process while waiting for the HDD.
A polar bear is a cartesian bear after a coordinate transform.
Yeah, we all like Linux because it doesn't do annoying things like this
Speaking as someone who uses Linux at work every day, this is a flat-out lie.
I still have a PC that has a turbo button.
And Yeah, it changes the clock from 4.77Mhz to 10MHz.
It even has a 10MHz coprocessor, lol, with a whopping 4MB of memory.
Truth isn't Truth - Guliani
1) Download Malwarebytes' Anti-Malware, and run it. It was the only thing that found a virus on my computer recently, out of six packages (including two commercial ones).
2) Download HijackThis, if that doesn't work. Be careful with this package, though! You can do some serious damage to your computer by blindly following its advice. Read the forums.
3) How full is your hard drive? If the C: drive is full enough, fragmentation can dramatically mess up performance in a very short time. Clean and defrag. I personally find it worthwhile to use SmartDefrag, a much more powerful defragger than the one that's built into Windows.
4) Read your logs. Yes, Windows actually logs stuff! Go to "Control Panel-->Administrative Tools-->Computer Management" and then dig through "System Tools-->Event Viewer" TONS of useful information about what's not healthy on your system, including complete boot logs.
Good luck.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban