Jump to content

Hi CPU usage


Recommended Posts

We have had the same exact issue with at least 10 Windows XP PCs. The memory usage is fine. But no matter if the box has a P4 single-core 2.4 or a quad-core i5, the CPU at runs 50-100% for several minutes upon booting, which makes me as a technician look like a schmuck. It doesn't seem to be an issue with Win 7. I have had to uninstall it each time, refund my customer's $29 purchase, and use a competing product. Help!

Link to post
Share on other sites

  • Replies 112
  • Created
  • Last Reply

Top Posters In This Topic

Same here.

I am a MBAM reseller. I have 2 repair centers. Starting 1 week ago, I am seeing several WinXP computers with mbamserveice.exe have 100% cpu load stress. The whole computer is nonresponsive. Turning of Website blocking releaves the load. I am working on one on remote support right now. I cannot even open MBAM, the icon is non responsive. It took me 10 minutes to try to exit MBAM.

I am going to stop selling MBAM for WinXP, and I am going to see a boat load of custumers come in for slow computer issues related to this. I have made all my technicians aware of the problem. Normally we try to sell our XP customers a new PC, and most do so, but there are still some who want to try to use XP as long as they can.

Link to post
Share on other sites

  • Root Admin

Hello Mike,

I know you've been around a long time so you should be aware that we always try our best to assist you but we need specifics on computers in order to do that.

More than likely if its happening to more than one computer that you've setup it probably has some other software that is common to the boxes that may be causing the issue and if we can find that we can probably correct it. I still run a handful of XP computers and none of mine are experiencing this issue.

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Link to post
Share on other sites

I will have to wait until the next one is in the shop and keep it for more troubleshooting. All these I work on have MSE and MBAM with exceptions set in both.

The cause might be as explained in this post:

http://forums.malwarebytes.org/index.php?showtopic=124757

"A recent increase in the number of blocked websites in our database"

Link to post
Share on other sites

  • Root Admin

Maybe on a low resource box but as said my boxes are not experiencing this issue. Mine are running on i7 with 2GB of RAM though and GB NIC

No problem though. If you get one and I'm around I'll try to check the log as quickly as I can. May not find anything but without the log not much we can do either.

Thanks again Mike

Ron

Link to post
Share on other sites

  • Root Admin

@chappyware

Event Logs show errors that could be due to conflict with other software. Please temporarily uninstall MBAM from the computer and then remove the items from the Registry below.

Then reboot the computer 2 times again and run all the scans again and post back new logs please.

==== Event Viewer Messages From Past Week ========
.
4/4/2013 8:11:35 PM, error: Removable Storage Service [106] - Multisided media 14 could not be identified in library HP webOS-device USB Device. RSM attempted to flip the media to identify the second side but could not because the media was in use by another process. This media has been forced into the Unrecognized pool and left in the disabled state. Perform a full inventory or eject the media and re-insert it into the library to fix this situation.
4/4/2013 8:11:35 PM, error: Removable Storage Service [104] - New media named "14" was detected in library HP webOS-device USB Device having at least one unrecognized side and at least one recognized side. This media may be damaged.
4/2/2013 9:05:03 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: An instance of the service is already running.
4/2/2013 9:05:02 PM, error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/2/2013 9:05:02 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
4/2/2013 9:05:02 PM, error: Service Control Manager [7000] - The FABS - Helping agent for MAGIX media database service failed to start due to the following error: The system cannot find the path specified.
4/2/2013 9:05:02 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

I would highly suggest trying to remove all of these entries from the Registry. Make sure you backup the Registry first though.

At least C:\WINDOWS\explorer.exe must be removed or you will have issues with our software and probably many other programs as well

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files\DVDFab 6\DVDFab.exe

C:\Program Files\DVDFab 6\Options\DVDFabDVD2DVD.exe

C:\Program Files\DVDFab 6\Options\DVDFabDVD2Mobile.exe

C:\Program Files\DVDFab 6\Options\DVDFabBluRay2BluRay.exe

C:\Program Files\DVDFab 6\Options\DVDFabFile2Mobile.exe

C:\Program Files\DVDFab 6\Options\DVDFabFileMover.exe

C:\Program Files\DVDFab 7\DVDFab.exe

C:\Program Files\DVDFab 7\Options\DVDFabDVD2DVD.exe

C:\Program Files\DVDFab 7\Options\DVDFabDVD2Mobile.exe

C:\Program Files\DVDFab 7\Options\DVDFabBluRay2BluRay.exe

C:\Program Files\DVDFab 7\Options\DVDFabFile2Mobile.exe

C:\Program Files\DVDFab 7\Options\DVDFabFileMover.exe

C:\WINDOWS\explorer.exe

C:\Program Files\DVDFab 8\DVDFab.exe

C:\Program Files\DVDFab 8\Options\DVDFabDVD2DVD.exe

C:\Program Files\DVDFab 8\Options\DVDFabDVD2Mobile.exe

C:\Program Files\DVDFab 8\Options\DVDFabBluRay2BluRay.exe

C:\Program Files\DVDFab 8\Options\DVDFabFile2Mobile.exe

C:\Program Files\DVDFab 8\Options\DVDFabFileMover.exe

C:\Program Files\DVDFab Passkey\DVDFabPasskey.exe

C:\Program Files\DVDFab Passkey\Options\DVDFabPasskeyDVD.exe

C:\Program Files\DVDFab Passkey\Options\DVDFabPasskeyBluRay.exe

C:\Program Files\DVDFab 8 Qt\DVDFab.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabDVD2DVD.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabDVD2Mobile.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabBluRay2BluRay.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabFile2Mobile.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabFileMover.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabBluRay2Mobile.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabBluRay2Mobile3D.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabBluRay2DVD.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFab2Dto3D.exe

C:\Program Files\DVDFab 8\Options\DVDFabBluRay2Mobile.exe

C:\Program Files\DVDFab 8\Options\DVDFabBluRay2Mobile3D.exe

C:\Program Files\DVDFab 8\Options\DVDFabBluRay2DVD.exe

C:\Program Files\DVDFab 8\Options\DVDFab2Dto3D.exe

C:\Program Files\DVDFab 8\Options\DVDFabAddonDVD.exe

C:\Program Files\DVDFab 8\Options\DVDFabAddonBluRay.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabAddonDVD.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabAddonBluRay.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabFile2DVD.exe

C:\Program Files\DVDFab 8 Qt\Options\DVDFabFile2BluRay.exe

If these programs actually require Windows 9x or 2000 then you should probably leave them there. If not then I'd remove them too, up to you.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\bb\STOMBBOldx.exe REG_SZ WIN95

I:\bb\STOMBBOldx.exe REG_SZ WIN2000

C:\Program Files\GreenScreenWizardPlugin\GreenScreenWizardPluginActivation.exe

Link to post
Share on other sites

I'll jump in on this one. The first is an Acer Aspire 5251-1005 with 4GB RAM and a Samsung 840 series 120GB SSD. See attached files. Usable in 30 sec. without Website Blocking, 80 sec. with. Boot without Website Blocking, then enable it and the processor runs at 100% for 20 sec. or so.

The other is an older XP system (dual core 2.8 GHZ, 2GB RAM). Don't have the MBAM Check or DDS for you, but with MBAM disabled it boots in a reasonable time (Avira A/V), with MBAM enabled it hangs after login at the background for about 30 sec.

attach.txt

dds.txt

CheckResults.txt

Link to post
Share on other sites

  • Root Admin

@FremontPC

I only see logs for one computer.

The logs also show that the computer is having some serious conflicts going on. Please uninstall MBAM and reboot the computer 2 times.

Then run all scans again and post back NEW logs please.

I would also recommend removing these entries from the Registry, but make sure you do a backup before editing the Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Users\Nathan\Desktop\InstallVirtualFamilies.exe

C:\Users\Nathan\Desktop\InstallSnailMail.exe

C:\Program Files (x86)\Registry Mechanic\RegMech.exe I would actually highly recommend removing this product and cease any type of registry "cleaning" as that can cause more probmes than it can ever fix

C:\Users\Sharon\Downloads\startuplite-setup-1.07.exe

Thanks

==== Event Viewer Messages From Past Week ========
.
4/9/2013 8:57:15 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
4/9/2013 8:57:06 PM, Error: Ntfs [137] - The default transaction resource manager on volume \\?\Volume{9b6ae99c-5035-11df-87b8-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code.
4/9/2013 8:56:49 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The media is write protected.
4/9/2013 8:33:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
4/9/2013 8:32:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
4/9/2013 8:32:57 AM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting.
4/9/2013 8:32:57 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.
4/9/2013 8:31:27 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/9/2013 7:04:40 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
4/9/2013 5:14:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
4/8/2013 8:45:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
4/8/2013 7:32:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
4/8/2013 7:32:18 PM, Error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/8/2013 6:31:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
4/8/2013 6:31:35 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/8/2013 6:01:39 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the file specified.
4/8/2013 4:15:15 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
4/8/2013 12:19:47 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
4/8/2013 12:19:47 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
4/8/2013 12:19:28 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/8/2013 12:19:28 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/8/2013 12:19:28 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/8/2013 12:19:28 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
4/8/2013 12:19:28 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
4/8/2013 12:19:28 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
4/8/2013 12:19:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/8/2013 11:20:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
4/8/2013 11:15:42 PM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
4/8/2013 10:47:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
4/8/2013 10:44:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
4/8/2013 10:37:18 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
4/8/2013 10:35:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
4/8/2013 10:35:13 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/8/2013 10:35:13 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
4/8/2013 10:33:33 PM, Error: volmgr [46] - Crash dump initialization failed!
4/8/2013 10:19:53 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/7/2013 8:16:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.
.
==== End Of File ===========================

Link to post
Share on other sites

Ron -

Thanks for checking into this. I don't have access to the XP system, but I noted it as it was having a similar problem (no MBAM, normal boot). Didn't check it with only Website Blocking disabled yet.

As for the Acer (Win7 64, as you can see), I don't know why Registry Mechanic is getting flagged, that folder isn't present in the Program Files or Program Files(x86) nor is it in the list of installed programs. Agree with you on that, in any case. Chalk it up to user thrashing, but it wasn't on the system when I ran the reports.

I will remove MBAM and reboot twice, then re-install.

Link to post
Share on other sites

  • Root Admin

The Registry entries are there possibly from a previous install on the system maybe even years ago. Just best (IMHO) to run the computer as best as possible without any compatibility entries unless they really are needed and you've verified they're needed.

No, don't want a reinstall of MBAM I want new clean fresh logs without MBAM installed so we can see what's going on.

Thanks

Link to post
Share on other sites

I am seeing this as well on my xp systems, the workstation becomes completely unusable and just bogs down. You can't even go into process manager and kill the mbam service, it just freezes the system. Uninstalling malwarebytes fixes it like magic. It seems to be worse with the latest update, but just a guess. I have not run the mbam clean tool, and then tried to install fresh, has anyone else tried this?

Link to post
Share on other sites

JerryIrons (et. al.) -

The XP system that I wrote of before has actually had this going on for months. It seems to run ok after boot, so the fellow hasn't been too impatient about it, but I was surprised when I used msconfig to disable everything but MS stuff, then finally narrowed it down to MBAM. Like I said, I haven't tried disabling just Website Blocking on that system yet, but I'll see if I can get to it today.

Link to post
Share on other sites

I am seeing this as well on my xp systems, the workstation becomes completely unusable and just bogs down. You can't even go into process manager and kill the mbam service, it just freezes the system. Uninstalling malwarebytes fixes it like magic. It seems to be worse with the latest update, but just a guess. I have not run the mbam clean tool, and then tried to install fresh, has anyone else tried this?

Follow the same instructions as the others in post # 3 above, it would probably be best to do that, and start your own topic so the helpers do not get confused about who is being helped.

Thanks

Link to post
Share on other sites

Ron, give this a shot -

Start MBAM and Task Manager and arrange them side by side.

Click on TM's Performance tab and then MBAM's Protection tab.

Turn off Website Blocking in MBAM and notice what happens in TM.

Once again, watch TM when you turn Website Blocking back on.

Link to post
Share on other sites

After deleting all the specified entries from the registry, it made no difference. reinstalled MB and it STILL is using 50%. Now what?

Understand that the largest health care system in the world-the Veterans Administration stilluses XP and they pay my salary, I have no choice but to stick with XP.

So how do we fix this?

Link to post
Share on other sites

Chappyware -

I'm looking for the answer to this too, but perhaps try the MBAM/ Task Manager test (in my last post) on whatever boxes you have, just to see if the CPU usage stays elevated when turning Website Blocking on or off. If so, then this might repro across many systems rather than just a handful.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.