Jump to content

MWB suddenly very slow to load at start-up


Recommended Posts

Hello

 

This is my first post. It is an issue that I have read about on-line but without a solution so I was hoping that someone could assist me via the forum.

 

I run a custom built desktop: Win 7 Ultimate with a Samsung SSD, ESET Smart Security and Malwarebytes Premium running in tandom. This has been my set up for 4 years or more without concern. Until now...

 

Yesterday evening I returned from work, turned on my desktop and I ran a threat scan. Almost at the end of the Heuristic (last) part of the threat scan I got a BSOD. I restarted the PC and Malwarebytes failed to load at all at startup (no icon in tray, attempted manual load and nothing).

 

Prior to this, MWB used to load instantly at start-up, a split-second before my connection status icon came 'on-line' - From Windows welcome screen to all programs loaded it used to take 5 seconds, it now takes around 40 seconds due to Malware Bytes holding everything up.

 

I uninstalled MWB using the clean.exe then re-installed it. I restarted the PC and MWB loaded this time but very very slowly. My network connection status icon also takes a lot longer to activate. The network connection is almost waiting for MWB to load.

 

Why is MWB suddenly taking so long to load at startup? It is literally an issue which began ever since the BSOD during a threat scan last night. I also run ESET and have set exclusions correctly in both MWB and ESET. Prior to the BSOD and subsequent re-install of MWB I noticed that upon startup, MWB and my internet connection would start up instantly, (MWB first then a split-second afterwards I would be on-line) with all my other programs. The slow startup only began happening since the re-install of MWB. Why is this? It is very annoying.

 

Any help would be greatly appreciated.

 

Thanks !

 

 

Link to post
Share on other sites

Hello and :welcome: :
 
Hard to say.
As you probably know, BSOD are usually caused by hardware issues, driver issues or certain types of malware (rootkits).
 
As you mentioned that you've already tried a clean reinstall, let's start here:

>>Please read the following and post back attached to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

>>Also, if you can zip and attach the mini-dumps from the BSOD, that would be quite helpful.

 

Thanks,

Link to post
Share on other sites

Thank you very much for your fast reply. I am at work so unable to run the diags until tonight. I forgot to mention that after the clean re-install of MBW, the PC did complete a threat scan without an issue, no BSOD this time. The issue I have is the initial start-up time which is noticeably slower. I have a feeling that the BSOD could have been an internal temperature issue as this is something I have experienced in the past.

 

It is just so strange that MWB can start instantly one minute and then drags its heels the next following a clean re-install.

 

Where do I find the mini-dumps from the BSOD?

 

Thanks again.

Link to post
Share on other sites

Yes, I suppose such a hardware issue could be at least partially responsible.

 

Running those 2 tools to produce the 3 logs will only take a few minutes.

 

Win7 minidumps (assuming they are enabled in the Startup and Recovery Settings): The default path is C:\Windows\Minidump or %SystemRoot%\Minidump

Look for the one(s) with the correct date/timestamp to correspond to the BSOD.

 

Cheers,

Link to post
Share on other sites

Thanks a lot, I will run the diags and locate the mini-dump reports this evening and post once I have them. The only other thing is that the threat scan last night that caused the BSOD was set to scan for root kits while the more recent 'successfully completed' scan did not scan for root kits (Box un-ticked).

 

In addition, the BSOD scan was started immediately after 125MB download and installation of Windows updates. Could this be a cause?

Link to post
Share on other sites

Can't say for sure without the logs.... ;)

 

However, since the scan completed properly with ARK (anti-rootkit) disabled, that begs the question: is the hard drive encrypted (TrueCrypt, Bitlocker, SecureDoc, etc)?

 

If so, there is a known issue with BSOD on TrueCrypt drives that is due to be fixed with a future release.

If it's encrypted with another method (BitLocker, etc), then ARK is not supported with the current build, and you'll need to keep ARK disabled for now.

 

Just post the logs when you're ready. :)

 

Cheers,

Link to post
Share on other sites

The hard drive (Samsung 840 Pro SSD) is brand spanking new, I installed it on Monday evening so the BSOD death scan was literally first first threat scan attempted on the new SSD. As far as I am aware the SSD is not encrypted. 

 

Upon initial installation of the SSD on Monday, MWB fired up within a split-second with all other programs - no worries. Then I ran the scan which ended up as a BSOD, then I re-installed MWB and now MWB starts but loads very slowly. Should I attempt another rook kit scan now MWB has been re-installed?

Link to post
Share on other sites

Hi:

 

Since this is Win7 Ultimate, which includes BitLocker, it would be important to know if you are using that or not. It seems that the answer is: NO?

 

Since this is a new SSD (and a newly built system?): do you have all the updated drivers for all the devices and peripherals?

 

If you want to run another scan with ARK enabled, that's up to you.

 

But if you really want help (as opposed to speculation), then we would need to see the Diagnostic Logs and, if possible, the minidumps. :)

That would be the starting point to try to ascertain if this is hardware, drivers or malware....

 

Cheers,

Link to post
Share on other sites

  • Root Admin

The crash dump files indicate a possible hardware issue.

 

 

CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.

 

 

 

 

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.

 

 

 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

 

 

 

The Event Logs also show services crashing or not starting or similar.  We can attempt to do some malware detection and removal which might be what's going on but it very well could simply be a hardware issue.

 

 

 

 

 

System errors:
=============
Error: (09/10/2014 05:48:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (09/10/2014 05:48:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (09/10/2014 05:48:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (09/10/2014 05:48:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (09/10/2014 05:48:31 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (09/10/2014 05:48:31 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (09/10/2014 05:48:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (09/10/2014 05:48:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (09/10/2014 05:48:20 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (09/10/2014 05:47:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Nero BackItUp Scheduler 4.0 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (09/10/2014 05:47:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit.local.

Error: (09/10/2014 05:47:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.71:5353   24 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit-2.local.

Error: (09/10/2014 08:11:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit.local.

Error: (09/10/2014 08:11:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.71:5353   24 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit-2.local.

Error: (09/10/2014 08:01:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit.local.

Error: (09/10/2014 08:01:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.71:5353   24 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit-2.local.

Error: (09/09/2014 09:15:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit.local.

Error: (09/09/2014 09:15:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.71:5353   24 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit-2.local.

Error: (09/09/2014 09:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit.local.

Error: (09/09/2014 09:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.71:5353   24 71.1.168.192.in-addr.arpa. PTR Windows7-64Bit-2.local.
 

 

 

 

 

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.
 

Thanks

 

Link to post
Share on other sites

Hi

 

Thank you for your reply but that doesn't explain why MBAM suddenly takes so long to load at startup. I have completed a threat scan with ARK and nothing found, I have also completed an ESET in depth scan and nothing found.

 

All I need is for MBAM to load quickly at startup as it did before the fresh install.

 

Surely this shouldn't be too tricky? 

Link to post
Share on other sites

Hi:

 

The sort of in-depth work needed to determine the possible cause/solution for your issue cannot be performed in this section of the forum.

 

I would follow the expert advice of our forum Admin, AdvancedSetup, as explained here: Available Assistance for Possibly Infected Computers.

It explains the options for free, expert help AND the preliminary steps to take to expedite the process.

An expert will assist you with looking into your issue.

 

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.