mbamservice.exe cpu usage spikes, system slowdown

[SJesMe]

I see this has been written about before so I'll try and save some time by saying: I've already entered the exclusions in Avast!; my current version of Malwarebytes is 1.46 (after removing it and running the clean util found in these forums); I use only Windows firewall; both IE8 and Firefox experience slowdowns and take easily twice as long to open to my home page with MWB running as without; downloads slow to the speed of snail (3-5 mbps on a fiber optic connection rated @ 15 mbps ... and getting that without MWB running); even opening a Word document and Outlook takes upwards of 20 seconds. I've also tried uninstalling Avast! and running MWB alone with no joy.

If I turn the protection module off and reboot with it disabled, the problem is resolved, although I note mbamservice.exe is listed in Task Manager's processes list even so.

A reboot with the protection module enabled helps settle down the cpu spiking for a while, but this is not an answer I'm willing to live with.

Anyone have a working fix for this issue?

[SJesMe]

21 views and no help?

[exile360]

Greetings and welcome

Please do the following:

Create an Autoruns Log:

• Please download Sysinternals Autoruns from here and save it to your desktop.
  
  • Note: If using Windows Vista or Windows 7 then you also need to do the following:
    
    1. Right-click on Autoruns.exe and select Properties
       
    2. Click on the Compatibility tab
       
    3. Under Privilege Level check the box next to Run this program as an administrator
       
    4. Click on Apply then click OK
       

  [*]Double-click Autoruns.exe to run it.

  [*]Once it starts, please press the Esc key on your keyboard.

  [*]Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures

  [*]Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.

  [*]When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.

  [*]Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder

  [*]Attach the Autoruns.zip folder you just created to your next reply

Thanks

[AdvancedSetup]

Well also since you've not said how you did the clean removal, setup, etc and the latest 1.46 is known to fix this previous issue I would suggest following this method and if still an issue then run the AutoRun log.

Please do the following to see if it resolves the issue:

Windows XP:

• Click on Start and select Control Panel
  
• Open Add/Remove Programs
  
• Uninstall Malwarebytes' Anti-Malware
  
• Restart your computer very important
  
• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.
    

Windows Vista and Windows 7:

• Click on the Start button and select Control Panel
  
• Click on Programs and Features
  
• Uninstall Malwarebytes' Anti-Malware
  
• Restart your computer very important
  
• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.
    

[SJesMe]

Thank you for your responses. I am attaching the autoruns zip file.

AdvancedSetup: I had followed those exact steps from advice given elsewhere in the forum (using the mbam-clean utility). I even went so far as to reinstall MWB in safe mode!

I await your next advice and thank you again for your assistance.

AutoRuns.zip

[exile360]

Hello again

Please do the following:

Disable a Service on XP:

• Click on Start and click Run
  
• In the run box type services.msc and press Enter
  
• Once the Services window opens, scroll down the list until you find the Java Quick Starter service and double click on it
  
• Click the Stop button to stop the service from running, then click the drop down menu next to Startup Type and select Disabled
  
• Click the Apply button and click on Ok
  
• Close the Services control panel
  

Now restart your computer and let me know if the issue still remains.

Thanks

[SJesMe]

I have followed your advice and thank you for it. Since a reboot was involved (which used to temporarily fix the problem), I'll report back by day's end whether mbamservice is behaving itself.

[exile360]

Excellent, I look forward to hearing back from you, hopefully with good news .

[SJesMe]

Apologies for not getting back here last night. It seems substantially better. The cpu spiking has not come back (good news). There is still about a 7 second delay in opening just about anything (both internet and Word docs) but if that's the worst of it, I can live with it.

Thank you for your help Exile. It is very much appreciated

[exile360]

You're very welcome

If you require anything further please let us know.

Thanks

[SJesMe]

Update: the news is unfortunately not good. While mbamservice.exe is not the culprit at this point that I can tell, the system slowdown and cpu spiking has at least doubled over the past 24 hours. This does not change when I disable the protection module and/or website blocking, nor when I end the mbamservice.exe process via Task Manager. I now have a 15 -20 second delay in opening either browser, Outlook and Word. I guess patience is not my virtue but it has become too irritating for me to deal with. Once again, the problem disappears if I uninstall MWB.

I've run two virus scans (Avast! and Trend Micro Housecall online) and SuperAntispyware and come up clean.

I'm at a loss.

[exile360]

Hello again

Did you have C:\Windows\System32\drivers\mbam.sys excluded from Avast! when you had MBAM installed? If not, it may account for it, although I've not heard of too many recent performance issues with MBAM and Avast!.

If you're willing, I've got one more thing for you to try, just for the sake of narrowing down the issue:

• Click on Start and select Control Panel
  
• Open Add/Remove Programs
  
• Uninstall Malwarebytes' Anti-Malware
  
• Restart your computer very important
  
• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• Reinstall the latest version of Malwarebytes' Anti-Malware from here but do not activate it with your ID and Key.
  
• Test with the free version for a while to see if the issue returns or not. This will help to narrow down if it's a component being loaded exclusively in the paid version that's causing the issue.
  

Thanks

[Francois_Blais]

I have no problems anymore with AVAST free and MBAM 1.46 real-time.

What applets do you use in AVAST?

I only enabled the File Agent and the Web Agent.

Also try to disable as much unnecessary running services as you can. (easy to do with Autoruns)

(rebooting each time you make changes)

I disabled the Bonjour and ipod services, for instance.

I had a DrWEB remnant from an old install still active.

[SJesMe]

@ Exile: yes, C:\Windows\System32\drivers\mbam.sys was one of the exclusions in Avast!

I have uninstalled MWB in the manner instructed.

I will reinstall per your link without activating it and report back, although it may take 24 - 48 hours as this problem seems to "build up" over time (at least with the full version and protection module enabled).

@ Francois: I'm inclined to believe Avast! is not causing the problem as I had, at one point, not only disabled each shield one by one, but uninstalled it entirely so MWB could run alone. The problem persisted at that point. Under normal conditions, I have all Avast! shields active.

With all due respect, I have previously attempted to wade through the hundreds of listings in services.msc - and just recently looked through the autoruns listings - and cannot bring myself to "invest" the time necessary to do the research on each and every entry to determine whether I can live without it. The handful of things that are "unverified" are all related to programs I recognize and trust and use. I don't see Bonjour or DrWeb listed anywhere and don't use iPod.

In short, I'm certainly willing to spend some time and effort to get MWB to work properly (especially since I'm out $25 if it refuses to cooperate!), but I'm really not willing to reinvent the wheel in order to accommodate its quirks.

I continue to appreciate any help and/or advice.

[Francois_Blais]

Here's a short test for you:

At the command prompt, execute "wbem-test".

Then, click on the Connect button and then connect as "root\SecurityCenter".

Then click on the Query button.

Now, type "SELECT * FROM AntiVirusProduct" and click on Apply.

The result shoud show only one product.

If you double-click on it, you should recognize "ALWIL Software" in the "companyName" string.

I had a remnant of DrWeb there.

This test is easy to do and you may discover something, who knows.

Good luck, and best regards,

Fran

[AdvancedSetup]

Computer and browser slowness are not always malware related

Poor performance and other problems can be the result of disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.

Listed below are a few things you can do to improve speed and system performance. Many of the these suggestions will apply if you're using Windows Vista but may be done a bit differently. Near the bottom of this thread there is a section specifically devoted to Vista Users.

For browser problems, see:

• Its not always malware: How to fix the top 10 Internet Explorer issues
  
• How and Why to Clear Your Cache
  

If your having connectivity issues or errors such as Page cannot be displayed see

• Repair/Reset Winsock settings
  
• Troubleshooting Internet Connection Problems
  

If you're using Vista or Internet Explorer 7, see

• Why is my Internet connection so slow?
  
• Windows Vista - My Internet connection is slow
  
• The Phishing Filter may slow down the PC
  
• Tuning IE7 for Better Performance
  
• How to optimize or reset Internet Explorer 7
  

If you have a lot of toolbars and add-ons attached to Internet Explorer, you could try improving performance by disabling those which are unecessary. See:

• Control Internet Explorer Add-ons with Add-on Manager
  
• Troubleshooting and Internet Explorer

[SJesMe]

@Francois: I was unable to check per your suggestion as wbem-test did not execute at a command prompt (nor via the run box). Not sure what you mean ... ?

@AdvancedSetup: Wow ... that's a long list of stuff. Fortunately, CCleaner is an old friend and is in charge of cleaning cache, cookies and index.dat files daily. Internet cache is set to 75 MB and I keep 3 days of history. I defrag once a month or so whether it says it needs it or not. My Startup items are at a minimum (4 items); I don't have a third party Optimizer (or memory mgr) installed. I don't use accelerators and only have some basic add-ons (Adobe Flash and Acrobat, Sun Java (2 items), a UPromise add-on and MS Silverlight (in IE8). In Firefox, I only have the Adobe add-ons.

I have 200 gigs free space out of 250. I already have 3 gigs of RAM. But the real point is, I do not have connectivity issues at all, nor slowdown issues without MWB. Which brings me to the point of this post: although it is a holiday weekend and my usage may be somewhat less than "normal," since re-installing MWB as a standalone (not registered and no realtime protection), there have been no slowdown issues. I had it as a standalone on a trial basis before purchasing it and there were no performance impairments. It was only when I purchased and registered it, and enabled the protection module that slowdowns (to the point of near non-functionality online and offline) occurred.

One last observation: obviously, in the free (unregistered) version, mbamservice.exe is not a running process. In the registered version, it is. With the protection module enabled, mbamservice. exe was showing a steady cpu spike. Disabling the protection module did not remove mbamservice.exe from appearing in the process list and the spike remained steady; "end task" did not remove mbamservice.exe from the process list and the spike remained steady. The only remedy for it was to reboot, whereupon the problem would resolve ... only to reoccur within 3 hours or so (guesstimating since I never really timed it).

With the protection module disabled and "start with windows" unchecked on reboot, mbamservice was still in the process list but showing 0 cpu usage ... the slowdown built up over time but it was the "System" process that was spiking, this time erratically. When I uninstalled MWB, I could not replicate the behavior (in the System process). Now, using it as a standalone, I cannot replicate the behavior (in the System process). In other words, the cpu usage and slowdown only occurs with mbamservice in the process list.

I'm sorry this post is so long, but I wanted to be absolutely clear about what I see happening. I want MWB to work. Obviously it works for some without a problem; thus it must be something I have on my computer that is conflicting with it (?) but I don't know how to figure out what it is without jumping through some very time-consuming hoops in the process of elimination. I was hoping something on the autoruns list might jump out at Exile but apparently not. I can provide a Belarc analysis if that might help?

Thank you again for your persistence and assistance!

[Francois_Blais]

Typo from me!

I meant "wbemtest". (no dash in the name, sorry!)

I had the same symptoms you have, go for it!

[SJesMe]

Thank you for the clarification Francois ... that got 'er done. Unfortunately, there was only the one listing for ALWIL (Avast!). I thought as much since Avast! is the only AV product I've used on this machine. But I appreciate you caring enough to try and help.

Best regards,

Sharon

[SJesMe]

Anyone else have any suggestions? Or shall I just attempt to get a refund?

[SJesMe]

Anyone else have any suggestions? Or shall I just attempt to get a refund?

[YoKenny1]

I have no problem on my XP Pro system.

By the way, I had to involve the suport folks at avast! with a memory dump and they helped find the problem:

How to invoke memory dump creation?

http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71

[Francois_Blais]

Is a reformat of the hard disk an alternative?

[Francois_Blais]

I have no problem on my XP Pro system.

By the way, I had to involve the suport folks at avast! with a memory dump and they helped find the problem:

And what was your problem, if I may ask?

[YoKenny1]

[quote name='Fran