Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup and shutdown suddenly incredibly slow, worrying event viewer


  • Please log in to reply
4 replies to this topic

#1 jamdiel

jamdiel

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 06 September 2016 - 06:50 PM

Hello.

 

Out of the blue today, I decided to restart my laptop, and found it to take much longer than usual. So when it finally got to the desktop, I decided to shut down. While the screen turned off, some of the lights and the fan stayed on, so I had to hold down the power button to switch it off. When I tried to turn it on, it took ages to get to the desktop. I've gone from being able to get to desktop in seconds, to waiting several minutes.

 

While I'm currently running thorough scans with avira antivirus, I doubt the problem is caused by any virus/malware. I'll make sure to run scans by malwarebytes and emsisoft when avira finishes, but again, I doubt the problem is related to security.

 

On checking my event viewer, under the system tab I found several errors and warnings, some of which I have copy pasted below. I am not sure if this helps pinpoint the problem, but I would hugely appreciate any help with targeting why my laptop suddenly has much slower startup and shutdown times. Thank you. 

 

The speed of processor 0/1/2/3/4/5/6/7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.

 

File System Filter 'wcifs' (Version 10.0, ‎2016‎-‎07‎-‎16T05:27:16.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy28'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

 

The above error also happens with shadowcopy29/31/25

 

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
 
The following boot-start or system-start driver(s) did not load: 
dam
 
A timeout was reached (30000 milliseconds) while waiting for the Avira.ServiceHost service to connect.
 
The server service was unable to recreate the share My Apps because the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps /delete" to delete the share, or recreate the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps.
 
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join definition. Additional Data: Error Value: %SystemRoot%\System32\AutoWorkplace.exe.
 
Task Scheduler service found a misconfiguration in the NT TASK\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 definition. Additional Data: Error Value: C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe.
 
The driver \Driver\WUDFRd failed to load for the device ACPI\ENE0110\5&2dc08549&0.
 
Windows failed fast startup with error status 0xC000000F.
 
 

 



BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:46 AM

Posted 08 September 2016 - 06:27 AM

Let's try looking at these 2 sets of reports:

Report Set #1)  Please run this report collecting tool (even though you may not be experiencing BSOD's) so that we can provide a complete analysis: (from the pinned topic at the top of the forum)   http://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/
FYI - I don't often use the Perfmon report, so if it doesn't work please just let me know.

NOTE:
Please zip up the (.ZIP) files - do not use .RAR or other compression utilities. 
.ZIP is the type file that can be uploaded to the forums.

Report Set #2)  Please do the following:
- open Event Viewer (run eventvwr.msc from the "Run" dialog)
- expand the Custom Views category (left click on the > next to the words "Custom Views")
- right click on the "Administrative Events" heading
- select "Save all Events in Custom View as..."
- save the file as Admin.evtx
- zip up the file (right click on it, select "Send to", select "Compressed (zipped) folder")
- upload it with your next post (if it's too big, then upload it to a free file-hosting service and post a link here).

FYI - If we're looking for Event ID 41 errors (unexplained shutdowns), there's more info on that here:  http://support.microsoft.com/kb/2028504

While waiting for a reply, please monitor your temps with this free utility: 

SpeedFan v. 4.5.1 and later (free from here:  http://www.almico.com/sfdownload.php ) can log temperatures in a CSV file:

To make it work (log the temps to a file) you have to do BOTH of the below:

1. Enable logging in general: Configure...Log...check "Enabled" then click on OK to save.

2. Enable logging for specific checks: Configure...Temperatures..left click on each sensor, then click on "Logged" at the bottom of the Window (for our purposes we want them all) then once you've selected "Logged" for all sensors, then click on OK to save.

The log will be located at C:\Program Files (x86)\SpeedFan

Naming: log files are named SFLogYYYYMMDD.csv, where YYYY is the year (four digits), MM is the month (2 digits, zero padded) and DD is the day (2 digits, zero padded). If a file already exists by that name, the file that already exists is renamed according to the following naming scheme: SFLogYYYYMMDD-CCCC.csv, where CCCC is a increasing number. The new file is then created with the standard file name scheme.

Notes: whenever you change the options related with logging, SpeedFan starts a new log file.

NOTE:You may want to turn logging off when we're done - as I don't know it's impact on performance or on the system.



 
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 jamdiel

jamdiel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 08 September 2016 - 04:49 PM

Hello, thank you for your help.

 

I actually uninstalled a whole bunch of programs from my laptop (Emsisoft antimalware, a couple of Kaspersky scanners, Eset scanner, etc), and that took my startup/shutdown times back to normal. I guess there must have been some conflicts, as I still have malware bytes anti malware (free), malware bytes anti exploit, and Avira free anti-virus  :thumbsup:

 

As for the logs, I have attached the sysnative one and event viewer logs, but the perfmon wouldn't get past "collecting data for 60 seconds."

 

As for the answers to the questions in the first post:

 

OS is Windows 10

x64

Original OS was 8.1 I believe?

OS is OEM

Age of hardware is just under 2 and a half years

Had problems with my computer around this time last year, so I took it in and they did a fresh install of Windows (I think that was all it took to fix), so that would make age of OS installation 1 year

 

CPU is i7 4800MQ

Video card is Nvidia GeForce GTX 765M/2GB GDDR5, and think it has another video card Intel HD Graphics 4600

 

System Manufacturer is MSI

Model is MS 16GC

 

Laptop

 

Once again, thank you very much for your time and help.

Attached Files



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:46 AM

Posted 09 September 2016 - 07:20 AM

Only run one antivirus and one firewall at a time.  Running more will often cause conflicts as they fight for sole control of access to the file system.

Unfortunately this sometimes allows malware to get on the system.

 

Your UEFI/BIOS (version E16GCIMS.517) dates from 2013.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and that outdated UEFI/BIOS' may be the cause of some compatibility issues).

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

The memory dump blames SnakeEyes.sys - this belongs to your Corsair Gaming Mouse ( http://www.carrona.org/drivers/driver.php?id=snakeeyes.sys )

Please uninstall it's software and see if that helps the problem.

 

There are a couple of other potential problems in the memory dump - but I hesitate to mess with them if the system is working OK.

 

Analysis:

The following is for information purposes only. The following information contains the relevant information from the blue screen analysis:
**************************Sat Sep  3 07:54:52.590 2016 (UTC - 4:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\090316-51578-01.dmp]
Windows 10 Kernel Version 14393 MP (8 procs) Free x64
Built by: 14393.103.amd64fre.rs1_release_inmarket.160819-1924
System Uptime:0 days 0:11:39.289
*** WARNING: Unable to verify timestamp for SnakeEyes.sys
*** ERROR: Module load completed but symbols could not be loaded for SnakeEyes.sys
Probably caused by :SnakeEyes.sys ( SnakeEyes+1abe )
BugCheck 1E, {ffffffffc0000047, fffff800b529ca70, 0, 0}
BugCheck Info: KMODE_EXCEPTION_NOT_HANDLED (1e)
Arguments:
Arg1: ffffffffc0000047, The exception code that was not handled
Arg2: fffff800b529ca70, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
BUGCHECK_STR:  0x1E_c0000047
PROCESS_NAME:  System
FAILURE_BUCKET_ID: 0x1E_c0000047_SnakeEyes!unknown_function
CPUID:        "Intel® Core™ i7-4800MQ CPU @ 2.70GHz"
MaxSpeed:     2700
CurrentSpeed: 2694
  BIOS Version                  E16GCIMS.517
  BIOS Release Date             12/05/2013
  Manufacturer                  Micro-Star International Co., Ltd.
  Product Name                  GE60 2OC\2OD\2OE
  Baseboard Product             MS-16GC
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``




3rd Party Drivers:

The following is for information purposes only. My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:

**************************Sat Sep  3 07:54:52.590 2016 (UTC - 4:00)**************************
MBfilt64.sys                Thu Jul 30 23:40:32 2009 (4A7267B0)
winio64.sys                 Fri Jun  4 00:08:03 2010 (4C087C23)
SnakeEyes.sys               Wed Sep  5 01:31:26 2012 (5046E3AE)
NTIOLib_X64.sys             Thu Oct 25 06:27:58 2012 (5089142E)
bwcW8x64.sys                Wed Feb 13 12:25:48 2013 (511BCC9C)
rikvm_38F51D56.sys          Mon Jun 17 00:05:56 2013 (51BE8B24)
TeeDriverx64.sys            Tue Jul  2 14:38:08 2013 (51D31E10)
ccSetx64.sys                Mon Jul 29 15:50:14 2013 (51F6C776)
RtsPer.sys                  Wed Aug 21 03:23:24 2013 (52146AEC)
iaStorA.sys                 Wed Aug 28 18:13:22 2013 (521E7602)
RTKVHD64.sys                Tue Dec  3 07:26:10 2013 (529DCDE2)
iwdbus.sys                  Fri Oct  3 20:31:12 2014 (542F3FD0)
HWiNFO64A.SYS               Sun Nov 23 11:24:07 2014 (54720A27)
RtkBtfilter.sys             Fri Feb 27 02:49:29 2015 (54F02189)
file_tracker.sys            Tue Jun 30 14:31:05 2015 (5592E069)
fltsrv.sys                  Fri Jul  3 06:40:14 2015 (5596668E)
ETD.sys                     Mon Jul 27 22:01:31 2015 (55B6E27B)
tib.sys                     Mon Aug 10 10:06:34 2015 (55C8AFEA)
tib_mounter.sys             Mon Aug 10 11:29:28 2015 (55C8C358)
snapman.sys                 Tue Aug 11 18:50:52 2015 (55CA7C4C)
avkmgr.sys                  Tue Oct 20 09:16:43 2015 (56263EBB)
nvpciflt.sys                Thu Nov  5 09:28:45 2015 (563B679D)
nvlddmkm.sys                Thu Nov  5 09:35:23 2015 (563B692B)
nvvad64v.sys                Thu Dec 17 07:47:18 2015 (5672AED6)
NvStreamKms.sys             Tue Dec 22 15:53:26 2015 (5679B846)
e2xw10x64.sys               Wed Jan 13 15:47:10 2016 (5696B7CE)
mbae64.sys                  Wed Jan 27 11:54:02 2016 (56A8F62A)
avnetflt.sys                Wed Mar 23 16:46:57 2016 (56F300C1)
rtwlane_13.sys              Thu Mar 31 02:00:21 2016 (56FCBCF5)
igdkmd64.sys                Fri Apr 22 16:37:26 2016 (571A8B86)
avgntflt.sys                Wed Jun 15 13:40:26 2016 (5761930A)
avipbb.sys                  Wed Jun 15 14:18:22 2016 (57619BEE)
intelppm.sys                Fri Jul 15 22:10:43 2016 (578997A3)


http://www.carrona.org/drivers/driver.php?id=MBfilt64.sys
http://www.carrona.org/drivers/driver.php?id=winio64.sys
http://www.carrona.org/drivers/driver.php?id=SnakeEyes.sys
http://www.carrona.org/drivers/driver.php?id=NTIOLib_X64.sys
http://www.carrona.org/drivers/driver.php?id=bwcW8x64.sys
http://www.carrona.org/drivers/driver.php?id=rikvm_38F51D56.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverx64.sys
http://www.carrona.org/drivers/driver.php?id=ccSetx64.sys
http://www.carrona.org/drivers/driver.php?id=RtsPer.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
http://www.carrona.org/drivers/driver.php?id=HWiNFO64A.SYS
http://www.carrona.org/drivers/driver.php?id=RtkBtfilter.sys
http://www.carrona.org/drivers/driver.php?id=file_tracker.sys
http://www.carrona.org/drivers/driver.php?id=fltsrv.sys
http://www.carrona.org/drivers/driver.php?id=ETD.sys
http://www.carrona.org/drivers/driver.php?id=tib.sys
http://www.carrona.org/drivers/driver.php?id=tib_mounter.sys
http://www.carrona.org/drivers/driver.php?id=snapman.sys
http://www.carrona.org/drivers/driver.php?id=avkmgr.sys
http://www.carrona.org/drivers/driver.php?id=nvpciflt.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
http://www.carrona.org/drivers/driver.php?id=NvStreamKms.sys
e2xw10x64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=mbae64.sys
http://www.carrona.org/drivers/driver.php?id=avnetflt.sys
rtwlane_13.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=avgntflt.sys
http://www.carrona.org/drivers/driver.php?id=avipbb.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys


 
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 jamdiel

jamdiel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 09 September 2016 - 06:21 PM

Thank you very much for your help. 

 

Yeah I definitely went overboard with the antivirus/antimalware.

 

I'm too nervous about messing with bios, but windows updates I can manage  :P

 

Thanks again for being a genius  :thumbsup:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users