Slow Start-up

December 17, 2009

Dear Readers,

This has annoyed me for quite some time now, and can't seem to figure out the problem as to why it takes eternity for my PC to bootup. Where as my Laptop and Sis's PC bootup much faster.

Anyway, below is my HiJackThis Log, so perhaps something there is causing it... And I'll make a few comments on it afterwards.

Thanks.

---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:46:14 PM, on 12/17/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\VirtualDubMOD\VirtualDubMod.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Digsby\lib\digsby-app.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Users\Chris\Desktop\asdf\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B67F5014-2843-4503-9442-455333B9642C}: NameServer = 208.67.222.222,208.67.222.220

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 5378 bytes

-----

Given that I don't use IE at all, and have it uninstalled via Program Features (Win7 64-bit), possible to just delete all those entries?

For the [sidebar] ones, not too sure what that refers to, but I don't use those if that is similar to Gadgets.

For the majority of the last portion (Service), most say file is missing, safe to remove?

Thanks.

Also for the Logitech... I don't have any form of Bluetooth accessories, so is that needed?

If you need any more info, just ask.

Thanks

December 17, 2009

Well the last few services that are missing are important part of windows as long I know.

Are these services runnin in background? They should run.

You can disable spoolsv if you never use printer.

If you have Logitech keyboard or mouse that has extra features like increase volume, you need logitech to run in order to use that features.

I'm not so used to Hijack this logs but I feel the OS needs repair.

December 17, 2009

I am worried by the '(file missing)' errors, they shouldn't be there, if I'm correct... Any idea as to what might've caused them?

December 17, 2009

No idea, although when I check in my System32 folder, I do see them there...

December 17, 2009

If it says missing. They must be broken or can also be infected. You can try to repair your OS by SFC /SCANNOW in run.

December 17, 2009

^Tried that, and still nothing ><

December 17, 2009

I'd much earlier think it has to do with permissions... Not sure though.

As to what is causing your slow start-up: 'when' exactly is it slow(so what part of the start-up takes longer than you think it should be). Is it the part where you see the Windows flag, the part before that, the part after that, the part before you see the system checks(when you can get into the BIOS), the part after that. Please try to define it as 'strict' as possible ;)

December 17, 2009

@shought: Of course, I'm sorry =)

Everything is 'normal' up until AFTER the Windows Flag appears.

So pretty much, it takes like an ETERNITY for the screen that says "Welcome" to show up.

Once that appears, the rest of it is normal.

So it is just after the Flag is displayed, waiting for that Welcome screen.

December 17, 2009

You guys can use this: http://www.r2.com.au/software.php?page=2&show=startdelay

It was already featured @ Lifehacker: http://lifehacker.com/5043134/startup-delayer-staggers-your-startup-apps-for-smoother-loading

December 17, 2009

@shought: Of course, I'm sorry =)
Everything is 'normal' up until AFTER the Windows Flag appears.
So pretty much, it takes like an ETERNITY for the screen that says "Welcome" to show up.
Once that appears, the rest of it is normal.
So it is just after the Flag is displayed, waiting for that Welcome screen.

Ok, now we've narrowed it down :)

It's either one of your services or one of your drivers, I'd go with drivers as they've caused the most trouble for me(with delayed boots and stuff like that). So I'd recommend you to check for video/audio card driver updates(or downgrades, if the problem appeared just now). If not then you should try a, how do you call it, minimum resource boot, I hope you know what I mean... Forgot what it's named, like in WinXP you had msconfig and you could select some option to only run the bare minimum, check if the delay is there then too, if it is then it's deep inside your system, if not it could be various things like your AV, firewall, ethernet taking a long time to connect(maybe try turning of 'search for new computers in network', I believe TuneUp Utilities provides you with the ability but there'll surely be some other way).

There's way more things I can think of, at least, I believe, but my mind is kind of asking for me to take a nap, now :P

Will get back to you tomorrow :D

Edit: Patrick's suggestion might also help, but I think this only kicks in after you log in, might be wrong though :)

December 18, 2009

I would recommend to see if the main OS drive is not fragmented. It has happened a lot to me that it slows down at that moment when the OS drive is too fragmented.

And yes as shought mentioned, you should unplug a few hardware devices and see. Start with DVD drive. ;)

December 18, 2009

Shouldn't be fragmentation, givne I defrag my Drive quite often, and tried a Registry Defrag (Windows 7 Manager), and that seemed to have sped it up only slightly.

As for the Hardware, sorta hate how my system is prepped, as it is a pain to get into with how it is 'shelfed' (Unno if that makes sense).

And this isn't a horrible thing given I rarely restart my PC anyway. But yup, any more tips if there are as I'm up for trying.

December 18, 2009

Boot time defrag? I mean for files like MFT, Pagefile etc?

December 18, 2009

Hmm.. probably not... Given that I use Auslogics Disk Defrag, so that doesn't have it.

December 18, 2009

Hmm. Download Ultimate Defrag. Analyze the drive and options > boot time > schedule on next restart. It will do the job. ;)

Also, tell me is the time taken when boot in safe mode same as the time taken the normal one?

December 18, 2009

Do a Consolidate Defrag, it usually fixes those sometimes.

December 18, 2009

Just to confirm, using Win 7, Ultimate Defrag doesn't support Win 7 (64-bit) for the Boot Defrag, unless I am doing something wrong (When I had it installed).

Will try that Safe Boot a little later to compare.

December 18, 2009

Your right I couldn't get it to work either.. on my parents..

EDIT: I am coming back with a HiJack This! from my Parent system.. just to compare.. You could always try a repair from installation disc.. and see if it helps.. But anyway coming back .. and I am going to compare the two with WinMerge..

EDIT2: Okay this a copy of mine ( there are a ton of differences.. ) but the main thing that I see that is a problem is that there are missing files and services that don't match up.. I have one called Program.exe.. that I need to remove.. It was because I could not get MySQL to uninstall properly so I just deleted it.. which is not the desired method.. so I think that a good cleaning and repair from OS disc.. would be in order.. an then manually cleaning up the rest manually through the registry would be a good idea.. anything else that this may break.. needs to be re-installed.. but I am willing to bet that there won't be.. and if you want to optimize your services and programs.. I would suggest going through the Optimization Wizard in Yamicsoft 7 Manager..

My Log..

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:06:33, on 12/18/09

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ZoomIt\ZoomIt.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Samurize\Client.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Users/1/Pictures/Flash%20Desktops/Home/Home.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [ZoomIt] C:\Program Files\ZoomIt\ZoomIt.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [Client Default] C:\Program Files\Samurize\Client.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res:///105

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) ( Fixed by Disabling in 'Services' )

O23 - Service: O&O CleverCache - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe

O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

O23 - Service: webcamXP Service (wxpSvc) - Moonware Studios - C:\Program Files\wLite\wService.exe

--

End of file - 6451 bytes

EDIT3: Another thing I would mention here is that you have got a ton of un-necessary crap running.. and yes disable the Sidebar from starting up when you boot.. really does take some time to get going on some/most systems.. even with good hardware. but the Optimization Wizard should help you cleanup your startup and services anyway..

One more thing.. and this SUX like you would not believe.. BUT cleaning out and disabling all of the un-necessary scheduled tasks REALLY helps... amazing difference.. Also why are using Net Limiter.. is it for Traffic Shaping?

I also want to mention that you seem to have something installed that was not for Windows 7.. The entries for Lsass.exe that startup when you boot.. they should not be there at all.. and this is usually only called up by another program.. Thing is I am not even sure that it exists on 7.. :( ..But really I think you would due for a good cleaning and streamlining.. using this log from HiJack This can help as well.. especially afterward to help clean out anything else that needs to be manually removed or repaired by re-installation or manual removal through the registry.. this will need to be researched so you know where to go in the registry to search for the files..If need be..

December 18, 2009

I actually went and searched and grabbed Puran Defrag, since that does how Boot-time defrag, and tried that... Interestingly enough, again I did notice a slight speed-up in boot up time. So that's a plus.

December 18, 2009

I may try Puran for boot defrag then.. Uhmm.. I made a ton of edits of my previous post .. may want to take a look..

December 18, 2009

Yeah, noticed all those edits...

I'll delete those Sidebar ones and see what else I can do.

As I know I did remove a few Task Schedule ones.

NetLimiter is mainly for just one program called "Share", Japanese P2P, as I don't 'share' on that, but not to worry with torrents I share like crazy ^^

---

EDIT:

Okay, so the SideBar thingy is remove.d.. And I actually attempted ot remove all those Entries that are "Missing file", apparently, that did nothing as upon Reboot, they appear again...

New Log, although not much has changed:

--------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:01:58 AM, on 12/18/2009