Windows 7 - 20 Minutes to boot! I have Hijack and BootTrace Logs

Discussion in 'Windows 7 Help and Support' started by JenHayden30, Jun 7, 2012.

  1. JenHayden30

    JenHayden30 New Member

    Joined:
    Jun 7, 2012
    Messages:
    6
    Likes Received:
    0
    Hello, I'm helping my mom out with this one. She's got an Acer Aspire 5733z-445
    Intel PentiumP6100
    3 GB DDR3 Memory
    TOSHIBA MK3259GSXP [Hard drive] (320.07 GB)
    Windows 7 Home Premium (x64) Service Pack 1 (build 7601)

    On boot, it takes anywhere from 15-20 minutes for the computer to get to a state where you can try to click on a program and open it.

    To clarify a little....

    Click the power button - about 30 seconds until the swirling Windows logo.
    From the windows logo until the user login image is displayed - up to 8 minutes.
    After clicking the user login image (we didn't set a password) - up to 6 or 7 minutes.
    The computer looks ready to use, but if you try to click the start button, it won't display the start menu. If you try to click the IE shortcut....little spinning aero circle, but IE doesn't launch.
    Periodically, during this waiting period, when you hover the mouse over the bottom toolbar - spinning aero circle again. After at least 5 minutes, all of the programs you clicked/ran start to load all at once and it's fast. Once you get to this point, the computer runs like a champ!

    I have a log from Hijack This:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:37:26 AM, on 6/7/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Belarc\Advisor\BelarcAdvisor.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer MSN.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    Sign In
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Acer MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files
    (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
    Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:
    \PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite
    \x86\SuiteTray.exe"
    O4 - HKCU\..\Run: [EPSON Stylus CX6000 Series] C:\Windows\system32\spool\DRIVERS
    \x64\3\E_FATIBIA.EXE /FU "C:\Windows\TEMP\E_S92C2.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User
    'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL
    SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User
    'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK
    SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User
    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User
    'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:
    \PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:
    \PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer
    \WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program
    Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer
    \WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program
    Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files
    (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:
    \Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program
    Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -
    C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows
    live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows
    live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) -
    https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows
    Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files
    (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows
    \System32\alg.exe (file missing)
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files
    (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows
    \System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer
    ePower Management\ePowerSvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files
    (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration
    \GREGsvc.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:
    \Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file
    missing)
    O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater
    \UpdaterService.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) -
    Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS
    \LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file
    missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:
    \Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup
    Manager\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:
    \Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows
    \system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows
    \system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows
    \System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows
    \System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows
    \system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:
    \Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) -
    Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS
    \UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:
    \Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows
    \System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows
    \system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:
    \Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:
    \Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:
    \Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown
    owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 9037 bytes

    I also have a Boot Trace File. It's 106mb compressed, so I don't think I can upload it here.

    Last evening, I ran CCleaner and I defragged as well.

    No improvement on the boot time.

    I'm willing and able to run any additional scans/tests, etc.

    Thanks a lot.

    - Jennifer
     
  2. JenHayden30

    JenHayden30 New Member

    Joined:
    Jun 7, 2012
    Messages:
    6
    Likes Received:
    0
    Forgot to mention that I also ran a full system virus scan on Monday and it came up clean.

    I ran a Malwarebytes scan on Monday as well and it, too, came up clean.

    Last night, I also deleted some unwanted programs and programs that came pre-loaded. (prior to the de-frag - which was 3%).
     
  3. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    I don't think many folks in this forum are used to looking at HijackThis logs. Saying that, since the system is yours, do you see anything in the log that is unknown to you? Programs or paths you do not recognize. Also, since I am not running HijackThis, could you go through the numbers that usually mean something might be bad, like the 023 or 010 numbers?

    If the system delays after the Windows Logo, it might be a driver loading or something being searched for. If it delays after the logon, it might be some type of scan, or internet connection, or some other utility doing a job. For instance, I see you have an ACER backup utility starting up. It may be scanning your system in preparation for a backup.


    If you don't see something you think should not be there, you might use Msconfig.exe to do some troubleshooting. You can keep all non-Microsoft processes from starting, or pick ones you want to test so they won't start up. Maybe you will find one, or more.

    Possibly the delay is happening after a boot log would be useful, but you can set your system so you can watch it to see if there is a delay during that process.

    And if you really want to get into the specifics, there is a program from SysInternals, a Microsoft Company, called Process Monitor. It can be set to watch your boot and show what is happening. In your case, it would probably show some process taking a very long time to finish. There may be a tutorial on the site for the utility, but if you have questions, I have some experience with it.
     
  4. JenHayden30

    JenHayden30 New Member

    Joined:
    Jun 7, 2012
    Messages:
    6
    Likes Received:
    0
    We've actually been trying a number of fixes - including Soluto to stop some processes from loading (similar to just going into MSConfig). We are suspecting a virus as from the minute you turn the computer on, you can hear the drive working, but nothing is displayed - and any programs we have set to watch the boot aren't initiated yet. When we try to go into Windows Update, the computer freezes for no less than 5 minutes. When it finally comes up, we click the Search for Updates (or similar) button and it tells us that the Windows Update service is not running, but when we go into services, it most definitely is running. I almost think something is hijacking the computer right from the second you push the power button and then hijacks the Windows Update feature. The last date that Windows Updates were installed is 5/10/12. A Silverlight update was completed on the 11th. This is right around when my mother called from Florida and said that she was having a problem.

    As for the Hijack This report, nothing looks unusual to me at all.

    I work for a web development company, so we do have some techs here and we've just about exhausted all of the typical troubleshooting tasks and are looking for some deeper tech help.

    Thanks.
     
  5. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    So you have run Process Explorer and Process Monitor? If not, you have come nowhere even close to exhausting your options!

    I asked you to send me you boot log, and you stated you could not do so because of its size, so I cannot check that. If you do decide to run any of the Sysinternals utilities, maybe you could forward me a Process Monitor log, that was started immediately after boot, or during boot.

    I, of course, cannot rule out a virus problem.

    If you want help running Process Monitor, I can give some guidance, but there should be an instructional video on the site.
     
  6. catilley1092

    catilley1092 Extraordinary Member

    Joined:
    Nov 19, 2010
    Messages:
    1,034
    Likes Received:
    46
    My suggestion here, provided that there's no hardware issue, backup all of your data & re-install Windows 7. After searching the model, it should have a recovery partition to reload the OS from, being that Windows 7 is the OEM installed OS. HijackThis is a good tool, but it's best used to self diagnose a computer, where the user knows what he/she is doing.

    Yes, it will be a day's work, re-installing programs & all, but it'll be worth it. 20 minutes to boot is totally unacceptable, I have a usable OS in less than 15 seconds.

    Cat
     

Share This Page

Loading...