Windows 7 Windows 7 - 20 Minutes to boot! I have Hijack and BootTrace Logs

[JenHayden30]

Hello, I'm helping my mom out with this one. She's got an Acer Aspire 5733z-445
Intel PentiumP6100
3 GB DDR3 Memory
TOSHIBA MK3259GSXP [Hard drive] (320.07 GB)
Windows 7 Home Premium (x64) Service Pack 1 (build 7601)

On boot, it takes anywhere from 15-20 minutes for the computer to get to a state where you can try to click on a program and open it.

To clarify a little....

Click the power button - about 30 seconds until the swirling Windows logo.
From the windows logo until the user login image is displayed - up to 8 minutes.
After clicking the user login image (we didn't set a password) - up to 6 or 7 minutes.
The computer looks ready to use, but if you try to click the start button, it won't display the start menu. If you try to click the IE shortcut....little spinning aero circle, but IE doesn't launch.
Periodically, during this waiting period, when you hover the mouse over the bottom toolbar - spinning aero circle again. After at least 5 minutes, all of the programs you clicked/ran start to load all at once and it's fast. Once you get to this point, the computer runs like a champ!

I have a log from Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:26 AM, on 6/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Belarc\Advisor\BelarcAdvisor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Link Removed - Invalid URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Acer MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files
(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:
\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite
\x86\SuiteTray.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX6000 Series] C:\Windows\system32\spool\DRIVERS
\x64\3\E_FATIBIA.EXE /FU "C:\Windows\TEMP\E_S92C2.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK
SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User
'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:
\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:
\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer
\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program
Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer
\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program
Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files
(x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:
\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program
Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows
live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows
live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) -
Link Removed - Invalid URL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows
Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files
(x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows
\System32\alg.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files
(x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows
\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer
ePower Management\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files
(x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration
\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:
\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file
missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater
\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) -
Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS
\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file
missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:
\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup
Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:
\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows
\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows
\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows
\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows
\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows
\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:
\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) -
Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS
\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:
\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows
\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows
\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:
\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:
\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:
\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown
owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9037 bytes

I also have a Boot Trace File. It's 106mb compressed, so I don't think I can upload it here.

Last evening, I ran CCleaner and I defragged as well.

No improvement on the boot time.

I'm willing and able to run any additional scans/tests, etc.

Thanks a lot.

- Jennifer

 

[JenHayden30]

Forgot to mention that I also ran a full system virus scan on Monday and it came up clean.

I ran a Malwarebytes scan on Monday as well and it, too, came up clean.

Last night, I also deleted some unwanted programs and programs that came pre-loaded. (prior to the de-frag - which was 3%).

 

[Saltgrass]

I don't think many folks in this forum are used to looking at HijackThis logs. Saying that, since the system is yours, do you see anything in the log that is unknown to you? Programs or paths you do not recognize. Also, since I am not running HijackThis, could you go through the numbers that usually mean something might be bad, like the 023 or 010 numbers?

If the system delays after the Windows Logo, it might be a driver loading or something being searched for. If it delays after the logon, it might be some type of scan, or internet connection, or some other utility doing a job. For instance, I see you have an ACER backup utility starting up. It may be scanning your system in preparation for a backup.


If you don't see something you think should not be there, you might use Msconfig.exe to do some troubleshooting. You can keep all non-Microsoft processes from starting, or pick ones you want to test so they won't start up. Maybe you will find one, or more.

Possibly the delay is happening after a boot log would be useful, but you can set your system so you can watch it to see if there is a delay during that process.

And if you really want to get into the specifics, there is a program from SysInternals, a Microsoft Company, called Process Monitor. It can be set to watch your boot and show what is happening. In your case, it would probably show some process taking a very long time to finish. There may be a tutorial on the site for the utility, but if you have questions, I have some experience with it.

 

[JenHayden30]

We've actually been trying a number of fixes - including Soluto to stop some processes from loading (similar to just going into MSConfig). We are suspecting a virus as from the minute you turn the computer on, you can hear the drive working, but nothing is displayed - and any programs we have set to watch the boot aren't initiated yet. When we try to go into Windows Update, the computer freezes for no less than 5 minutes. When it finally comes up, we click the Search for Updates (or similar) button and it tells us that the Windows Update service is not running, but when we go into services, it most definitely is running. I almost think something is hijacking the computer right from the second you push the power button and then hijacks the Windows Update feature. The last date that Windows Updates were installed is 5/10/12. A Silverlight update was completed on the 11th. This is right around when my mother called from Florida and said that she was having a problem.

As for the Hijack This report, nothing looks unusual to me at all.

I work for a web development company, so we do have some techs here and we've just about exhausted all of the typical troubleshooting tasks and are looking for some deeper tech help.

Thanks.

 

[Saltgrass]

I work for a web development company, so we do have some techs here and we've just about exhausted all of the typical troubleshooting tasks and are looking for some deeper tech help.

So you have run Process Explorer and Process Monitor? If not, you have come nowhere even close to exhausting your options!

I asked you to send me you boot log, and you stated you could not do so because of its size, so I cannot check that. If you do decide to run any of the Sysinternals utilities, maybe you could forward me a Process Monitor log, that was started immediately after boot, or during boot.

I, of course, cannot rule out a virus problem.

If you want help running Process Monitor, I can give some guidance, but there should be an instructional video on the site.

 

[catilley1092]

My suggestion here, provided that there's no hardware issue, backup all of your data & re-install Windows 7. After searching the model, it should have a recovery partition to reload the OS from, being that Windows 7 is the OEM installed OS. HijackThis is a good tool, but it's best used to self diagnose a computer, where the user knows what he/she is doing.

Yes, it will be a day's work, re-installing programs & all, but it'll be worth it. 20 minutes to boot is totally unacceptable, I have a usable OS in less than 15 seconds.

Cat