1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

slow shutdown and startup, tried many things but...

Discussion in 'Windows XP' started by Doughbroz, Jan 6, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Doughbroz

    Doughbroz Thread Starter

    Joined:
    Dec 6, 2003
    Messages:
    111
    Recently developed a problem with very slow shutdown and startup both. With no programs running, it takes about a minute and a half to shut down, about two to boot up, and about five to load programs after I select user. During the program load, the hard drive is running like crazy, with Task Manager showing a lot of use by explorer.exe, ctfmon, and one svchost entry. At times, one of the two latter ones will jump as high as 98% usage. I tried disabling every startup program with Task Manager while disconnected from the net, deleted restore points, defragged, and the delay improved only slightly. In addition to AVG a/v, Spybot, and Adaware I have run CCleaner and the full version of Registry Mechanic with no improvement. I have gone down the HijackThis list using the cheat sheet in this forum and deleted a couple of suspicious items, that didn't help either. On the attached startup list, I have no clue what the fourth item with no command listed might be. I have recently added an external hard drive for storage and backup and a new monitor, fwiw, but the problem seems to have started at some point after that. The web sites in the HJT log are all legitimate. Any ideas appreciated.


    [​IMG]


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:24:15 PM, on 1/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Flippen\FlippenMenusv5.exe
    C:\Program Files\WON\wonplay.exe
    C:\Program Files\WON\WONplay\spades\spades.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\xxxx xxxxxxxx\My Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O15 - Trusted Zone: http://*.photobucket.com
    O15 - Trusted Zone: http://hoylegames.sierra.com
    O15 - Trusted Zone: www.hoylegames.sierra.com
    O15 - Trusted IP range: http://63.215.73.41
    O15 - Trusted IP range: http://8.5.0.53
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://63.215.73.41/cab/WONWebLauncherControl.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

    --
    End of file - 6076 bytes
     
  2. Doughbroz

    Doughbroz Thread Starter

    Joined:
    Dec 6, 2003
    Messages:
    111
    Bumping this up because since the original post I have gotten one "your system has recovered from a serious error" and two blue screen messages. While the system was recovering in the first instance, I noticed a dump program running in task manager. Don't know what the first blue screen was, probably the same as today's which was:
    DRIVER_IRQL_NOT_LESS_OR_EQUAL
    STOP: 0X000000D1 (0XF8F856E6, 0X00000002, 0X00000000, 0XF8F856E6)
    mxopswd.sys-Address F8F856E6 base at F8F80000, DateStamp 459efd59

    That last line was repeated once. Since the original post I used WindowsAdvancedCare and managed to get rid of the unnamed startup program in the screen shot. Also followed Microsoft advice to get rid of the ctfmon. Time for a reboot is now down to about three minutes, which is fine by me. Only things running in startup now are AVG a/v, Windows Defender, the manager for the external H/D, and WkDetect. When I got the first serious error message, I followed the link and got a driver fix that supposedly fixed two drivers. I believe the first blue screen was before that. The blue screen today came while using Nero 6, the other blue screen came while analyzing drives prior to a defrag. Any ideas? Thanks
     
  3. rka0

    rka0 Banned

    Joined:
    Oct 12, 2007
    Messages:
    1,281
  4. Doughbroz

    Doughbroz Thread Starter

    Joined:
    Dec 6, 2003
    Messages:
    111
    thanks for the reply, doing that now.
     
  5. Doughbroz

    Doughbroz Thread Starter

    Joined:
    Dec 6, 2003
    Messages:
    111
    Another blue screen error, driverirql while using nero, stop code just slightly different from the previous one. I have tried googling the error code, which helps not at all. The first 10 characters of the stop code just gives me a generic description of the problem, the entire code returns no result. Event viewer shows DCOM error, event ID 10005, but I can't copy and paste the description. There are four consecutive DCOM errors with the same ID starting several minutes after the blue screen The \Windows\minidump file is empty. I have also tried Windows Passport and for the life of me can't see how to send an error report. I am also getting a lot of code 51 warnings, 5 and 6 in a row, at several minute intervals, sometimes 5 of them almost exactly an hour apart. The source is shown as disk. On my reboot after the last blue screen, task manager showed WgaTray.exe running for quite a while, at one point using 99% for several seconds. No idea what that is. Helpppppppppppppppppp!
     
  6. rka0

    rka0 Banned

    Joined:
    Oct 12, 2007
    Messages:
    1,281
  7. joeyDneedshelp

    joeyDneedshelp

    Joined:
    May 20, 2007
    Messages:
    474
    hey umm idk if this is gonna help you or anyhting cause im just a noob :D but it helped my boot times down to 30 seconds its called TuneXP : http://www.download.com/TuneXP/3000-2086_4-10290928.html?tag=lst-1

    thats if ur running XP....just pull down the memory and sytem file button and check disbale paging executive and increase NTFS preformance...then at the bottom of tha drop down menu hit ultra fast boot....and that helped a lot :D good luck
     
  8. Doughbroz

    Doughbroz Thread Starter

    Joined:
    Dec 6, 2003
    Messages:
    111
    Thanks for the replies. rka, I looked at those links, most of them are things I have already done. I did try the speedup link in joey's post, and it helped some. Reboot time is acceptable, the blue screens are more of a concern to me. When I boot up, everything loads normally, then for several minutes task manager shows WgaTray.exe and MsMpEng.exe hogging cpu like crazy, which never happened before. Matter of fact, I don't recall seeing either of those before, ever. Something else I never saw before today, when I rebooted, on the screen where one chooses shut down or restart, there was an update icon pasted over the shut down icon. When I chose that, eleven Windows updates installed. Last I knew, this thing was set to download updates automatically, then ask me if i wanted to install them. Critical updates installed automatically. Now I'm wondering how long those updates have been waiting to install. It didn't tell me what they were either, just stayed on the shutdown screen until they installed and told me not to cut it off. Weird.
     
  9. joeyDneedshelp

    joeyDneedshelp

    Joined:
    May 20, 2007
    Messages:
    474
    yeah thats okay...i think they do that so when u go to bed and u want to shut off ur computer, it will just install the updates automatically then power off the computer...and do u have Mcafee? and that WGA is Windows Genuine Advantage Kit thing i think...Is your copy of windows legal?
     
  10. Doughbroz

    Doughbroz Thread Starter

    Joined:
    Dec 6, 2003
    Messages:
    111
    No McAfee, AVG. There's a HJT log in my first post, if that helps. It may be slightly different now, but no critical security programs have been changed. The WgaTray and MsMpEng are Windows related, I just never noticed them before, not to mention that they are using so much cpu after bootup, sometimes hitting 99%. This system is factory installed from Dell. My updates are still as previously set, automatically install at 3 AM, and this thing stays on 24/7, except for reboots.
     
  11. joeyDneedshelp

    joeyDneedshelp

    Joined:
    May 20, 2007
    Messages:
    474
    ohh okay..that MsMpEng is just your windows Defender...if i were u, i would uninstall it then reinstall (i don't like windows defender so i don't use it) and that WGA is an update im pretty sure..in ur tray there might even be an icon for it
     
  12. joeyDneedshelp

    joeyDneedshelp

    Joined:
    May 20, 2007
    Messages:
    474
    WGA.exe in ur task manager is ur Windows Genuine Advantage i think. If u look at ur tray in the bottom right, it should be in there.
     
  13. rka0

    rka0 Banned

    Joined:
    Oct 12, 2007
    Messages:
    1,281
  14. rka0

    rka0 Banned

    Joined:
    Oct 12, 2007
    Messages:
    1,281
  15. joeyDneedshelp

    joeyDneedshelp

    Joined:
    May 20, 2007
    Messages:
    474
    doughbroz...i think it might be ur RAM...how many sticks do u have and what kind? ddr ddr2 SD RD? any
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/668894

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice