PDA

View Full Version : Slow Boot Times and Security Essentials



Lizard
13-01-2010, 09:22 PM
I installed MS Security Essentials last week, and now my boot time has gone from 45s to nearly 3 mins. It shows the Win7 splash screen, and then the HDD stops for a couple of minutes, then it goes to the welcome screen and then into windows. I ran MSconfig and chose the diagnostic option, which disabled all the startup programs, and it booted in 45s again. I then re-ticked MSSE (nothing else), and back to 3 mins. It's pretty clear that MSSE is the culprit - does anyone know why it's doing this, and more importantly, how to fix it? MSSE is running at the default options.

xyz823
13-01-2010, 09:24 PM
I installed MS Security Essentials last week, and now my boot time has gone from 45s to nearly 3 mins. It shows the Win7 splash screen, and then the HDD stops for a couple of minutes, then it goes to the welcome screen and then into windows. I ran MSconfig and chose the diagnostic option, which disabled all the startup programs, and it booted in 45s again. I then re-ticked MSSE (nothing else), and back to 3 mins. It's pretty clear that MSSE is the culprit - does anyone know why it's doing this, and more importantly, how to fix it? MSSE is running at the default options.

Have a look in MSSE settings/options. It may be doing a startup file check or other things on startup. Happened to me with ESET.

Speedy Gonzales
13-01-2010, 09:32 PM
It does slow things down, you'll see entries in event viewer. You'll probably have to wait till MS bring an update out. It can also take the CPU usage to 100%, with some programs

gary67
14-01-2010, 05:42 AM
Turn off scanning at startup and I have turned off the scheduled scan and just run it when I am going out solved both issues

Lizard
14-01-2010, 08:04 PM
I looked for a scan at startup option, but couldn't find it. Directions, please?

Speedy Gonzales
14-01-2010, 08:08 PM
Probably have to remove its entry in startup. Altho this wont help, since the culprit still runs (mspmpeng.exe). You'll have to kill realtime scanning

lakewoodlady
14-01-2010, 09:20 PM
I found that boot time is quicker with MSSE than it was with Avast!

LL

linw
15-01-2010, 01:07 PM
I have seen no problems on the 8 or so machines I have installed it on. Funny that it seems to behave badly at times.

There is no scan on startup provision so it can't be stopped!!

wainuitech
15-01-2010, 01:26 PM
A lot has to do with the power of the machine as well. Several Xp's I have put it on, no problems, BUT if the CPU is on the smaller side :sleep Example, a underpowered HP / XP only had a celeron 1GHz CPU MSSE took around 4 minutes just to start after booting into the desktop.

Speedy Gonzales
15-01-2010, 04:58 PM
Even with a dual core 2.8, it takes longer to load. When MSSE is installed. Only diff I've noticed is, there isnt a lot of high cpu usage in Win7. Like there is with XP.

Lizard
18-01-2010, 05:48 PM
Okay, well the 45s boot with MSSE turned off happened only that one time, and now, no matter what I try, it still stubbornly refuses to boot in under 3 mins. That's even with all non-MS services disabled, and all startup programs disabled. So I've installed HijackThis and got a logfile. Speedy, can you see anything in this?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:36 p.m., on 18/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker. exe
C:\Users\Peter\Bluebirds\BlueBirds.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [bluebirds] C:\Users\Peter\Bluebirds\BlueBirds.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlServi ce.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7885 bytes

Speedy Gonzales
18-01-2010, 05:54 PM
Even if you disable the exe in startup its MsMpeng.exe that causes the slowdown. And WHERE did you disable the services? Not in Msconfig I hope.

Coz you shouldnt disable them here

You can tick these then tick fix checked or use ccleaner

Close browsers

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

Whats this?

C:\Users\Peter\Bluebirds\BlueBirds.exe

Lizard
18-01-2010, 06:31 PM
Thanks Speedy, I'll try that. I did disable the non-MS services in MS Config, but it was suggested in this MS support page. http://support.microsoft.com/kb/929135/en-us

What is MsMpeng.exe - something to do with MSSE?

As for Bluebirds, I'm not entirely sure, but it's something to do with the LG DVD drive. Even when there is no DVD in the drive, it shows the following files "currently on the disc" - autorun.inf, BlueBirds.exe, Drag&Burn.exe, Setup.exe.

Lizard
18-01-2010, 06:40 PM
I've fixed the four entries listed, but there's no impact on boot time - still around 3 mins.

I notice there's a lot of "files missing" entries at the end of the logfile. Is this anything significant?

Speedy Gonzales
18-01-2010, 06:48 PM
MsMpeng.exe is the anti-malware service exe for MSSE. Thats the file that makes the cpu usage go to 100%. And what slows you down on bootup. It'll tell you this under performance in control panel. Its because HJT doesnt know what the version of windows is, if its Windows 7. Dont worry about it. Well you shouldnt disable services under msconfig you do it in services. If its going to be permanent. I've never heard of bluebirds.exe

Lizard
18-01-2010, 06:55 PM
So if MsMpeng.exe is the cause of the slowdown, does it affect everyone, or is it just me? And is there any way to either speed it up, or disable it?

gary67
18-01-2010, 06:59 PM
It is also part of windows malicious software removal tool. I did disable it once then found out it was invoked during the scheduled scan, so I canned that and rely on the real time action and just do a manual scan when the comp is free for an hour or so

Speedy Gonzales
18-01-2010, 07:01 PM
Well its slowed this down as well. It used to boot faster. Not much you can do about it. Unless you uninstall it. Or kill the real time scanning. But then you'll have to open MSSE all the time. Which will be annoying

Lizard
18-01-2010, 08:12 PM
Well, I killed MSSE, but it's still taking close to 3 mins to boot up, so I think it's safe to say that it wasn't the culprit. Anyone else have any ideas about what might be causing the long boot times?

Speedy Gonzales
18-01-2010, 08:23 PM
Kill sidebar. That'll also slow you down, and windows search in services (disable it). And indexing. And tick the services you disabled in msconfig

Chilling_Silence
19-01-2010, 07:40 AM
I've contacted Microsoft directly about this to see what they have to say for themselves about MSE. The CPU spiking is still left over from the OneCare days ...

Lizard
19-01-2010, 10:43 PM
Well I've finally solved the mystery of the slow boot times. I partially disassembled the computer to try address some instability issues, by checking things like unseated RAM and so on, and in the process I disconnected all the cables. After I reassembled everything, I plugged in just the basics - video, mouse, keyboard, and wireless adaptor. Lo and behold, boot to windows from cold in 35s. I fixed my gaze upon the only device not plugged in - the printer...

I had the printer plugged in via USB, but because it was a little too far away, so I found a male to female USB cable, and used that as an extension. Troubleshooting confirmed that this cable was the cause. With it, boot time was 28 to finish POST, and another 2 mins to Windows. Without it, 3s to finish POST, and 35s total to Windows. I've now moved the printer a little closer to the computer.

Apologies to MS for the slander about MSSE...

gary67
20-01-2010, 05:47 AM
Stunning result who would have guessed not me