Windows takes an hour to boot and then gives a BSOD message

**birdjaguar** · 05-24-2009, 12:40 AM

Quotes taken from XP support thread here:

http://www.techsupportforum.com/micr...ours-load.html

Quote:

Problem:
Upon boot windows seems to start normally, but only until it loads my desktop picture, then it stops/slows and it can take up to an hour or more to complete the load and place all icons etc. on the deskop. During this process nothing else works; afterwards all seems fine. This started a month or so ago and at first it took just a few extra minutes to load. That has gotten progressively longer. I used to be able to launch task manager to break in and open a separate program, but that doesn't work anymore. F8-ing into safemode works fine and the load goes quickly as expected.

Virus scans do not detect anything abnormal.

One interesting note is that once the slow load puts the clock in the lower right corner of the task bar, the clock stops keeping time until things return to normal, then it shows the correct time.

The only major change I've made recently in my system that is timed close to the start of this problem was the installation of Bump Top.

http://bumptop.com/

I have since uninstalled that software.

System:
OS XP pro SP 2
Dell Dimension E520
Zone alarm
Bit Defender
Opera 9
Desktop system

Quote:

Ok I unchecked everything in the msconfig startup and rebooted without any network cable conection (to modem and internet). There was no change, so I left it running and went to do errands. When I got back I had a blue screen with the following fatal error message: irql_not_less_or_equal. so i tried it again and watched the process.

rebooted at 3:55
3:59 task bar and clock appear
3 icons appear at 4:10
2 more icons at 4:08
22 total by 4:19 some though have a generic image
4:23 all icons showing many with generic image
Right click on desktop creates hourglass but no menu
5:10 same blue screen appears again
reboot in safe mode to post results

The blue screen was new I have not seen it before.

Quote:

Speed fan results:

HDO: 39C
Core1: 58C
Core 2: 58C

DSS file:

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by David at 21:43:56.15 on Sat 05/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.681 [GMT -6:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Documents and Settings\David\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3070409
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [1157840481] c:\progra~1\egames\bricks~1\register\egames~1.exe /r "c:\progra~1\egames\bricks~1\register\EGAMES~1.rpd"
StartupFolder: c:\docume~1\david\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {2F8963E7-0A09-48DE-AF71-8D6F46864C10} = 207.69.188.185,207.69.188.186
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-17 353672]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 gupdate1c94e76a7df3360;Google Update Service (gupdate1c94e76a7df3360);c:\program files\google\update\GoogleUpdate.exe [2008-11-24 133104]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\david\locals~1\temp\alsysio.sys --> c:\docume~1\david\locals~1\temp\ALSysIO.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]

=============== Created Last 30 ================

2009-05-23 21:07 <DIR> --d----- c:\program files\SpeedFan
2009-05-23 20:35 45 a------- c:\windows\system32\initdebug.nfo
2009-05-20 00:11 552 a------- c:\windows\system32\d3d8caps.dat
2009-05-10 11:40 <DIR> --d----- c:\docume~1\david\applic~1\BitDefender
2009-05-10 11:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-05-10 11:38 <DIR> --d----- c:\program files\common files\BitDefender

==================== Find3M ====================

2009-05-23 11:12 81,984 a------- c:\windows\system32\bdod.bin
2009-04-06 17:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-25 18:57 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-03-21 08:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 08:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 08:00 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-02-27 22:55 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2008-08-10 14:21 88 ---shr-- c:\windows\system32\DF5A5AA58E.sys
2008-08-10 14:21 4,076 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:44:25.56 ===============

Ried · 05-24-2009, 08:44 AM

Hello birdjaguar,

I'm not seeing any malware in your logs.

Quote:

The blue screen was new I have not seen it before.

What is the exact error message?

**birdjaguar** · 05-24-2009, 08:48 AM

irql_not_less_or_equal

Ried · 05-24-2009, 08:49 AM

Often times it references a file/driver as well. Do you recall seeing anything more than that? Load Windows again, and see if you can catch a file name along with that error.

**birdjaguar** · 05-24-2009, 08:51 AM

I first raised this problem in XP support yesterday and after several hours of effort was sent to the virus forum.

Ried · 05-24-2009, 08:51 AM

I understand that, and I read through that thread. Is there a file that is referenced along with that error message?

**birdjaguar** · 05-24-2009, 08:52 AM

Quote:

Originally Posted by Ried

Often times it references a file/driver as well. Do you recall seeing anything more than that? Load Windows again, and see if you can catch a file name along with that error.

I can load normally and take better notes. Yesterday it took over an hour to get to the blue screen.

**birdjaguar** · 05-24-2009, 08:56 AM

I be back as soon as I get the blue screen. Thanks for your help.

Ried · 05-24-2009, 09:00 AM

Let's hope there is a file referenced as it would give a major clue as to what the problem is. While malware will often produce irql_not_less_or_equal errors, I am not seeing anything in your gmer scan results. Windows loads in Safe Mode. Both things considered, your error is pointing to a driver issue, not malware

1972vet · 05-24-2009, 09:32 AM

Oh my...I'm very sorry. I've made a terrible mistake sending my post. It seems me and "Reid" were on the same page at the same time. I've removed my recommendations.
Please carry on with your help. You are indeed in very good hands.
Again, very sorry.

**birdjaguar** · 05-24-2009, 10:56 AM

It took an hour and 45 minutes to boot and this time it did not give me a blue screen. It loaded "without a problem", but everything is moving very slowly. During the loading process the icons loaded first. They took about an hour. The task bar took the another 45 minutes. During the process windows start key and Cntrl alt Del did not work nor did double clicking on an app. But once it was finished loading, all the commands I had previously tried happened.

Ried · 05-24-2009, 11:14 AM

I still don't believe this to be malware related. I don't know if you saw 1972Vet's post before he edited it, but it had some very good points and suggestions. Instead of sending you back to your other thread, I've asked 1972Vet to take over here. He'll respond as soon as he has the chance.

**birdjaguar** · 05-24-2009, 03:13 PM

Thanks, I did not see his post pre edit, but look forward to his comments.

**birdjaguar** · 05-24-2009, 06:43 PM

I've been using this computer since the successful 1:45 boot process and most things seem normal, except my mouse. It tends to jump about (especially to the top left cornter of the screen) on its own; it highlights things as I move it around without any input on my part. Mouse clicks seem to be ineffective about 30% of the time and I have to click multiple times to have it take effect.

1972vet · 05-24-2009, 06:57 PM

Greetings birdjaguar,

"Ried" has requested that I restore the information I posted originally and take over this thread. Below you'll find my original response:

Quote:

This started a month or so ago

...Did you by chance, reinstall the operating system about a month ago, or perhaps use a restore point? If so, in the event that you reinstalled, have you since reinstalled all the software that relates to your installed hardware?

Even if you just used a restore point, you may have selected a date prior to the date of some installed software relating to one or more pieces of your connected hardware. The reason I've asked about this is based upon your description of events. On boot up, your system's bios is looking for instructions as to what it should do with any hardware that it finds connected to your computer. If it finds no instructions (which happens to be the related software), then it can indeed take an extraordinarily long time before the system starts up. In this scenario, the system behaves normal when it loads, just exactly as you have described.

Nevertheless, I did make some notes regarding the information in the logs you provided. I've been studying these for the last hour or so...

There are some "Event Log" issues that you should look into.

Quote:

The following boot-start or system-start driver(s) failed to load: Fips intelppm

Fips must be part of a program you have installed that involves or uses "Federal Information Processing Standards" (FIPS)
Check to see if you've disabled this using msconfig or if the software just needs to be updated...then again, This may apply. You would know that, I would not.

This one indicates what I've asked about above. It seems to be a driver for some "still camera" attached for which there is either no installed software, or perhaps you've disabled this using msconfig:

Quote:

DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server

...and this one

Quote:

The USB-IDE Bridge service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

...may also relate to something you'ved disabled in msconfig.

While we troubleshoot this issue with you, please return to your msconfig utility and re-enable everything that you disabled.

Additionally, I've noted that you have some installed software that will cause you some security problems:
Java(TM) 6 Update 3
Java(TM) 6 Update 7 <--These two Java instlallations are both outdated and unnecessary...in time, some youngster will find a way to exploit them
LimeWire 4.18.8 <--and this one is a file sharing program that is widely known for causing heartburn
...please uninstall them.

Another installed software problem I noted is McAfee spamkiller...which is no longer supported. McAfee recommends removing it and upgrading...of course, that will cost you. I personally would recommend uninstalling it and using one of the many time tested "Free" applications available on the public domain.

Finally, this program:
Core Temp
...is free so you can reinstall it later if you like but for the time being, let's uninstall it too. I could be wrong, but I believe it's still in beta. Regardless, there have been users report problems with the application and with having "SpeedFan" installed, it seems to me you wouldn't need it anyway.

Post back and let us know if after following these recommendations you've noticed any improvement. Thanks!

**birdjaguar** · 05-24-2009, 07:27 PM

Hello and thanks!

Quote: