John John - MVP wrote:
> Richard wrote:
>> On 24/06/2010 15:09, John John - MVP wrote:
>>>
>>> John John - MVP wrote:
>>>> Richard wrote:
>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>> (with
>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>> before
>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>> of the
>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>> Windows
>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>> System
>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>> found.
>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>> found
>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>> suddenly
>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>> in the
>>>>>>>>> drive and tried a repair but this driver cannot be located there,
>>>>>>>>> and
>>>>>>>>> I have googled for it but with no luck. Can anyone suggest where I
>>>>>>>>> might find this system file, or maybe even search for it on their
>>>>>>>>> own
>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>> help
>>>>>>>>> in advance.
>>>>>>>>
>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>> for this
>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>> virus or
>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>> machine is
>>>>>>>> free of any pests.
>>>>>>>>
>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>> file? It
>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>> that
>>>>>>>> the entry is just a remnant.
>>>>>>>>
>>>>>>>> John
>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>> which
>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>> 3)/services/bthex/ (and
>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these
>>>>>>> references, could that help??
>>>>>>
>>>>>> Is it in the CurrentControlSet?
>>>>>>
>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>> mention this BTHEX driver:
>>>>>>
>>>>>> Device Manager does not display devices that are not connected to the
>>>>>> Windows XP-based computer
>>>>>> http://support.microsoft.com/kb/315539
>>>>>>
>>>>>> This little batch file will automatically set the Device Manager to
>>>>>> show
>>>>>> phantom devices and open it for you:
>>>>>>
>>>>>> ----------------------------------------------------
>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>> start devmgmt.msc
>>>>>> ----------------------------------------------------
>>>>>>
>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>> have
>>>>>> permission to do so, grant yourself the necessary permissions and you
>>>>>> will be able to remove the keys. Before you do that keep in mind that
>>>>>> there is a good reason why only the System account has permission to
>>>>>> delete keys in the in the \Enum branch! It would be best to remove
>>>>>> the
>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>> keys.
>>>>>>
>>>>>> Before you change the permissions and delete keys please read the
>>>>>> following:
>>>>>>
>>>>>> Enum
>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>
>>>>>> System and Startup Settings
>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>
>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>
>>>>>> John
>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>> No mention in Device Manager, or after running your batch file. I
>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>> if I did want to?? I will read the articles you mention, but since
>>>>> this is the file that is causing my 20 min startup delay,
>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>> for it?? Thanks again.
>>>>
>>>> The registry permissions are just like regular NTFS file permissions,
>>>> just right click on the offending key and select Permissions...
>>>>
>>>> If you are convinced that this is the culprit and if you cannot remove
>>>> the device from the Device Manager then just grant yourself full
>>>> control on the key and delete it. For the time being remove it in the
>>>> CurrentControlSet only! If the Windows installation balks at its
>>>> removal (when you reboot) just boot to the Last Known Good
>>>> Configuration.
>>>
>>> PS. The problem is more likely to be caused by the status of the service
>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>> suggest that you remove or disable the service there. To disable the
>>> service set its Start value to 4.
>>>
>>> John
>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>> problem is still there, but Event Viewer no longer reports a problem
>> in looking for bthex. So I presume bthex, whatever it is, is *not* the
>> reason for my slow progress bar in booting up. Any ideas as to what it
>> might now be? Could it be something to do with Power On Self Testing,
>> or if not is there any way of diagnosing why this has suddenly started
>> occuring? Cheers.
>
> I think that what you are seeing is part of the Windows boot process
> rather than the POST routine, an easy way to tell would be to press/tap
> the F8 key when the computer is booting and see how long it takes for
> the advanced Windows boot options show up. Or put a second (phony) line
> in the boot.ini file and see how long it takes for ntldr to parse and
> present the boot menu.
What is the make and model of the computer? If you determine that the
hang is happening before the Windows boot process you can look in the
BIOS and see if you have a non present IDE device enabled. Some
computers (older Dells, for example) will hang for a very long time
after/during the POST routine if a hard drive enabled in the BIOS is not
present.
John
Missing boot-start driver bthex.dll
Moderators: DllAdmin, DLLADMIN ONLY
Re: Missing boot-start driver bthex.dll
On 24/06/2010 17:22, John John - MVP wrote:
> Richard wrote:
>> On 24/06/2010 15:09, John John - MVP wrote:
>>>
>>> John John - MVP wrote:
>>>> Richard wrote:
>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>> (with
>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>> before
>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>> of the
>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>> Windows
>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>> System
>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>> found.
>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>> found
>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>> suddenly
>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>> in the
>>>>>>>>> drive and tried a repair but this driver cannot be located there,
>>>>>>>>> and
>>>>>>>>> I have googled for it but with no luck. Can anyone suggest where I
>>>>>>>>> might find this system file, or maybe even search for it on their
>>>>>>>>> own
>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>> help
>>>>>>>>> in advance.
>>>>>>>>
>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>> for this
>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>> virus or
>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>> machine is
>>>>>>>> free of any pests.
>>>>>>>>
>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>> file? It
>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>> that
>>>>>>>> the entry is just a remnant.
>>>>>>>>
>>>>>>>> John
>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>> which
>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>> 3)/services/bthex/ (and
>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these
>>>>>>> references, could that help??
>>>>>>
>>>>>> Is it in the CurrentControlSet?
>>>>>>
>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>> mention this BTHEX driver:
>>>>>>
>>>>>> Device Manager does not display devices that are not connected to the
>>>>>> Windows XP-based computer
>>>>>> http://support.microsoft.com/kb/315539
>>>>>>
>>>>>> This little batch file will automatically set the Device Manager to
>>>>>> show
>>>>>> phantom devices and open it for you:
>>>>>>
>>>>>> ----------------------------------------------------
>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>> start devmgmt.msc
>>>>>> ----------------------------------------------------
>>>>>>
>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>> have
>>>>>> permission to do so, grant yourself the necessary permissions and you
>>>>>> will be able to remove the keys. Before you do that keep in mind that
>>>>>> there is a good reason why only the System account has permission to
>>>>>> delete keys in the in the \Enum branch! It would be best to remove
>>>>>> the
>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>> keys.
>>>>>>
>>>>>> Before you change the permissions and delete keys please read the
>>>>>> following:
>>>>>>
>>>>>> Enum
>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>
>>>>>> System and Startup Settings
>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>
>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>
>>>>>> John
>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>> No mention in Device Manager, or after running your batch file. I
>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>> if I did want to?? I will read the articles you mention, but since
>>>>> this is the file that is causing my 20 min startup delay,
>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>> for it?? Thanks again.
>>>>
>>>> The registry permissions are just like regular NTFS file permissions,
>>>> just right click on the offending key and select Permissions...
>>>>
>>>> If you are convinced that this is the culprit and if you cannot remove
>>>> the device from the Device Manager then just grant yourself full
>>>> control on the key and delete it. For the time being remove it in the
>>>> CurrentControlSet only! If the Windows installation balks at its
>>>> removal (when you reboot) just boot to the Last Known Good
>>>> Configuration.
>>>
>>> PS. The problem is more likely to be caused by the status of the service
>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>> suggest that you remove or disable the service there. To disable the
>>> service set its Start value to 4.
>>>
>>> John
>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>> problem is still there, but Event Viewer no longer reports a problem
>> in looking for bthex. So I presume bthex, whatever it is, is *not* the
>> reason for my slow progress bar in booting up. Any ideas as to what it
>> might now be? Could it be something to do with Power On Self Testing,
>> or if not is there any way of diagnosing why this has suddenly started
>> occuring? Cheers.
>
> I think that what you are seeing is part of the Windows boot process
> rather than the POST routine, an easy way to tell would be to press/tap
> the F8 key when the computer is booting and see how long it takes for
> the advanced Windows boot options show up. Or put a second (phony) line
> in the boot.ini file and see how long it takes for ntldr to parse and
> present the boot menu.
>
> John
When I tap the F8 key the (by now usual) slow clicks and whirrs continue
for about 2 mins, then the white progress bar appears and continues
another 2 or 3 mins, and then at last the advanced options menu appears.
Choosing any option results in the correct procedure, but another 15
mins for the bar to disappear and the Windows start-up logo to kick in.
Before all this began, the advanced options screen would appear within
seconds. Does this indicate Windows boot routine or POST, and if so what
does this indicate? If I placed a phony line in boot.ini what would the
length of time tell me? Thank you very much for all your help with this.
Richard.
> Richard wrote:
>> On 24/06/2010 15:09, John John - MVP wrote:
>>>
>>> John John - MVP wrote:
>>>> Richard wrote:
>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>> (with
>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>> before
>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>> of the
>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>> Windows
>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>> System
>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>> found.
>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>> found
>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>> suddenly
>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>> in the
>>>>>>>>> drive and tried a repair but this driver cannot be located there,
>>>>>>>>> and
>>>>>>>>> I have googled for it but with no luck. Can anyone suggest where I
>>>>>>>>> might find this system file, or maybe even search for it on their
>>>>>>>>> own
>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>> help
>>>>>>>>> in advance.
>>>>>>>>
>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>> for this
>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>> virus or
>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>> machine is
>>>>>>>> free of any pests.
>>>>>>>>
>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>> file? It
>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>> that
>>>>>>>> the entry is just a remnant.
>>>>>>>>
>>>>>>>> John
>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>> which
>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>> 3)/services/bthex/ (and
>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these
>>>>>>> references, could that help??
>>>>>>
>>>>>> Is it in the CurrentControlSet?
>>>>>>
>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>> mention this BTHEX driver:
>>>>>>
>>>>>> Device Manager does not display devices that are not connected to the
>>>>>> Windows XP-based computer
>>>>>> http://support.microsoft.com/kb/315539
>>>>>>
>>>>>> This little batch file will automatically set the Device Manager to
>>>>>> show
>>>>>> phantom devices and open it for you:
>>>>>>
>>>>>> ----------------------------------------------------
>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>> start devmgmt.msc
>>>>>> ----------------------------------------------------
>>>>>>
>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>> have
>>>>>> permission to do so, grant yourself the necessary permissions and you
>>>>>> will be able to remove the keys. Before you do that keep in mind that
>>>>>> there is a good reason why only the System account has permission to
>>>>>> delete keys in the in the \Enum branch! It would be best to remove
>>>>>> the
>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>> keys.
>>>>>>
>>>>>> Before you change the permissions and delete keys please read the
>>>>>> following:
>>>>>>
>>>>>> Enum
>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>
>>>>>> System and Startup Settings
>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>
>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>
>>>>>> John
>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>> No mention in Device Manager, or after running your batch file. I
>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>> if I did want to?? I will read the articles you mention, but since
>>>>> this is the file that is causing my 20 min startup delay,
>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>> for it?? Thanks again.
>>>>
>>>> The registry permissions are just like regular NTFS file permissions,
>>>> just right click on the offending key and select Permissions...
>>>>
>>>> If you are convinced that this is the culprit and if you cannot remove
>>>> the device from the Device Manager then just grant yourself full
>>>> control on the key and delete it. For the time being remove it in the
>>>> CurrentControlSet only! If the Windows installation balks at its
>>>> removal (when you reboot) just boot to the Last Known Good
>>>> Configuration.
>>>
>>> PS. The problem is more likely to be caused by the status of the service
>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>> suggest that you remove or disable the service there. To disable the
>>> service set its Start value to 4.
>>>
>>> John
>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>> problem is still there, but Event Viewer no longer reports a problem
>> in looking for bthex. So I presume bthex, whatever it is, is *not* the
>> reason for my slow progress bar in booting up. Any ideas as to what it
>> might now be? Could it be something to do with Power On Self Testing,
>> or if not is there any way of diagnosing why this has suddenly started
>> occuring? Cheers.
>
> I think that what you are seeing is part of the Windows boot process
> rather than the POST routine, an easy way to tell would be to press/tap
> the F8 key when the computer is booting and see how long it takes for
> the advanced Windows boot options show up. Or put a second (phony) line
> in the boot.ini file and see how long it takes for ntldr to parse and
> present the boot menu.
>
> John
When I tap the F8 key the (by now usual) slow clicks and whirrs continue
for about 2 mins, then the white progress bar appears and continues
another 2 or 3 mins, and then at last the advanced options menu appears.
Choosing any option results in the correct procedure, but another 15
mins for the bar to disappear and the Windows start-up logo to kick in.
Before all this began, the advanced options screen would appear within
seconds. Does this indicate Windows boot routine or POST, and if so what
does this indicate? If I placed a phony line in boot.ini what would the
length of time tell me? Thank you very much for all your help with this.
Richard.
Re: Missing boot-start driver bthex.dll
On 24/06/2010 17:35, John John - MVP wrote:
> John John - MVP wrote:
>> Richard wrote:
>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>
>>>> John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>> Richard wrote:
>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>> Richard wrote:
>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>>> (with
>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>>> before
>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>>> of the
>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>> Windows
>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>> System
>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>> found.
>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>> found
>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>> suddenly
>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>>> in the
>>>>>>>>>> drive and tried a repair but this driver cannot be located there,
>>>>>>>>>> and
>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>> where I
>>>>>>>>>> might find this system file, or maybe even search for it on their
>>>>>>>>>> own
>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>>> help
>>>>>>>>>> in advance.
>>>>>>>>>
>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>> for this
>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>> virus or
>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>> machine is
>>>>>>>>> free of any pests.
>>>>>>>>>
>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>> file? It
>>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>>> that
>>>>>>>>> the entry is just a remnant.
>>>>>>>>>
>>>>>>>>> John
>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>> which
>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>> 3)/services/bthex/ (and
>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>> these
>>>>>>>> references, could that help??
>>>>>>>
>>>>>>> Is it in the CurrentControlSet?
>>>>>>>
>>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>>> mention this BTHEX driver:
>>>>>>>
>>>>>>> Device Manager does not display devices that are not connected to
>>>>>>> the
>>>>>>> Windows XP-based computer
>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>
>>>>>>> This little batch file will automatically set the Device Manager to
>>>>>>> show
>>>>>>> phantom devices and open it for you:
>>>>>>>
>>>>>>> ----------------------------------------------------
>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>> start devmgmt.msc
>>>>>>> ----------------------------------------------------
>>>>>>>
>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>> have
>>>>>>> permission to do so, grant yourself the necessary permissions and
>>>>>>> you
>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>> that
>>>>>>> there is a good reason why only the System account has permission to
>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>> remove the
>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>> keys.
>>>>>>>
>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>> following:
>>>>>>>
>>>>>>> Enum
>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>
>>>>>>> System and Startup Settings
>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>
>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>
>>>>>>> John
>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>>> for it?? Thanks again.
>>>>>
>>>>> The registry permissions are just like regular NTFS file permissions,
>>>>> just right click on the offending key and select Permissions...
>>>>>
>>>>> If you are convinced that this is the culprit and if you cannot remove
>>>>> the device from the Device Manager then just grant yourself full
>>>>> control on the key and delete it. For the time being remove it in the
>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>> Configuration.
>>>>
>>>> PS. The problem is more likely to be caused by the status of the
>>>> service
>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>>> suggest that you remove or disable the service there. To disable the
>>>> service set its Start value to 4.
>>>>
>>>> John
>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>> problem is still there, but Event Viewer no longer reports a problem
>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>> the reason for my slow progress bar in booting up. Any ideas as to
>>> what it might now be? Could it be something to do with Power On Self
>>> Testing, or if not is there any way of diagnosing why this has
>>> suddenly started occuring? Cheers.
>>
>> I think that what you are seeing is part of the Windows boot process
>> rather than the POST routine, an easy way to tell would be to
>> press/tap the F8 key when the computer is booting and see how long it
>> takes for the advanced Windows boot options show up. Or put a second
>> (phony) line in the boot.ini file and see how long it takes for ntldr
>> to parse and present the boot menu.
>
> What is the make and model of the computer? If you determine that the
> hang is happening before the Windows boot process you can look in the
> BIOS and see if you have a non present IDE device enabled. Some
> computers (older Dells, for example) will hang for a very long time
> after/during the POST routine if a hard drive enabled in the BIOS is not
> present.
>
> John
It is a Compaq Presario 061 SR 1519UK. I will do that now, so will be
gone a while.
> John John - MVP wrote:
>> Richard wrote:
>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>
>>>> John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>> Richard wrote:
>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>> Richard wrote:
>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>>> (with
>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>>> before
>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>>> of the
>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>> Windows
>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>> System
>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>> found.
>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>> found
>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>> suddenly
>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>>> in the
>>>>>>>>>> drive and tried a repair but this driver cannot be located there,
>>>>>>>>>> and
>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>> where I
>>>>>>>>>> might find this system file, or maybe even search for it on their
>>>>>>>>>> own
>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>>> help
>>>>>>>>>> in advance.
>>>>>>>>>
>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>> for this
>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>> virus or
>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>> machine is
>>>>>>>>> free of any pests.
>>>>>>>>>
>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>> file? It
>>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>>> that
>>>>>>>>> the entry is just a remnant.
>>>>>>>>>
>>>>>>>>> John
>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>> which
>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>> 3)/services/bthex/ (and
>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>> these
>>>>>>>> references, could that help??
>>>>>>>
>>>>>>> Is it in the CurrentControlSet?
>>>>>>>
>>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>>> mention this BTHEX driver:
>>>>>>>
>>>>>>> Device Manager does not display devices that are not connected to
>>>>>>> the
>>>>>>> Windows XP-based computer
>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>
>>>>>>> This little batch file will automatically set the Device Manager to
>>>>>>> show
>>>>>>> phantom devices and open it for you:
>>>>>>>
>>>>>>> ----------------------------------------------------
>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>> start devmgmt.msc
>>>>>>> ----------------------------------------------------
>>>>>>>
>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>> have
>>>>>>> permission to do so, grant yourself the necessary permissions and
>>>>>>> you
>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>> that
>>>>>>> there is a good reason why only the System account has permission to
>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>> remove the
>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>> keys.
>>>>>>>
>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>> following:
>>>>>>>
>>>>>>> Enum
>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>
>>>>>>> System and Startup Settings
>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>
>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>
>>>>>>> John
>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>>> for it?? Thanks again.
>>>>>
>>>>> The registry permissions are just like regular NTFS file permissions,
>>>>> just right click on the offending key and select Permissions...
>>>>>
>>>>> If you are convinced that this is the culprit and if you cannot remove
>>>>> the device from the Device Manager then just grant yourself full
>>>>> control on the key and delete it. For the time being remove it in the
>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>> Configuration.
>>>>
>>>> PS. The problem is more likely to be caused by the status of the
>>>> service
>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>>> suggest that you remove or disable the service there. To disable the
>>>> service set its Start value to 4.
>>>>
>>>> John
>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>> problem is still there, but Event Viewer no longer reports a problem
>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>> the reason for my slow progress bar in booting up. Any ideas as to
>>> what it might now be? Could it be something to do with Power On Self
>>> Testing, or if not is there any way of diagnosing why this has
>>> suddenly started occuring? Cheers.
>>
>> I think that what you are seeing is part of the Windows boot process
>> rather than the POST routine, an easy way to tell would be to
>> press/tap the F8 key when the computer is booting and see how long it
>> takes for the advanced Windows boot options show up. Or put a second
>> (phony) line in the boot.ini file and see how long it takes for ntldr
>> to parse and present the boot menu.
>
> What is the make and model of the computer? If you determine that the
> hang is happening before the Windows boot process you can look in the
> BIOS and see if you have a non present IDE device enabled. Some
> computers (older Dells, for example) will hang for a very long time
> after/during the POST routine if a hard drive enabled in the BIOS is not
> present.
>
> John
It is a Compaq Presario 061 SR 1519UK. I will do that now, so will be
gone a while.
-
john john - mvp
- Posts: 37
- Joined: 30 Apr 2009, 23:00
Re: Missing boot-start driver bthex.dll
Richard wrote:
> On 24/06/2010 17:22, John John - MVP wrote:
>> Richard wrote:
>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>
>>>> John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>> Richard wrote:
>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>> Richard wrote:
>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>>> (with
>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>>> before
>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>>> of the
>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>> Windows
>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>> System
>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>> found.
>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>> found
>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>> suddenly
>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>>> in the
>>>>>>>>>> drive and tried a repair but this driver cannot be located there,
>>>>>>>>>> and
>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>> where I
>>>>>>>>>> might find this system file, or maybe even search for it on their
>>>>>>>>>> own
>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>>> help
>>>>>>>>>> in advance.
>>>>>>>>>
>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>> for this
>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>> virus or
>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>> machine is
>>>>>>>>> free of any pests.
>>>>>>>>>
>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>> file? It
>>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>>> that
>>>>>>>>> the entry is just a remnant.
>>>>>>>>>
>>>>>>>>> John
>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>> which
>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>> 3)/services/bthex/ (and
>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>> these
>>>>>>>> references, could that help??
>>>>>>>
>>>>>>> Is it in the CurrentControlSet?
>>>>>>>
>>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>>> mention this BTHEX driver:
>>>>>>>
>>>>>>> Device Manager does not display devices that are not connected to
>>>>>>> the
>>>>>>> Windows XP-based computer
>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>
>>>>>>> This little batch file will automatically set the Device Manager to
>>>>>>> show
>>>>>>> phantom devices and open it for you:
>>>>>>>
>>>>>>> ----------------------------------------------------
>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>> start devmgmt.msc
>>>>>>> ----------------------------------------------------
>>>>>>>
>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>> have
>>>>>>> permission to do so, grant yourself the necessary permissions and
>>>>>>> you
>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>> that
>>>>>>> there is a good reason why only the System account has permission to
>>>>>>> delete keys in the in the \Enum branch! It would be best to remove
>>>>>>> the
>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>> keys.
>>>>>>>
>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>> following:
>>>>>>>
>>>>>>> Enum
>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>
>>>>>>> System and Startup Settings
>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>
>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>
>>>>>>> John
>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>>> for it?? Thanks again.
>>>>>
>>>>> The registry permissions are just like regular NTFS file permissions,
>>>>> just right click on the offending key and select Permissions...
>>>>>
>>>>> If you are convinced that this is the culprit and if you cannot remove
>>>>> the device from the Device Manager then just grant yourself full
>>>>> control on the key and delete it. For the time being remove it in the
>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>> Configuration.
>>>>
>>>> PS. The problem is more likely to be caused by the status of the
>>>> service
>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>>> suggest that you remove or disable the service there. To disable the
>>>> service set its Start value to 4.
>>>>
>>>> John
>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>> problem is still there, but Event Viewer no longer reports a problem
>>> in looking for bthex. So I presume bthex, whatever it is, is *not* the
>>> reason for my slow progress bar in booting up. Any ideas as to what it
>>> might now be? Could it be something to do with Power On Self Testing,
>>> or if not is there any way of diagnosing why this has suddenly started
>>> occuring? Cheers.
>>
>> I think that what you are seeing is part of the Windows boot process
>> rather than the POST routine, an easy way to tell would be to press/tap
>> the F8 key when the computer is booting and see how long it takes for
>> the advanced Windows boot options show up. Or put a second (phony) line
>> in the boot.ini file and see how long it takes for ntldr to parse and
>> present the boot menu.
>>
>> John
> When I tap the F8 key the (by now usual) slow clicks and whirrs continue
> for about 2 mins, then the white progress bar appears and continues
> another 2 or 3 mins, and then at last the advanced options menu appears.
> Choosing any option results in the correct procedure, but another 15
> mins for the bar to disappear and the Windows start-up logo to kick in.
> Before all this began, the advanced options screen would appear within
> seconds. Does this indicate Windows boot routine or POST, and if so what
> does this indicate? If I placed a phony line in boot.ini what would the
> length of time tell me? Thank you very much for all your help with this.
When the boot.ini file contains only one ARC path, (like most Windows
installations), the boot loader (ntldr) simply parses the file and
proceeds to boot the default Windows installation without presenting the
user with a boot menu. When the boot.ini file contains more than one
line ntldr reads the file then presents a boot menu for a certain length
of time to allow the user to select which Windows installation to boot.
For example:
Most boot.ini files where only one Windows installation is present will
look something like this:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /fastdetect
In the above example the file only contains one ARC path:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
Ntldr sees that there is only one Windows installation present so it
doesn't present a boot menu and proceeds to load the default Windows
installation. If we were to add a second "phony" installation ntldr
would pause to allow the user to select which Windows installation to
boot, the boot.ini file could look like this:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
When seeing more than one ARC path lines ntldr will now pause when the
computer is booted and it will present the user with a boot menu
allowing the user to select one of the following:
Microsoft Windows XP Professional
Phony Windows
If no selection is made after the timeout= time ntldr will load the
default= operating system. With the above boot.ini file, if no
selection is made, after 30 seconds ntldr will load the
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
labeled "Microsoft Windows XP Professional". The stuff between the
quotation marks is for human eyes only, what you see on the boot menu,
so the above "Phony Windows" line is valid, you will see Phony Windows
as a boot option.
This is simply an option that allows you to gauge how much time it takes
for the BIOS to do it's stuff and load the MBR and then pass the boot
process to the boot sector of the active partition which then in turns
passes the boot process to the ntldr boot loader, only then (when the
boot sector passes the boot process to the boot loader) is Windows
involved, anything prior to that has nothing to do with Windows. So
what does all of this do? It simply allows one to gauge the time at
which Windows actually becomes involved in the boot process, it can
sometimes be helpful if one is having difficulties determining where the
boot process is at when it hangs after the POST test.
Your comments that there is whirling and clicking noises doesn't sound
too good, this can be a sign of a failing hard drive. A failing drive
can often be difficult to boot and it can take a long time to do so. I
would strongly suggest that you backup all your precious files and run
disk diagnostic utility from the drive manufacturer on the disk.
Another way to do a quick test is to open the box and touch the hard
disk, a failing whirling and clicking drive will usually also become
quite hot to the touch.
John
> On 24/06/2010 17:22, John John - MVP wrote:
>> Richard wrote:
>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>
>>>> John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>> Richard wrote:
>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>> Richard wrote:
>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>>> (with
>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>>> before
>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>>> of the
>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>> Windows
>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>> System
>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>> found.
>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>> found
>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>> suddenly
>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>>> in the
>>>>>>>>>> drive and tried a repair but this driver cannot be located there,
>>>>>>>>>> and
>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>> where I
>>>>>>>>>> might find this system file, or maybe even search for it on their
>>>>>>>>>> own
>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>>> help
>>>>>>>>>> in advance.
>>>>>>>>>
>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>> for this
>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>> virus or
>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>> machine is
>>>>>>>>> free of any pests.
>>>>>>>>>
>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>> file? It
>>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>>> that
>>>>>>>>> the entry is just a remnant.
>>>>>>>>>
>>>>>>>>> John
>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>> which
>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>> 3)/services/bthex/ (and
>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>> these
>>>>>>>> references, could that help??
>>>>>>>
>>>>>>> Is it in the CurrentControlSet?
>>>>>>>
>>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>>> mention this BTHEX driver:
>>>>>>>
>>>>>>> Device Manager does not display devices that are not connected to
>>>>>>> the
>>>>>>> Windows XP-based computer
>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>
>>>>>>> This little batch file will automatically set the Device Manager to
>>>>>>> show
>>>>>>> phantom devices and open it for you:
>>>>>>>
>>>>>>> ----------------------------------------------------
>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>> start devmgmt.msc
>>>>>>> ----------------------------------------------------
>>>>>>>
>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>> have
>>>>>>> permission to do so, grant yourself the necessary permissions and
>>>>>>> you
>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>> that
>>>>>>> there is a good reason why only the System account has permission to
>>>>>>> delete keys in the in the \Enum branch! It would be best to remove
>>>>>>> the
>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>> keys.
>>>>>>>
>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>> following:
>>>>>>>
>>>>>>> Enum
>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>
>>>>>>> System and Startup Settings
>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>
>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>
>>>>>>> John
>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>>> for it?? Thanks again.
>>>>>
>>>>> The registry permissions are just like regular NTFS file permissions,
>>>>> just right click on the offending key and select Permissions...
>>>>>
>>>>> If you are convinced that this is the culprit and if you cannot remove
>>>>> the device from the Device Manager then just grant yourself full
>>>>> control on the key and delete it. For the time being remove it in the
>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>> Configuration.
>>>>
>>>> PS. The problem is more likely to be caused by the status of the
>>>> service
>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>>> suggest that you remove or disable the service there. To disable the
>>>> service set its Start value to 4.
>>>>
>>>> John
>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>> problem is still there, but Event Viewer no longer reports a problem
>>> in looking for bthex. So I presume bthex, whatever it is, is *not* the
>>> reason for my slow progress bar in booting up. Any ideas as to what it
>>> might now be? Could it be something to do with Power On Self Testing,
>>> or if not is there any way of diagnosing why this has suddenly started
>>> occuring? Cheers.
>>
>> I think that what you are seeing is part of the Windows boot process
>> rather than the POST routine, an easy way to tell would be to press/tap
>> the F8 key when the computer is booting and see how long it takes for
>> the advanced Windows boot options show up. Or put a second (phony) line
>> in the boot.ini file and see how long it takes for ntldr to parse and
>> present the boot menu.
>>
>> John
> When I tap the F8 key the (by now usual) slow clicks and whirrs continue
> for about 2 mins, then the white progress bar appears and continues
> another 2 or 3 mins, and then at last the advanced options menu appears.
> Choosing any option results in the correct procedure, but another 15
> mins for the bar to disappear and the Windows start-up logo to kick in.
> Before all this began, the advanced options screen would appear within
> seconds. Does this indicate Windows boot routine or POST, and if so what
> does this indicate? If I placed a phony line in boot.ini what would the
> length of time tell me? Thank you very much for all your help with this.
When the boot.ini file contains only one ARC path, (like most Windows
installations), the boot loader (ntldr) simply parses the file and
proceeds to boot the default Windows installation without presenting the
user with a boot menu. When the boot.ini file contains more than one
line ntldr reads the file then presents a boot menu for a certain length
of time to allow the user to select which Windows installation to boot.
For example:
Most boot.ini files where only one Windows installation is present will
look something like this:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /fastdetect
In the above example the file only contains one ARC path:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
Ntldr sees that there is only one Windows installation present so it
doesn't present a boot menu and proceeds to load the default Windows
installation. If we were to add a second "phony" installation ntldr
would pause to allow the user to select which Windows installation to
boot, the boot.ini file could look like this:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
When seeing more than one ARC path lines ntldr will now pause when the
computer is booted and it will present the user with a boot menu
allowing the user to select one of the following:
Microsoft Windows XP Professional
Phony Windows
If no selection is made after the timeout= time ntldr will load the
default= operating system. With the above boot.ini file, if no
selection is made, after 30 seconds ntldr will load the
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
labeled "Microsoft Windows XP Professional". The stuff between the
quotation marks is for human eyes only, what you see on the boot menu,
so the above "Phony Windows" line is valid, you will see Phony Windows
as a boot option.
This is simply an option that allows you to gauge how much time it takes
for the BIOS to do it's stuff and load the MBR and then pass the boot
process to the boot sector of the active partition which then in turns
passes the boot process to the ntldr boot loader, only then (when the
boot sector passes the boot process to the boot loader) is Windows
involved, anything prior to that has nothing to do with Windows. So
what does all of this do? It simply allows one to gauge the time at
which Windows actually becomes involved in the boot process, it can
sometimes be helpful if one is having difficulties determining where the
boot process is at when it hangs after the POST test.
Your comments that there is whirling and clicking noises doesn't sound
too good, this can be a sign of a failing hard drive. A failing drive
can often be difficult to boot and it can take a long time to do so. I
would strongly suggest that you backup all your precious files and run
disk diagnostic utility from the drive manufacturer on the disk.
Another way to do a quick test is to open the box and touch the hard
disk, a failing whirling and clicking drive will usually also become
quite hot to the touch.
John
Re: Missing boot-start driver bthex.dll
On 24/06/2010 18:31, John John - MVP wrote:
>
> Richard wrote:
>> On 24/06/2010 17:22, John John - MVP wrote:
>>> Richard wrote:
>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>
>>>>> John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>>>> (with
>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>>>> before
>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>>>> of the
>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>> Windows
>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>>> System
>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>>> found.
>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>>> found
>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>> suddenly
>>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>>>> in the
>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>> there,
>>>>>>>>>>> and
>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>> where I
>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>> their
>>>>>>>>>>> own
>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>>>> help
>>>>>>>>>>> in advance.
>>>>>>>>>>
>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>>> for this
>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>> virus or
>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>> machine is
>>>>>>>>>> free of any pests.
>>>>>>>>>>
>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>> file? It
>>>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>>>> that
>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>> which
>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>> these
>>>>>>>>> references, could that help??
>>>>>>>>
>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>
>>>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>>>> mention this BTHEX driver:
>>>>>>>>
>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>> to the
>>>>>>>> Windows XP-based computer
>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>
>>>>>>>> This little batch file will automatically set the Device Manager to
>>>>>>>> show
>>>>>>>> phantom devices and open it for you:
>>>>>>>>
>>>>>>>> ----------------------------------------------------
>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>> start devmgmt.msc
>>>>>>>> ----------------------------------------------------
>>>>>>>>
>>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>>> have
>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>> and you
>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>> that
>>>>>>>> there is a good reason why only the System account has
>>>>>>>> permission to
>>>>>>>> delete keys in the in the \Enum branch! It would be best to remove
>>>>>>>> the
>>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>>> keys.
>>>>>>>>
>>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>>> following:
>>>>>>>>
>>>>>>>> Enum
>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>
>>>>>>>> System and Startup Settings
>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>
>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>
>>>>>>>> John
>>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>>>> for it?? Thanks again.
>>>>>>
>>>>>> The registry permissions are just like regular NTFS file permissions,
>>>>>> just right click on the offending key and select Permissions...
>>>>>>
>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>> remove
>>>>>> the device from the Device Manager then just grant yourself full
>>>>>> control on the key and delete it. For the time being remove it in the
>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>> Configuration.
>>>>>
>>>>> PS. The problem is more likely to be caused by the status of the
>>>>> service
>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>>>> suggest that you remove or disable the service there. To disable the
>>>>> service set its Start value to 4.
>>>>>
>>>>> John
>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>> problem is still there, but Event Viewer no longer reports a problem
>>>> in looking for bthex. So I presume bthex, whatever it is, is *not* the
>>>> reason for my slow progress bar in booting up. Any ideas as to what it
>>>> might now be? Could it be something to do with Power On Self Testing,
>>>> or if not is there any way of diagnosing why this has suddenly started
>>>> occuring? Cheers.
>>>
>>> I think that what you are seeing is part of the Windows boot process
>>> rather than the POST routine, an easy way to tell would be to press/tap
>>> the F8 key when the computer is booting and see how long it takes for
>>> the advanced Windows boot options show up. Or put a second (phony) line
>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>> present the boot menu.
>>>
>>> John
>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>> continue for about 2 mins, then the white progress bar appears and
>> continues another 2 or 3 mins, and then at last the advanced options
>> menu appears. Choosing any option results in the correct procedure,
>> but another 15 mins for the bar to disappear and the Windows start-up
>> logo to kick in. Before all this began, the advanced options screen
>> would appear within seconds. Does this indicate Windows boot routine
>> or POST, and if so what does this indicate? If I placed a phony line
>> in boot.ini what would the length of time tell me? Thank you very much
>> for all your help with this.
>
> When the boot.ini file contains only one ARC path, (like most Windows
> installations), the boot loader (ntldr) simply parses the file and
> proceeds to boot the default Windows installation without presenting the
> user with a boot menu. When the boot.ini file contains more than one
> line ntldr reads the file then presents a boot menu for a certain length
> of time to allow the user to select which Windows installation to boot.
>
> For example:
>
> Most boot.ini files where only one Windows installation is present will
> look something like this:
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
> Professional" /fastdetect
>
> In the above example the file only contains one ARC path:
>
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>
> Ntldr sees that there is only one Windows installation present so it
> doesn't present a boot menu and proceeds to load the default Windows
> installation. If we were to add a second "phony" installation ntldr
> would pause to allow the user to select which Windows installation to
> boot, the boot.ini file could look like this:
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
> Professional" /fastdetect
> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>
> When seeing more than one ARC path lines ntldr will now pause when the
> computer is booted and it will present the user with a boot menu
> allowing the user to select one of the following:
>
> Microsoft Windows XP Professional
> Phony Windows
>
> If no selection is made after the timeout= time ntldr will load the
> default= operating system. With the above boot.ini file, if no selection
> is made, after 30 seconds ntldr will load the
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
> labeled "Microsoft Windows XP Professional". The stuff between the
> quotation marks is for human eyes only, what you see on the boot menu,
> so the above "Phony Windows" line is valid, you will see Phony Windows
> as a boot option.
>
> This is simply an option that allows you to gauge how much time it takes
> for the BIOS to do it's stuff and load the MBR and then pass the boot
> process to the boot sector of the active partition which then in turns
> passes the boot process to the ntldr boot loader, only then (when the
> boot sector passes the boot process to the boot loader) is Windows
> involved, anything prior to that has nothing to do with Windows. So what
> does all of this do? It simply allows one to gauge the time at which
> Windows actually becomes involved in the boot process, it can sometimes
> be helpful if one is having difficulties determining where the boot
> process is at when it hangs after the POST test.
>
> Your comments that there is whirling and clicking noises doesn't sound
> too good, this can be a sign of a failing hard drive. A failing drive
> can often be difficult to boot and it can take a long time to do so. I
> would strongly suggest that you backup all your precious files and run
> disk diagnostic utility from the drive manufacturer on the disk. Another
> way to do a quick test is to open the box and touch the hard disk, a
> failing whirling and clicking drive will usually also become quite hot
> to the touch.
>
> John
John, Thnk you for all that detailed info which I will digest. The
whirring and clicking is actually present whenever a program is
executing, and always has been (I think). The machine is quite noisy.
However, I take your advice and will ensure good backup. I have done a
"chkdsk /r" over the last hour or so - all apparently OK. All this seems
to be happening before Windows gets involved, so could there be a
problem with MBR/boot sector/ntldr? If so, again what can I do to
rectify it? Also, after "fastdetect" in boot.ini, I have
"/NoExecute=OptIn". Should that be there? I can see Boot.ini in
msconfig, but I can't find it on the disk to put in another line. I will
continue later and post any results I may get to let you know if all
your help has got me anywhere. Thanks again.
Richard.
>
> Richard wrote:
>> On 24/06/2010 17:22, John John - MVP wrote:
>>> Richard wrote:
>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>
>>>>> John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>>>> (with
>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>>>> before
>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>>>> of the
>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>> Windows
>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>>> System
>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>>> found.
>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>>> found
>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>> suddenly
>>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>>>> in the
>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>> there,
>>>>>>>>>>> and
>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>> where I
>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>> their
>>>>>>>>>>> own
>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>>>> help
>>>>>>>>>>> in advance.
>>>>>>>>>>
>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>>> for this
>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>> virus or
>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>> machine is
>>>>>>>>>> free of any pests.
>>>>>>>>>>
>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>> file? It
>>>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>>>> that
>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>> which
>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>> these
>>>>>>>>> references, could that help??
>>>>>>>>
>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>
>>>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>>>> mention this BTHEX driver:
>>>>>>>>
>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>> to the
>>>>>>>> Windows XP-based computer
>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>
>>>>>>>> This little batch file will automatically set the Device Manager to
>>>>>>>> show
>>>>>>>> phantom devices and open it for you:
>>>>>>>>
>>>>>>>> ----------------------------------------------------
>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>> start devmgmt.msc
>>>>>>>> ----------------------------------------------------
>>>>>>>>
>>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>>> have
>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>> and you
>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>> that
>>>>>>>> there is a good reason why only the System account has
>>>>>>>> permission to
>>>>>>>> delete keys in the in the \Enum branch! It would be best to remove
>>>>>>>> the
>>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>>> keys.
>>>>>>>>
>>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>>> following:
>>>>>>>>
>>>>>>>> Enum
>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>
>>>>>>>> System and Startup Settings
>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>
>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>
>>>>>>>> John
>>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>>>> for it?? Thanks again.
>>>>>>
>>>>>> The registry permissions are just like regular NTFS file permissions,
>>>>>> just right click on the offending key and select Permissions...
>>>>>>
>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>> remove
>>>>>> the device from the Device Manager then just grant yourself full
>>>>>> control on the key and delete it. For the time being remove it in the
>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>> Configuration.
>>>>>
>>>>> PS. The problem is more likely to be caused by the status of the
>>>>> service
>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>>>> suggest that you remove or disable the service there. To disable the
>>>>> service set its Start value to 4.
>>>>>
>>>>> John
>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>> problem is still there, but Event Viewer no longer reports a problem
>>>> in looking for bthex. So I presume bthex, whatever it is, is *not* the
>>>> reason for my slow progress bar in booting up. Any ideas as to what it
>>>> might now be? Could it be something to do with Power On Self Testing,
>>>> or if not is there any way of diagnosing why this has suddenly started
>>>> occuring? Cheers.
>>>
>>> I think that what you are seeing is part of the Windows boot process
>>> rather than the POST routine, an easy way to tell would be to press/tap
>>> the F8 key when the computer is booting and see how long it takes for
>>> the advanced Windows boot options show up. Or put a second (phony) line
>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>> present the boot menu.
>>>
>>> John
>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>> continue for about 2 mins, then the white progress bar appears and
>> continues another 2 or 3 mins, and then at last the advanced options
>> menu appears. Choosing any option results in the correct procedure,
>> but another 15 mins for the bar to disappear and the Windows start-up
>> logo to kick in. Before all this began, the advanced options screen
>> would appear within seconds. Does this indicate Windows boot routine
>> or POST, and if so what does this indicate? If I placed a phony line
>> in boot.ini what would the length of time tell me? Thank you very much
>> for all your help with this.
>
> When the boot.ini file contains only one ARC path, (like most Windows
> installations), the boot loader (ntldr) simply parses the file and
> proceeds to boot the default Windows installation without presenting the
> user with a boot menu. When the boot.ini file contains more than one
> line ntldr reads the file then presents a boot menu for a certain length
> of time to allow the user to select which Windows installation to boot.
>
> For example:
>
> Most boot.ini files where only one Windows installation is present will
> look something like this:
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
> Professional" /fastdetect
>
> In the above example the file only contains one ARC path:
>
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>
> Ntldr sees that there is only one Windows installation present so it
> doesn't present a boot menu and proceeds to load the default Windows
> installation. If we were to add a second "phony" installation ntldr
> would pause to allow the user to select which Windows installation to
> boot, the boot.ini file could look like this:
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
> Professional" /fastdetect
> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>
> When seeing more than one ARC path lines ntldr will now pause when the
> computer is booted and it will present the user with a boot menu
> allowing the user to select one of the following:
>
> Microsoft Windows XP Professional
> Phony Windows
>
> If no selection is made after the timeout= time ntldr will load the
> default= operating system. With the above boot.ini file, if no selection
> is made, after 30 seconds ntldr will load the
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
> labeled "Microsoft Windows XP Professional". The stuff between the
> quotation marks is for human eyes only, what you see on the boot menu,
> so the above "Phony Windows" line is valid, you will see Phony Windows
> as a boot option.
>
> This is simply an option that allows you to gauge how much time it takes
> for the BIOS to do it's stuff and load the MBR and then pass the boot
> process to the boot sector of the active partition which then in turns
> passes the boot process to the ntldr boot loader, only then (when the
> boot sector passes the boot process to the boot loader) is Windows
> involved, anything prior to that has nothing to do with Windows. So what
> does all of this do? It simply allows one to gauge the time at which
> Windows actually becomes involved in the boot process, it can sometimes
> be helpful if one is having difficulties determining where the boot
> process is at when it hangs after the POST test.
>
> Your comments that there is whirling and clicking noises doesn't sound
> too good, this can be a sign of a failing hard drive. A failing drive
> can often be difficult to boot and it can take a long time to do so. I
> would strongly suggest that you backup all your precious files and run
> disk diagnostic utility from the drive manufacturer on the disk. Another
> way to do a quick test is to open the box and touch the hard disk, a
> failing whirling and clicking drive will usually also become quite hot
> to the touch.
>
> John
John, Thnk you for all that detailed info which I will digest. The
whirring and clicking is actually present whenever a program is
executing, and always has been (I think). The machine is quite noisy.
However, I take your advice and will ensure good backup. I have done a
"chkdsk /r" over the last hour or so - all apparently OK. All this seems
to be happening before Windows gets involved, so could there be a
problem with MBR/boot sector/ntldr? If so, again what can I do to
rectify it? Also, after "fastdetect" in boot.ini, I have
"/NoExecute=OptIn". Should that be there? I can see Boot.ini in
msconfig, but I can't find it on the disk to put in another line. I will
continue later and post any results I may get to let you know if all
your help has got me anywhere. Thanks again.
Richard.
Re: Missing boot-start driver bthex.dll
On 24/06/2010 18:31, John John - MVP wrote:
>
> Richard wrote:
>> On 24/06/2010 17:22, John John - MVP wrote:
>>> Richard wrote:
>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>
>>>>> John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>>>> (with
>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>>>> before
>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>>>> of the
>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>> Windows
>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>>> System
>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>>> found.
>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>>> found
>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>> suddenly
>>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>>>> in the
>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>> there,
>>>>>>>>>>> and
>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>> where I
>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>> their
>>>>>>>>>>> own
>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>>>> help
>>>>>>>>>>> in advance.
>>>>>>>>>>
>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>>> for this
>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>> virus or
>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>> machine is
>>>>>>>>>> free of any pests.
>>>>>>>>>>
>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>> file? It
>>>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>>>> that
>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>> which
>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>> these
>>>>>>>>> references, could that help??
>>>>>>>>
>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>
>>>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>>>> mention this BTHEX driver:
>>>>>>>>
>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>> to the
>>>>>>>> Windows XP-based computer
>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>
>>>>>>>> This little batch file will automatically set the Device Manager to
>>>>>>>> show
>>>>>>>> phantom devices and open it for you:
>>>>>>>>
>>>>>>>> ----------------------------------------------------
>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>> start devmgmt.msc
>>>>>>>> ----------------------------------------------------
>>>>>>>>
>>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>>> have
>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>> and you
>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>> that
>>>>>>>> there is a good reason why only the System account has
>>>>>>>> permission to
>>>>>>>> delete keys in the in the \Enum branch! It would be best to remove
>>>>>>>> the
>>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>>> keys.
>>>>>>>>
>>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>>> following:
>>>>>>>>
>>>>>>>> Enum
>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>
>>>>>>>> System and Startup Settings
>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>
>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>
>>>>>>>> John
>>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>>>> for it?? Thanks again.
>>>>>>
>>>>>> The registry permissions are just like regular NTFS file permissions,
>>>>>> just right click on the offending key and select Permissions...
>>>>>>
>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>> remove
>>>>>> the device from the Device Manager then just grant yourself full
>>>>>> control on the key and delete it. For the time being remove it in the
>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>> Configuration.
>>>>>
>>>>> PS. The problem is more likely to be caused by the status of the
>>>>> service
>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>>>> suggest that you remove or disable the service there. To disable the
>>>>> service set its Start value to 4.
>>>>>
>>>>> John
>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>> problem is still there, but Event Viewer no longer reports a problem
>>>> in looking for bthex. So I presume bthex, whatever it is, is *not* the
>>>> reason for my slow progress bar in booting up. Any ideas as to what it
>>>> might now be? Could it be something to do with Power On Self Testing,
>>>> or if not is there any way of diagnosing why this has suddenly started
>>>> occuring? Cheers.
>>>
>>> I think that what you are seeing is part of the Windows boot process
>>> rather than the POST routine, an easy way to tell would be to press/tap
>>> the F8 key when the computer is booting and see how long it takes for
>>> the advanced Windows boot options show up. Or put a second (phony) line
>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>> present the boot menu.
>>>
>>> John
>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>> continue for about 2 mins, then the white progress bar appears and
>> continues another 2 or 3 mins, and then at last the advanced options
>> menu appears. Choosing any option results in the correct procedure,
>> but another 15 mins for the bar to disappear and the Windows start-up
>> logo to kick in. Before all this began, the advanced options screen
>> would appear within seconds. Does this indicate Windows boot routine
>> or POST, and if so what does this indicate? If I placed a phony line
>> in boot.ini what would the length of time tell me? Thank you very much
>> for all your help with this.
>
> When the boot.ini file contains only one ARC path, (like most Windows
> installations), the boot loader (ntldr) simply parses the file and
> proceeds to boot the default Windows installation without presenting the
> user with a boot menu. When the boot.ini file contains more than one
> line ntldr reads the file then presents a boot menu for a certain length
> of time to allow the user to select which Windows installation to boot.
>
> For example:
>
> Most boot.ini files where only one Windows installation is present will
> look something like this:
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
> Professional" /fastdetect
>
> In the above example the file only contains one ARC path:
>
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>
> Ntldr sees that there is only one Windows installation present so it
> doesn't present a boot menu and proceeds to load the default Windows
> installation. If we were to add a second "phony" installation ntldr
> would pause to allow the user to select which Windows installation to
> boot, the boot.ini file could look like this:
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
> Professional" /fastdetect
> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>
> When seeing more than one ARC path lines ntldr will now pause when the
> computer is booted and it will present the user with a boot menu
> allowing the user to select one of the following:
>
> Microsoft Windows XP Professional
> Phony Windows
>
> If no selection is made after the timeout= time ntldr will load the
> default= operating system. With the above boot.ini file, if no selection
> is made, after 30 seconds ntldr will load the
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
> labeled "Microsoft Windows XP Professional". The stuff between the
> quotation marks is for human eyes only, what you see on the boot menu,
> so the above "Phony Windows" line is valid, you will see Phony Windows
> as a boot option.
>
> This is simply an option that allows you to gauge how much time it takes
> for the BIOS to do it's stuff and load the MBR and then pass the boot
> process to the boot sector of the active partition which then in turns
> passes the boot process to the ntldr boot loader, only then (when the
> boot sector passes the boot process to the boot loader) is Windows
> involved, anything prior to that has nothing to do with Windows. So what
> does all of this do? It simply allows one to gauge the time at which
> Windows actually becomes involved in the boot process, it can sometimes
> be helpful if one is having difficulties determining where the boot
> process is at when it hangs after the POST test.
>
> Your comments that there is whirling and clicking noises doesn't sound
> too good, this can be a sign of a failing hard drive. A failing drive
> can often be difficult to boot and it can take a long time to do so. I
> would strongly suggest that you backup all your precious files and run
> disk diagnostic utility from the drive manufacturer on the disk. Another
> way to do a quick test is to open the box and touch the hard disk, a
> failing whirling and clicking drive will usually also become quite hot
> to the touch.
>
> John
Found Boot.ini and added "phony" line. I got the phony choice after only
15 secs, so I now assume the BIOS is doing its stuff OK. There is then a
wait of 2 mins till the progress bar appears (or 1min to the Advanced
Options Screen if I had pressed F8, then 1 more min), then about 12 mins
to the Windows XP logo, then about 4 mins till my startup programs have
kicked in OK. So if it is Windows that is involved and not now the BIOS
or the POST, what can suddenly be causing this huge delay of 14 mins??
Any more help greatly appreciated.
Regards, Richard
>
> Richard wrote:
>> On 24/06/2010 17:22, John John - MVP wrote:
>>> Richard wrote:
>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>
>>>>> John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>>>>>> (with
>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>>>>>> before
>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom
>>>>>>>>>>> of the
>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>> Windows
>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>>> System
>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>>> found.
>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>>> found
>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>> suddenly
>>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD
>>>>>>>>>>> in the
>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>> there,
>>>>>>>>>>> and
>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>> where I
>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>> their
>>>>>>>>>>> own
>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>>>>>> help
>>>>>>>>>>> in advance.
>>>>>>>>>>
>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>>> for this
>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>> virus or
>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>> machine is
>>>>>>>>>> free of any pests.
>>>>>>>>>>
>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>> file? It
>>>>>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>>>>>> that
>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>> which
>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>> these
>>>>>>>>> references, could that help??
>>>>>>>>
>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>
>>>>>>>> Look for phantom devices in the Device Manager and see if any make
>>>>>>>> mention this BTHEX driver:
>>>>>>>>
>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>> to the
>>>>>>>> Windows XP-based computer
>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>
>>>>>>>> This little batch file will automatically set the Device Manager to
>>>>>>>> show
>>>>>>>> phantom devices and open it for you:
>>>>>>>>
>>>>>>>> ----------------------------------------------------
>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>> start devmgmt.msc
>>>>>>>> ----------------------------------------------------
>>>>>>>>
>>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>>> have
>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>> and you
>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>> that
>>>>>>>> there is a good reason why only the System account has
>>>>>>>> permission to
>>>>>>>> delete keys in the in the \Enum branch! It would be best to remove
>>>>>>>> the
>>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>>> keys.
>>>>>>>>
>>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>>> following:
>>>>>>>>
>>>>>>>> Enum
>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>
>>>>>>>> System and Startup Settings
>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>
>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>
>>>>>>>> John
>>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>> won't try to meddle with Enum, but how do I grant myself permission
>>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>> ex-infection or otherwise - how do I get rid of my system searching
>>>>>>> for it?? Thanks again.
>>>>>>
>>>>>> The registry permissions are just like regular NTFS file permissions,
>>>>>> just right click on the offending key and select Permissions...
>>>>>>
>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>> remove
>>>>>> the device from the Device Manager then just grant yourself full
>>>>>> control on the key and delete it. For the time being remove it in the
>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>> Configuration.
>>>>>
>>>>> PS. The problem is more likely to be caused by the status of the
>>>>> service
>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I
>>>>> suggest that you remove or disable the service there. To disable the
>>>>> service set its Start value to 4.
>>>>>
>>>>> John
>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>> problem is still there, but Event Viewer no longer reports a problem
>>>> in looking for bthex. So I presume bthex, whatever it is, is *not* the
>>>> reason for my slow progress bar in booting up. Any ideas as to what it
>>>> might now be? Could it be something to do with Power On Self Testing,
>>>> or if not is there any way of diagnosing why this has suddenly started
>>>> occuring? Cheers.
>>>
>>> I think that what you are seeing is part of the Windows boot process
>>> rather than the POST routine, an easy way to tell would be to press/tap
>>> the F8 key when the computer is booting and see how long it takes for
>>> the advanced Windows boot options show up. Or put a second (phony) line
>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>> present the boot menu.
>>>
>>> John
>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>> continue for about 2 mins, then the white progress bar appears and
>> continues another 2 or 3 mins, and then at last the advanced options
>> menu appears. Choosing any option results in the correct procedure,
>> but another 15 mins for the bar to disappear and the Windows start-up
>> logo to kick in. Before all this began, the advanced options screen
>> would appear within seconds. Does this indicate Windows boot routine
>> or POST, and if so what does this indicate? If I placed a phony line
>> in boot.ini what would the length of time tell me? Thank you very much
>> for all your help with this.
>
> When the boot.ini file contains only one ARC path, (like most Windows
> installations), the boot loader (ntldr) simply parses the file and
> proceeds to boot the default Windows installation without presenting the
> user with a boot menu. When the boot.ini file contains more than one
> line ntldr reads the file then presents a boot menu for a certain length
> of time to allow the user to select which Windows installation to boot.
>
> For example:
>
> Most boot.ini files where only one Windows installation is present will
> look something like this:
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
> Professional" /fastdetect
>
> In the above example the file only contains one ARC path:
>
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>
> Ntldr sees that there is only one Windows installation present so it
> doesn't present a boot menu and proceeds to load the default Windows
> installation. If we were to add a second "phony" installation ntldr
> would pause to allow the user to select which Windows installation to
> boot, the boot.ini file could look like this:
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
> Professional" /fastdetect
> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>
> When seeing more than one ARC path lines ntldr will now pause when the
> computer is booted and it will present the user with a boot menu
> allowing the user to select one of the following:
>
> Microsoft Windows XP Professional
> Phony Windows
>
> If no selection is made after the timeout= time ntldr will load the
> default= operating system. With the above boot.ini file, if no selection
> is made, after 30 seconds ntldr will load the
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
> labeled "Microsoft Windows XP Professional". The stuff between the
> quotation marks is for human eyes only, what you see on the boot menu,
> so the above "Phony Windows" line is valid, you will see Phony Windows
> as a boot option.
>
> This is simply an option that allows you to gauge how much time it takes
> for the BIOS to do it's stuff and load the MBR and then pass the boot
> process to the boot sector of the active partition which then in turns
> passes the boot process to the ntldr boot loader, only then (when the
> boot sector passes the boot process to the boot loader) is Windows
> involved, anything prior to that has nothing to do with Windows. So what
> does all of this do? It simply allows one to gauge the time at which
> Windows actually becomes involved in the boot process, it can sometimes
> be helpful if one is having difficulties determining where the boot
> process is at when it hangs after the POST test.
>
> Your comments that there is whirling and clicking noises doesn't sound
> too good, this can be a sign of a failing hard drive. A failing drive
> can often be difficult to boot and it can take a long time to do so. I
> would strongly suggest that you backup all your precious files and run
> disk diagnostic utility from the drive manufacturer on the disk. Another
> way to do a quick test is to open the box and touch the hard disk, a
> failing whirling and clicking drive will usually also become quite hot
> to the touch.
>
> John
Found Boot.ini and added "phony" line. I got the phony choice after only
15 secs, so I now assume the BIOS is doing its stuff OK. There is then a
wait of 2 mins till the progress bar appears (or 1min to the Advanced
Options Screen if I had pressed F8, then 1 more min), then about 12 mins
to the Windows XP logo, then about 4 mins till my startup programs have
kicked in OK. So if it is Windows that is involved and not now the BIOS
or the POST, what can suddenly be causing this huge delay of 14 mins??
Any more help greatly appreciated.
Regards, Richard
Re: Missing boot-start driver bthex.dll
On 24/06/2010 21:52, John John - MVP wrote:
>
> Richard wrote:
>> On 24/06/2010 18:31, John John - MVP wrote:
>>>
>>> Richard wrote:
>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>
>>>>>>> John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>> computer
>>>>>>>>>>>>> (with
>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>> and
>>>>>>>>>>>>> before
>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>> bottom
>>>>>>>>>>>>> of the
>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>> Windows
>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>>>>> System
>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>>>>> found.
>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>>>>> found
>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>> DVD
>>>>>>>>>>>>> in the
>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>> there,
>>>>>>>>>>>>> and
>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>> where I
>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>> their
>>>>>>>>>>>>> own
>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>> for any
>>>>>>>>>>>>> help
>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>
>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>>>>> for this
>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>> virus or
>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>> machine is
>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>
>>>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>>>> file? It
>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>> infection and
>>>>>>>>>>>> that
>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>
>>>>>>>>>>>> John
>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>>>> which
>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>>>> these
>>>>>>>>>>> references, could that help??
>>>>>>>>>>
>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>
>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>> make
>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>
>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>> to the
>>>>>>>>>> Windows XP-based computer
>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>
>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>> Manager to
>>>>>>>>>> show
>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>
>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>> start devmgmt.msc
>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>>>>> have
>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>> and you
>>>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>>>> that
>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>> permission to
>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>> remove
>>>>>>>>>> the
>>>>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>>>>> keys.
>>>>>>>>>>
>>>>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>>>>> following:
>>>>>>>>>>
>>>>>>>>>> Enum
>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>
>>>>>>>>>> System and Startup Settings
>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>
>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>> permission
>>>>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>> searching
>>>>>>>>> for it?? Thanks again.
>>>>>>>>
>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>> permissions,
>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>
>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>> remove
>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>> in the
>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>> Configuration.
>>>>>>>
>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>> service
>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>> branch, I
>>>>>>> suggest that you remove or disable the service there. To disable the
>>>>>>> service set its Start value to 4.
>>>>>>>
>>>>>>> John
>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>>>> problem is still there, but Event Viewer no longer reports a problem
>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>> the
>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>> what it
>>>>>> might now be? Could it be something to do with Power On Self Testing,
>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>> started
>>>>>> occuring? Cheers.
>>>>>
>>>>> I think that what you are seeing is part of the Windows boot process
>>>>> rather than the POST routine, an easy way to tell would be to
>>>>> press/tap
>>>>> the F8 key when the computer is booting and see how long it takes for
>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>> line
>>>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>>>> present the boot menu.
>>>>>
>>>>> John
>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>> continue for about 2 mins, then the white progress bar appears and
>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>> menu appears. Choosing any option results in the correct procedure,
>>>> but another 15 mins for the bar to disappear and the Windows start-up
>>>> logo to kick in. Before all this began, the advanced options screen
>>>> would appear within seconds. Does this indicate Windows boot routine
>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>> in boot.ini what would the length of time tell me? Thank you very much
>>>> for all your help with this.
>>>
>>> When the boot.ini file contains only one ARC path, (like most Windows
>>> installations), the boot loader (ntldr) simply parses the file and
>>> proceeds to boot the default Windows installation without presenting the
>>> user with a boot menu. When the boot.ini file contains more than one
>>> line ntldr reads the file then presents a boot menu for a certain length
>>> of time to allow the user to select which Windows installation to boot.
>>>
>>> For example:
>>>
>>> Most boot.ini files where only one Windows installation is present will
>>> look something like this:
>>>
>>> [boot loader]
>>> timeout=30
>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>> [operating systems]
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>> Professional" /fastdetect
>>>
>>> In the above example the file only contains one ARC path:
>>>
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>
>>> Ntldr sees that there is only one Windows installation present so it
>>> doesn't present a boot menu and proceeds to load the default Windows
>>> installation. If we were to add a second "phony" installation ntldr
>>> would pause to allow the user to select which Windows installation to
>>> boot, the boot.ini file could look like this:
>>>
>>> [boot loader]
>>> timeout=30
>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>> [operating systems]
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>> Professional" /fastdetect
>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>>>
>>> When seeing more than one ARC path lines ntldr will now pause when the
>>> computer is booted and it will present the user with a boot menu
>>> allowing the user to select one of the following:
>>>
>>> Microsoft Windows XP Professional
>>> Phony Windows
>>>
>>> If no selection is made after the timeout= time ntldr will load the
>>> default= operating system. With the above boot.ini file, if no selection
>>> is made, after 30 seconds ntldr will load the
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>> quotation marks is for human eyes only, what you see on the boot menu,
>>> so the above "Phony Windows" line is valid, you will see Phony Windows
>>> as a boot option.
>>>
>>> This is simply an option that allows you to gauge how much time it takes
>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>> process to the boot sector of the active partition which then in turns
>>> passes the boot process to the ntldr boot loader, only then (when the
>>> boot sector passes the boot process to the boot loader) is Windows
>>> involved, anything prior to that has nothing to do with Windows. So what
>>> does all of this do? It simply allows one to gauge the time at which
>>> Windows actually becomes involved in the boot process, it can sometimes
>>> be helpful if one is having difficulties determining where the boot
>>> process is at when it hangs after the POST test.
>>>
>>> Your comments that there is whirling and clicking noises doesn't sound
>>> too good, this can be a sign of a failing hard drive. A failing drive
>>> can often be difficult to boot and it can take a long time to do so. I
>>> would strongly suggest that you backup all your precious files and run
>>> disk diagnostic utility from the drive manufacturer on the disk. Another
>>> way to do a quick test is to open the box and touch the hard disk, a
>>> failing whirling and clicking drive will usually also become quite hot
>>> to the touch.
>>>
>>> John
>> John, Thnk you for all that detailed info which I will digest. The
>> whirring and clicking is actually present whenever a program is
>> executing, and always has been (I think). The machine is quite noisy.
>> However, I take your advice and will ensure good backup. I have done a
>> "chkdsk /r" over the last hour or so - all apparently OK. All this
>> seems to be happening before Windows gets involved, so could there be
>> a problem with MBR/boot sector/ntldr? If so, again what can I do to
>> rectify it? Also, after "fastdetect" in boot.ini, I have
>> "/NoExecute=OptIn". Should that be there? I can see Boot.ini in
>> msconfig, but I can't find it on the disk to put in another line. I
>> will continue later and post any results I may get to let you know if
>> all your help has got me anywhere. Thanks again.
>
> Leave the /NoExecute=OptIn switch in place, this is the Data Execution
> Prevention (DEP) switch, it prevents malicious software from executing
> in memory locations, it has nothing to do with your problems.
>
> To edit the boot.ini file go in to System Properties (right click My
> Computer and select Properties) then click on the Advanced tab and then
> click on the Start Up and Recovery Settings button. Don't remove or
> modify the existing lines! Just add another one as mentioned earlier.
>
> John
See post beneath from 21.38.
>
> Richard wrote:
>> On 24/06/2010 18:31, John John - MVP wrote:
>>>
>>> Richard wrote:
>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>
>>>>>>> John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>> computer
>>>>>>>>>>>>> (with
>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>> and
>>>>>>>>>>>>> before
>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>> bottom
>>>>>>>>>>>>> of the
>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>> Windows
>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>>>>> System
>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>>>>> found.
>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>>>>> found
>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>> DVD
>>>>>>>>>>>>> in the
>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>> there,
>>>>>>>>>>>>> and
>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>> where I
>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>> their
>>>>>>>>>>>>> own
>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>> for any
>>>>>>>>>>>>> help
>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>
>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>>>>> for this
>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>> virus or
>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>> machine is
>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>
>>>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>>>> file? It
>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>> infection and
>>>>>>>>>>>> that
>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>
>>>>>>>>>>>> John
>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>>>> which
>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>>>> these
>>>>>>>>>>> references, could that help??
>>>>>>>>>>
>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>
>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>> make
>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>
>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>> to the
>>>>>>>>>> Windows XP-based computer
>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>
>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>> Manager to
>>>>>>>>>> show
>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>
>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>> start devmgmt.msc
>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>>>>> have
>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>> and you
>>>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>>>> that
>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>> permission to
>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>> remove
>>>>>>>>>> the
>>>>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>>>>> keys.
>>>>>>>>>>
>>>>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>>>>> following:
>>>>>>>>>>
>>>>>>>>>> Enum
>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>
>>>>>>>>>> System and Startup Settings
>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>
>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>> permission
>>>>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>> searching
>>>>>>>>> for it?? Thanks again.
>>>>>>>>
>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>> permissions,
>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>
>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>> remove
>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>> in the
>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>> Configuration.
>>>>>>>
>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>> service
>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>> branch, I
>>>>>>> suggest that you remove or disable the service there. To disable the
>>>>>>> service set its Start value to 4.
>>>>>>>
>>>>>>> John
>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>>>> problem is still there, but Event Viewer no longer reports a problem
>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>> the
>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>> what it
>>>>>> might now be? Could it be something to do with Power On Self Testing,
>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>> started
>>>>>> occuring? Cheers.
>>>>>
>>>>> I think that what you are seeing is part of the Windows boot process
>>>>> rather than the POST routine, an easy way to tell would be to
>>>>> press/tap
>>>>> the F8 key when the computer is booting and see how long it takes for
>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>> line
>>>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>>>> present the boot menu.
>>>>>
>>>>> John
>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>> continue for about 2 mins, then the white progress bar appears and
>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>> menu appears. Choosing any option results in the correct procedure,
>>>> but another 15 mins for the bar to disappear and the Windows start-up
>>>> logo to kick in. Before all this began, the advanced options screen
>>>> would appear within seconds. Does this indicate Windows boot routine
>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>> in boot.ini what would the length of time tell me? Thank you very much
>>>> for all your help with this.
>>>
>>> When the boot.ini file contains only one ARC path, (like most Windows
>>> installations), the boot loader (ntldr) simply parses the file and
>>> proceeds to boot the default Windows installation without presenting the
>>> user with a boot menu. When the boot.ini file contains more than one
>>> line ntldr reads the file then presents a boot menu for a certain length
>>> of time to allow the user to select which Windows installation to boot.
>>>
>>> For example:
>>>
>>> Most boot.ini files where only one Windows installation is present will
>>> look something like this:
>>>
>>> [boot loader]
>>> timeout=30
>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>> [operating systems]
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>> Professional" /fastdetect
>>>
>>> In the above example the file only contains one ARC path:
>>>
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>
>>> Ntldr sees that there is only one Windows installation present so it
>>> doesn't present a boot menu and proceeds to load the default Windows
>>> installation. If we were to add a second "phony" installation ntldr
>>> would pause to allow the user to select which Windows installation to
>>> boot, the boot.ini file could look like this:
>>>
>>> [boot loader]
>>> timeout=30
>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>> [operating systems]
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>> Professional" /fastdetect
>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>>>
>>> When seeing more than one ARC path lines ntldr will now pause when the
>>> computer is booted and it will present the user with a boot menu
>>> allowing the user to select one of the following:
>>>
>>> Microsoft Windows XP Professional
>>> Phony Windows
>>>
>>> If no selection is made after the timeout= time ntldr will load the
>>> default= operating system. With the above boot.ini file, if no selection
>>> is made, after 30 seconds ntldr will load the
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>> quotation marks is for human eyes only, what you see on the boot menu,
>>> so the above "Phony Windows" line is valid, you will see Phony Windows
>>> as a boot option.
>>>
>>> This is simply an option that allows you to gauge how much time it takes
>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>> process to the boot sector of the active partition which then in turns
>>> passes the boot process to the ntldr boot loader, only then (when the
>>> boot sector passes the boot process to the boot loader) is Windows
>>> involved, anything prior to that has nothing to do with Windows. So what
>>> does all of this do? It simply allows one to gauge the time at which
>>> Windows actually becomes involved in the boot process, it can sometimes
>>> be helpful if one is having difficulties determining where the boot
>>> process is at when it hangs after the POST test.
>>>
>>> Your comments that there is whirling and clicking noises doesn't sound
>>> too good, this can be a sign of a failing hard drive. A failing drive
>>> can often be difficult to boot and it can take a long time to do so. I
>>> would strongly suggest that you backup all your precious files and run
>>> disk diagnostic utility from the drive manufacturer on the disk. Another
>>> way to do a quick test is to open the box and touch the hard disk, a
>>> failing whirling and clicking drive will usually also become quite hot
>>> to the touch.
>>>
>>> John
>> John, Thnk you for all that detailed info which I will digest. The
>> whirring and clicking is actually present whenever a program is
>> executing, and always has been (I think). The machine is quite noisy.
>> However, I take your advice and will ensure good backup. I have done a
>> "chkdsk /r" over the last hour or so - all apparently OK. All this
>> seems to be happening before Windows gets involved, so could there be
>> a problem with MBR/boot sector/ntldr? If so, again what can I do to
>> rectify it? Also, after "fastdetect" in boot.ini, I have
>> "/NoExecute=OptIn". Should that be there? I can see Boot.ini in
>> msconfig, but I can't find it on the disk to put in another line. I
>> will continue later and post any results I may get to let you know if
>> all your help has got me anywhere. Thanks again.
>
> Leave the /NoExecute=OptIn switch in place, this is the Data Execution
> Prevention (DEP) switch, it prevents malicious software from executing
> in memory locations, it has nothing to do with your problems.
>
> To edit the boot.ini file go in to System Properties (right click My
> Computer and select Properties) then click on the Advanced tab and then
> click on the Start Up and Recovery Settings button. Don't remove or
> modify the existing lines! Just add another one as mentioned earlier.
>
> John
See post beneath from 21.38.
Re: Missing boot-start driver bthex.dll
On 24/06/2010 22:37, John John - MVP wrote:
>
> Richard wrote:
>> On 24/06/2010 18:31, John John - MVP wrote:
>>>
>>> Richard wrote:
>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>
>>>>>>> John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>> computer
>>>>>>>>>>>>> (with
>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>> and
>>>>>>>>>>>>> before
>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>> bottom
>>>>>>>>>>>>> of the
>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>> Windows
>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>>>>> System
>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>>>>> found.
>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>>>>> found
>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>> DVD
>>>>>>>>>>>>> in the
>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>> there,
>>>>>>>>>>>>> and
>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>> where I
>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>> their
>>>>>>>>>>>>> own
>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>> for any
>>>>>>>>>>>>> help
>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>
>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>>>>> for this
>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>> virus or
>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>> machine is
>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>
>>>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>>>> file? It
>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>> infection and
>>>>>>>>>>>> that
>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>
>>>>>>>>>>>> John
>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>>>> which
>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>>>> these
>>>>>>>>>>> references, could that help??
>>>>>>>>>>
>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>
>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>> make
>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>
>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>> to the
>>>>>>>>>> Windows XP-based computer
>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>
>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>> Manager to
>>>>>>>>>> show
>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>
>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>> start devmgmt.msc
>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>>>>> have
>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>> and you
>>>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>>>> that
>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>> permission to
>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>> remove
>>>>>>>>>> the
>>>>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>>>>> keys.
>>>>>>>>>>
>>>>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>>>>> following:
>>>>>>>>>>
>>>>>>>>>> Enum
>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>
>>>>>>>>>> System and Startup Settings
>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>
>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>> permission
>>>>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>> searching
>>>>>>>>> for it?? Thanks again.
>>>>>>>>
>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>> permissions,
>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>
>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>> remove
>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>> in the
>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>> Configuration.
>>>>>>>
>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>> service
>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>> branch, I
>>>>>>> suggest that you remove or disable the service there. To disable the
>>>>>>> service set its Start value to 4.
>>>>>>>
>>>>>>> John
>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>>>> problem is still there, but Event Viewer no longer reports a problem
>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>> the
>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>> what it
>>>>>> might now be? Could it be something to do with Power On Self Testing,
>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>> started
>>>>>> occuring? Cheers.
>>>>>
>>>>> I think that what you are seeing is part of the Windows boot process
>>>>> rather than the POST routine, an easy way to tell would be to
>>>>> press/tap
>>>>> the F8 key when the computer is booting and see how long it takes for
>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>> line
>>>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>>>> present the boot menu.
>>>>>
>>>>> John
>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>> continue for about 2 mins, then the white progress bar appears and
>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>> menu appears. Choosing any option results in the correct procedure,
>>>> but another 15 mins for the bar to disappear and the Windows start-up
>>>> logo to kick in. Before all this began, the advanced options screen
>>>> would appear within seconds. Does this indicate Windows boot routine
>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>> in boot.ini what would the length of time tell me? Thank you very much
>>>> for all your help with this.
>>>
>>> When the boot.ini file contains only one ARC path, (like most Windows
>>> installations), the boot loader (ntldr) simply parses the file and
>>> proceeds to boot the default Windows installation without presenting the
>>> user with a boot menu. When the boot.ini file contains more than one
>>> line ntldr reads the file then presents a boot menu for a certain length
>>> of time to allow the user to select which Windows installation to boot.
>>>
>>> For example:
>>>
>>> Most boot.ini files where only one Windows installation is present will
>>> look something like this:
>>>
>>> [boot loader]
>>> timeout=30
>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>> [operating systems]
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>> Professional" /fastdetect
>>>
>>> In the above example the file only contains one ARC path:
>>>
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>
>>> Ntldr sees that there is only one Windows installation present so it
>>> doesn't present a boot menu and proceeds to load the default Windows
>>> installation. If we were to add a second "phony" installation ntldr
>>> would pause to allow the user to select which Windows installation to
>>> boot, the boot.ini file could look like this:
>>>
>>> [boot loader]
>>> timeout=30
>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>> [operating systems]
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>> Professional" /fastdetect
>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>>>
>>> When seeing more than one ARC path lines ntldr will now pause when the
>>> computer is booted and it will present the user with a boot menu
>>> allowing the user to select one of the following:
>>>
>>> Microsoft Windows XP Professional
>>> Phony Windows
>>>
>>> If no selection is made after the timeout= time ntldr will load the
>>> default= operating system. With the above boot.ini file, if no selection
>>> is made, after 30 seconds ntldr will load the
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>> quotation marks is for human eyes only, what you see on the boot menu,
>>> so the above "Phony Windows" line is valid, you will see Phony Windows
>>> as a boot option.
>>>
>>> This is simply an option that allows you to gauge how much time it takes
>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>> process to the boot sector of the active partition which then in turns
>>> passes the boot process to the ntldr boot loader, only then (when the
>>> boot sector passes the boot process to the boot loader) is Windows
>>> involved, anything prior to that has nothing to do with Windows. So what
>>> does all of this do? It simply allows one to gauge the time at which
>>> Windows actually becomes involved in the boot process, it can sometimes
>>> be helpful if one is having difficulties determining where the boot
>>> process is at when it hangs after the POST test.
>>>
>>> Your comments that there is whirling and clicking noises doesn't sound
>>> too good, this can be a sign of a failing hard drive. A failing drive
>>> can often be difficult to boot and it can take a long time to do so. I
>>> would strongly suggest that you backup all your precious files and run
>>> disk diagnostic utility from the drive manufacturer on the disk. Another
>>> way to do a quick test is to open the box and touch the hard disk, a
>>> failing whirling and clicking drive will usually also become quite hot
>>> to the touch.
>>>
>>> John
>> Found Boot.ini and added "phony" line. I got the phony choice after
>> only 15 secs, so I now assume the BIOS is doing its stuff OK. There is
>> then a wait of 2 mins till the progress bar appears (or 1min to the
>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>> about 12 mins to the Windows XP logo, then about 4 mins till my
>> startup programs have kicked in OK. So if it is Windows that is
>> involved and not now the BIOS or the POST, what can suddenly be
>> causing this huge delay of 14 mins?? Any more help greatly appreciated.
>
> Now it becomes a sleuthing exercise! How long does it take the machine
> to boot in Safe-Mode?
>
> John
It takes the same time,with same progress bar. I have just tried going
through msconfig and starting with *only* System Services and Original
boot.ini, and all other services disabled, but that makes no differenve
either!Is the progress bar a part of ntldr, in which case how can I
access ntldr itself and run some sort of diagnostic?
>
> Richard wrote:
>> On 24/06/2010 18:31, John John - MVP wrote:
>>>
>>> Richard wrote:
>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>
>>>>>>> John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>> computer
>>>>>>>>>>>>> (with
>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>> and
>>>>>>>>>>>>> before
>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>> bottom
>>>>>>>>>>>>> of the
>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>> Windows
>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>>>>>>>> System
>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>>>>>>>> found.
>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be
>>>>>>>>>>>>> found
>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>> DVD
>>>>>>>>>>>>> in the
>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>> there,
>>>>>>>>>>>>> and
>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>> where I
>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>> their
>>>>>>>>>>>>> own
>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>> for any
>>>>>>>>>>>>> help
>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>
>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search
>>>>>>>>>>>> for this
>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>> virus or
>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>> machine is
>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>
>>>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>>>> file? It
>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>> infection and
>>>>>>>>>>>> that
>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>
>>>>>>>>>>>> John
>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>>>> which
>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>>>> these
>>>>>>>>>>> references, could that help??
>>>>>>>>>>
>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>
>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>> make
>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>
>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>> to the
>>>>>>>>>> Windows XP-based computer
>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>
>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>> Manager to
>>>>>>>>>> show
>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>
>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>> start devmgmt.msc
>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> You cannot delete the keys in the Enum section because you do not
>>>>>>>>>> have
>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>> and you
>>>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>>>> that
>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>> permission to
>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>> remove
>>>>>>>>>> the
>>>>>>>>>> device in the Device Manager instead of removing it from the Enum
>>>>>>>>>> keys.
>>>>>>>>>>
>>>>>>>>>> Before you change the permissions and delete keys please read the
>>>>>>>>>> following:
>>>>>>>>>>
>>>>>>>>>> Enum
>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>
>>>>>>>>>> System and Startup Settings
>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>
>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>> permission
>>>>>>>>> if I did want to?? I will read the articles you mention, but since
>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>> searching
>>>>>>>>> for it?? Thanks again.
>>>>>>>>
>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>> permissions,
>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>
>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>> remove
>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>> in the
>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>> Configuration.
>>>>>>>
>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>> service
>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>> branch, I
>>>>>>> suggest that you remove or disable the service there. To disable the
>>>>>>> service set its Start value to 4.
>>>>>>>
>>>>>>> John
>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>>>> problem is still there, but Event Viewer no longer reports a problem
>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>> the
>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>> what it
>>>>>> might now be? Could it be something to do with Power On Self Testing,
>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>> started
>>>>>> occuring? Cheers.
>>>>>
>>>>> I think that what you are seeing is part of the Windows boot process
>>>>> rather than the POST routine, an easy way to tell would be to
>>>>> press/tap
>>>>> the F8 key when the computer is booting and see how long it takes for
>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>> line
>>>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>>>> present the boot menu.
>>>>>
>>>>> John
>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>> continue for about 2 mins, then the white progress bar appears and
>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>> menu appears. Choosing any option results in the correct procedure,
>>>> but another 15 mins for the bar to disappear and the Windows start-up
>>>> logo to kick in. Before all this began, the advanced options screen
>>>> would appear within seconds. Does this indicate Windows boot routine
>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>> in boot.ini what would the length of time tell me? Thank you very much
>>>> for all your help with this.
>>>
>>> When the boot.ini file contains only one ARC path, (like most Windows
>>> installations), the boot loader (ntldr) simply parses the file and
>>> proceeds to boot the default Windows installation without presenting the
>>> user with a boot menu. When the boot.ini file contains more than one
>>> line ntldr reads the file then presents a boot menu for a certain length
>>> of time to allow the user to select which Windows installation to boot.
>>>
>>> For example:
>>>
>>> Most boot.ini files where only one Windows installation is present will
>>> look something like this:
>>>
>>> [boot loader]
>>> timeout=30
>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>> [operating systems]
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>> Professional" /fastdetect
>>>
>>> In the above example the file only contains one ARC path:
>>>
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>
>>> Ntldr sees that there is only one Windows installation present so it
>>> doesn't present a boot menu and proceeds to load the default Windows
>>> installation. If we were to add a second "phony" installation ntldr
>>> would pause to allow the user to select which Windows installation to
>>> boot, the boot.ini file could look like this:
>>>
>>> [boot loader]
>>> timeout=30
>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>> [operating systems]
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>> Professional" /fastdetect
>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>>>
>>> When seeing more than one ARC path lines ntldr will now pause when the
>>> computer is booted and it will present the user with a boot menu
>>> allowing the user to select one of the following:
>>>
>>> Microsoft Windows XP Professional
>>> Phony Windows
>>>
>>> If no selection is made after the timeout= time ntldr will load the
>>> default= operating system. With the above boot.ini file, if no selection
>>> is made, after 30 seconds ntldr will load the
>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>> quotation marks is for human eyes only, what you see on the boot menu,
>>> so the above "Phony Windows" line is valid, you will see Phony Windows
>>> as a boot option.
>>>
>>> This is simply an option that allows you to gauge how much time it takes
>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>> process to the boot sector of the active partition which then in turns
>>> passes the boot process to the ntldr boot loader, only then (when the
>>> boot sector passes the boot process to the boot loader) is Windows
>>> involved, anything prior to that has nothing to do with Windows. So what
>>> does all of this do? It simply allows one to gauge the time at which
>>> Windows actually becomes involved in the boot process, it can sometimes
>>> be helpful if one is having difficulties determining where the boot
>>> process is at when it hangs after the POST test.
>>>
>>> Your comments that there is whirling and clicking noises doesn't sound
>>> too good, this can be a sign of a failing hard drive. A failing drive
>>> can often be difficult to boot and it can take a long time to do so. I
>>> would strongly suggest that you backup all your precious files and run
>>> disk diagnostic utility from the drive manufacturer on the disk. Another
>>> way to do a quick test is to open the box and touch the hard disk, a
>>> failing whirling and clicking drive will usually also become quite hot
>>> to the touch.
>>>
>>> John
>> Found Boot.ini and added "phony" line. I got the phony choice after
>> only 15 secs, so I now assume the BIOS is doing its stuff OK. There is
>> then a wait of 2 mins till the progress bar appears (or 1min to the
>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>> about 12 mins to the Windows XP logo, then about 4 mins till my
>> startup programs have kicked in OK. So if it is Windows that is
>> involved and not now the BIOS or the POST, what can suddenly be
>> causing this huge delay of 14 mins?? Any more help greatly appreciated.
>
> Now it becomes a sleuthing exercise! How long does it take the machine
> to boot in Safe-Mode?
>
> John
It takes the same time,with same progress bar. I have just tried going
through msconfig and starting with *only* System Services and Original
boot.ini, and all other services disabled, but that makes no differenve
either!Is the progress bar a part of ntldr, in which case how can I
access ntldr itself and run some sort of diagnostic?
-
john john - mvp
- Posts: 37
- Joined: 30 Apr 2009, 23:00
Re: Missing boot-start driver bthex.dll
Richard wrote:
> On 24/06/2010 22:37, John John - MVP wrote:
>>
>> Richard wrote:
>>> On 24/06/2010 18:31, John John - MVP wrote:
>>>>
>>>> Richard wrote:
>>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>>
>>>>>>>> John John - MVP wrote:
>>>>>>>>> Richard wrote:
>>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>>> computer
>>>>>>>>>>>>>> (with
>>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>>> and
>>>>>>>>>>>>>> before
>>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>>> bottom
>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>>> Windows
>>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> System
>>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was
>>>>>>>>>>>>>> not
>>>>>>>>>>>>>> found.
>>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected
>>>>>>>>>>>>>> to be
>>>>>>>>>>>>>> found
>>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>>> DVD
>>>>>>>>>>>>>> in the
>>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>>> there,
>>>>>>>>>>>>>> and
>>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>>> where I
>>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>>> their
>>>>>>>>>>>>>> own
>>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>>> for any
>>>>>>>>>>>>>> help
>>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>>
>>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A
>>>>>>>>>>>>> search
>>>>>>>>>>>>> for this
>>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>>> virus or
>>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>>> machine is
>>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>>>>> file? It
>>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>>> infection and
>>>>>>>>>>>>> that
>>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>>
>>>>>>>>>>>>> John
>>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>>>>> which
>>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>>>>> these
>>>>>>>>>>>> references, could that help??
>>>>>>>>>>>
>>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>>
>>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>>> make
>>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>>
>>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>>> to the
>>>>>>>>>>> Windows XP-based computer
>>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>>
>>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>>> Manager to
>>>>>>>>>>> show
>>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>>
>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>>> start devmgmt.msc
>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>> You cannot delete the keys in the Enum section because you do
>>>>>>>>>>> not
>>>>>>>>>>> have
>>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>>> and you
>>>>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>>>>> that
>>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>>> permission to
>>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>>> remove
>>>>>>>>>>> the
>>>>>>>>>>> device in the Device Manager instead of removing it from the
>>>>>>>>>>> Enum
>>>>>>>>>>> keys.
>>>>>>>>>>>
>>>>>>>>>>> Before you change the permissions and delete keys please read
>>>>>>>>>>> the
>>>>>>>>>>> following:
>>>>>>>>>>>
>>>>>>>>>>> Enum
>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>>
>>>>>>>>>>> System and Startup Settings
>>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>>
>>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>>
>>>>>>>>>>> John
>>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>>> permission
>>>>>>>>>> if I did want to?? I will read the articles you mention, but
>>>>>>>>>> since
>>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>>> searching
>>>>>>>>>> for it?? Thanks again.
>>>>>>>>>
>>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>>> permissions,
>>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>>
>>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>>> remove
>>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>>> in the
>>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>>> Configuration.
>>>>>>>>
>>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>>> service
>>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>>> branch, I
>>>>>>>> suggest that you remove or disable the service there. To disable
>>>>>>>> the
>>>>>>>> service set its Start value to 4.
>>>>>>>>
>>>>>>>> John
>>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>>>>> problem is still there, but Event Viewer no longer reports a problem
>>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>>> the
>>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>>> what it
>>>>>>> might now be? Could it be something to do with Power On Self
>>>>>>> Testing,
>>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>>> started
>>>>>>> occuring? Cheers.
>>>>>>
>>>>>> I think that what you are seeing is part of the Windows boot process
>>>>>> rather than the POST routine, an easy way to tell would be to
>>>>>> press/tap
>>>>>> the F8 key when the computer is booting and see how long it takes for
>>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>>> line
>>>>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>>>>> present the boot menu.
>>>>>>
>>>>>> John
>>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>>> continue for about 2 mins, then the white progress bar appears and
>>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>>> menu appears. Choosing any option results in the correct procedure,
>>>>> but another 15 mins for the bar to disappear and the Windows start-up
>>>>> logo to kick in. Before all this began, the advanced options screen
>>>>> would appear within seconds. Does this indicate Windows boot routine
>>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>>> in boot.ini what would the length of time tell me? Thank you very much
>>>>> for all your help with this.
>>>>
>>>> When the boot.ini file contains only one ARC path, (like most Windows
>>>> installations), the boot loader (ntldr) simply parses the file and
>>>> proceeds to boot the default Windows installation without presenting
>>>> the
>>>> user with a boot menu. When the boot.ini file contains more than one
>>>> line ntldr reads the file then presents a boot menu for a certain
>>>> length
>>>> of time to allow the user to select which Windows installation to boot.
>>>>
>>>> For example:
>>>>
>>>> Most boot.ini files where only one Windows installation is present will
>>>> look something like this:
>>>>
>>>> [boot loader]
>>>> timeout=30
>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>> [operating systems]
>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>> Professional" /fastdetect
>>>>
>>>> In the above example the file only contains one ARC path:
>>>>
>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>
>>>> Ntldr sees that there is only one Windows installation present so it
>>>> doesn't present a boot menu and proceeds to load the default Windows
>>>> installation. If we were to add a second "phony" installation ntldr
>>>> would pause to allow the user to select which Windows installation to
>>>> boot, the boot.ini file could look like this:
>>>>
>>>> [boot loader]
>>>> timeout=30
>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>> [operating systems]
>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>> Professional" /fastdetect
>>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>>>>
>>>> When seeing more than one ARC path lines ntldr will now pause when the
>>>> computer is booted and it will present the user with a boot menu
>>>> allowing the user to select one of the following:
>>>>
>>>> Microsoft Windows XP Professional
>>>> Phony Windows
>>>>
>>>> If no selection is made after the timeout= time ntldr will load the
>>>> default= operating system. With the above boot.ini file, if no
>>>> selection
>>>> is made, after 30 seconds ntldr will load the
>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>>> quotation marks is for human eyes only, what you see on the boot menu,
>>>> so the above "Phony Windows" line is valid, you will see Phony Windows
>>>> as a boot option.
>>>>
>>>> This is simply an option that allows you to gauge how much time it
>>>> takes
>>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>>> process to the boot sector of the active partition which then in turns
>>>> passes the boot process to the ntldr boot loader, only then (when the
>>>> boot sector passes the boot process to the boot loader) is Windows
>>>> involved, anything prior to that has nothing to do with Windows. So
>>>> what
>>>> does all of this do? It simply allows one to gauge the time at which
>>>> Windows actually becomes involved in the boot process, it can sometimes
>>>> be helpful if one is having difficulties determining where the boot
>>>> process is at when it hangs after the POST test.
>>>>
>>>> Your comments that there is whirling and clicking noises doesn't sound
>>>> too good, this can be a sign of a failing hard drive. A failing drive
>>>> can often be difficult to boot and it can take a long time to do so. I
>>>> would strongly suggest that you backup all your precious files and run
>>>> disk diagnostic utility from the drive manufacturer on the disk.
>>>> Another
>>>> way to do a quick test is to open the box and touch the hard disk, a
>>>> failing whirling and clicking drive will usually also become quite hot
>>>> to the touch.
>>>>
>>>> John
>>> Found Boot.ini and added "phony" line. I got the phony choice after
>>> only 15 secs, so I now assume the BIOS is doing its stuff OK. There is
>>> then a wait of 2 mins till the progress bar appears (or 1min to the
>>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>>> about 12 mins to the Windows XP logo, then about 4 mins till my
>>> startup programs have kicked in OK. So if it is Windows that is
>>> involved and not now the BIOS or the POST, what can suddenly be
>>> causing this huge delay of 14 mins?? Any more help greatly appreciated.
>>
>> Now it becomes a sleuthing exercise! How long does it take the machine
>> to boot in Safe-Mode?
>>
>> John
> It takes the same time,with same progress bar. I have just tried going
> through msconfig and starting with *only* System Services and Original
> boot.ini, and all other services disabled, but that makes no differenve
> either!Is the progress bar a part of ntldr, in which case how can I
> access ntldr itself and run some sort of diagnostic?
The problem is not with ntldr and the progress bar is just a graphic
display while drivers are being loaded, it can be turned off with the
/noguiboot switch in the boot.ini file (can be done via the boot.ini tab
in msconfig). Windows loads the VGA driver to display this progress
bar, there could be problems with the driver, enabling the /noguiboot
switch will instruct Windows to not load the driver, it's a stretch but
give it a try and see what happens, the VGA driver might be causing
problems.
If the same slow boot is also happening when you boot to safe mode then
this is most likely a hardware problem or a problem with a boot device
driver. Bootlog the Safe-Mode boot and see if you can get useful
information from the bootlog. Safe-Mode loads fewer drivers so the
bootlog will be smaller than the log from a normal boot, it will be
easier to weed out the smaller safe mode log than that of the normal
boot. The bootlog will be written to the Ntbtlog.txt file and it will
be stored in the %SystemRoot% folder.
How long has this problem been going on? Did you install any new
hardware or update drivers before it started? Did you install any
software or do any operating system updates before this started? Is the
machine clean and free of any virus or other such pests? Do you have
USB drives connected to the machine, or cards inserted into card readers
when the machine is booting? Disconnect or power off all unnecessary
external peripherals while you troubleshoot the problem. Did you change
any settings in the BIOS? Resetting the BIOS to default or failsafe
settings might make a difference.
If you can't find any useful information from the boot log then I would
suggest that you run hardware diagnostics on the machine, run a
manufacturer diagnostic on the drive, chkdsk doesn't cut it when it
comes to hardware problems with disks.
John
> On 24/06/2010 22:37, John John - MVP wrote:
>>
>> Richard wrote:
>>> On 24/06/2010 18:31, John John - MVP wrote:
>>>>
>>>> Richard wrote:
>>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>>
>>>>>>>> John John - MVP wrote:
>>>>>>>>> Richard wrote:
>>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>>> computer
>>>>>>>>>>>>>> (with
>>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>>> and
>>>>>>>>>>>>>> before
>>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>>> bottom
>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>>> Windows
>>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> System
>>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was
>>>>>>>>>>>>>> not
>>>>>>>>>>>>>> found.
>>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected
>>>>>>>>>>>>>> to be
>>>>>>>>>>>>>> found
>>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>>> DVD
>>>>>>>>>>>>>> in the
>>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>>> there,
>>>>>>>>>>>>>> and
>>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>>> where I
>>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>>> their
>>>>>>>>>>>>>> own
>>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>>> for any
>>>>>>>>>>>>>> help
>>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>>
>>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A
>>>>>>>>>>>>> search
>>>>>>>>>>>>> for this
>>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>>> virus or
>>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>>> machine is
>>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>>>>>>>>> file? It
>>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>>> infection and
>>>>>>>>>>>>> that
>>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>>
>>>>>>>>>>>>> John
>>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1")
>>>>>>>>>>>> which
>>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>>>>> these
>>>>>>>>>>>> references, could that help??
>>>>>>>>>>>
>>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>>
>>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>>> make
>>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>>
>>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>>> to the
>>>>>>>>>>> Windows XP-based computer
>>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>>
>>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>>> Manager to
>>>>>>>>>>> show
>>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>>
>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>>> start devmgmt.msc
>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>> You cannot delete the keys in the Enum section because you do
>>>>>>>>>>> not
>>>>>>>>>>> have
>>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>>> and you
>>>>>>>>>>> will be able to remove the keys. Before you do that keep in mind
>>>>>>>>>>> that
>>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>>> permission to
>>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>>> remove
>>>>>>>>>>> the
>>>>>>>>>>> device in the Device Manager instead of removing it from the
>>>>>>>>>>> Enum
>>>>>>>>>>> keys.
>>>>>>>>>>>
>>>>>>>>>>> Before you change the permissions and delete keys please read
>>>>>>>>>>> the
>>>>>>>>>>> following:
>>>>>>>>>>>
>>>>>>>>>>> Enum
>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>>
>>>>>>>>>>> System and Startup Settings
>>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>>
>>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>>
>>>>>>>>>>> John
>>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>>> No mention in Device Manager, or after running your batch file. I
>>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>>> permission
>>>>>>>>>> if I did want to?? I will read the articles you mention, but
>>>>>>>>>> since
>>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>>> searching
>>>>>>>>>> for it?? Thanks again.
>>>>>>>>>
>>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>>> permissions,
>>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>>
>>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>>> remove
>>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>>> in the
>>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>>> Configuration.
>>>>>>>>
>>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>>> service
>>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>>> branch, I
>>>>>>>> suggest that you remove or disable the service there. To disable
>>>>>>>> the
>>>>>>>> service set its Start value to 4.
>>>>>>>>
>>>>>>>> John
>>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the
>>>>>>> problem is still there, but Event Viewer no longer reports a problem
>>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>>> the
>>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>>> what it
>>>>>>> might now be? Could it be something to do with Power On Self
>>>>>>> Testing,
>>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>>> started
>>>>>>> occuring? Cheers.
>>>>>>
>>>>>> I think that what you are seeing is part of the Windows boot process
>>>>>> rather than the POST routine, an easy way to tell would be to
>>>>>> press/tap
>>>>>> the F8 key when the computer is booting and see how long it takes for
>>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>>> line
>>>>>> in the boot.ini file and see how long it takes for ntldr to parse and
>>>>>> present the boot menu.
>>>>>>
>>>>>> John
>>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>>> continue for about 2 mins, then the white progress bar appears and
>>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>>> menu appears. Choosing any option results in the correct procedure,
>>>>> but another 15 mins for the bar to disappear and the Windows start-up
>>>>> logo to kick in. Before all this began, the advanced options screen
>>>>> would appear within seconds. Does this indicate Windows boot routine
>>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>>> in boot.ini what would the length of time tell me? Thank you very much
>>>>> for all your help with this.
>>>>
>>>> When the boot.ini file contains only one ARC path, (like most Windows
>>>> installations), the boot loader (ntldr) simply parses the file and
>>>> proceeds to boot the default Windows installation without presenting
>>>> the
>>>> user with a boot menu. When the boot.ini file contains more than one
>>>> line ntldr reads the file then presents a boot menu for a certain
>>>> length
>>>> of time to allow the user to select which Windows installation to boot.
>>>>
>>>> For example:
>>>>
>>>> Most boot.ini files where only one Windows installation is present will
>>>> look something like this:
>>>>
>>>> [boot loader]
>>>> timeout=30
>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>> [operating systems]
>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>> Professional" /fastdetect
>>>>
>>>> In the above example the file only contains one ARC path:
>>>>
>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>
>>>> Ntldr sees that there is only one Windows installation present so it
>>>> doesn't present a boot menu and proceeds to load the default Windows
>>>> installation. If we were to add a second "phony" installation ntldr
>>>> would pause to allow the user to select which Windows installation to
>>>> boot, the boot.ini file could look like this:
>>>>
>>>> [boot loader]
>>>> timeout=30
>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>> [operating systems]
>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>> Professional" /fastdetect
>>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect
>>>>
>>>> When seeing more than one ARC path lines ntldr will now pause when the
>>>> computer is booted and it will present the user with a boot menu
>>>> allowing the user to select one of the following:
>>>>
>>>> Microsoft Windows XP Professional
>>>> Phony Windows
>>>>
>>>> If no selection is made after the timeout= time ntldr will load the
>>>> default= operating system. With the above boot.ini file, if no
>>>> selection
>>>> is made, after 30 seconds ntldr will load the
>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>>> quotation marks is for human eyes only, what you see on the boot menu,
>>>> so the above "Phony Windows" line is valid, you will see Phony Windows
>>>> as a boot option.
>>>>
>>>> This is simply an option that allows you to gauge how much time it
>>>> takes
>>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>>> process to the boot sector of the active partition which then in turns
>>>> passes the boot process to the ntldr boot loader, only then (when the
>>>> boot sector passes the boot process to the boot loader) is Windows
>>>> involved, anything prior to that has nothing to do with Windows. So
>>>> what
>>>> does all of this do? It simply allows one to gauge the time at which
>>>> Windows actually becomes involved in the boot process, it can sometimes
>>>> be helpful if one is having difficulties determining where the boot
>>>> process is at when it hangs after the POST test.
>>>>
>>>> Your comments that there is whirling and clicking noises doesn't sound
>>>> too good, this can be a sign of a failing hard drive. A failing drive
>>>> can often be difficult to boot and it can take a long time to do so. I
>>>> would strongly suggest that you backup all your precious files and run
>>>> disk diagnostic utility from the drive manufacturer on the disk.
>>>> Another
>>>> way to do a quick test is to open the box and touch the hard disk, a
>>>> failing whirling and clicking drive will usually also become quite hot
>>>> to the touch.
>>>>
>>>> John
>>> Found Boot.ini and added "phony" line. I got the phony choice after
>>> only 15 secs, so I now assume the BIOS is doing its stuff OK. There is
>>> then a wait of 2 mins till the progress bar appears (or 1min to the
>>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>>> about 12 mins to the Windows XP logo, then about 4 mins till my
>>> startup programs have kicked in OK. So if it is Windows that is
>>> involved and not now the BIOS or the POST, what can suddenly be
>>> causing this huge delay of 14 mins?? Any more help greatly appreciated.
>>
>> Now it becomes a sleuthing exercise! How long does it take the machine
>> to boot in Safe-Mode?
>>
>> John
> It takes the same time,with same progress bar. I have just tried going
> through msconfig and starting with *only* System Services and Original
> boot.ini, and all other services disabled, but that makes no differenve
> either!Is the progress bar a part of ntldr, in which case how can I
> access ntldr itself and run some sort of diagnostic?
The problem is not with ntldr and the progress bar is just a graphic
display while drivers are being loaded, it can be turned off with the
/noguiboot switch in the boot.ini file (can be done via the boot.ini tab
in msconfig). Windows loads the VGA driver to display this progress
bar, there could be problems with the driver, enabling the /noguiboot
switch will instruct Windows to not load the driver, it's a stretch but
give it a try and see what happens, the VGA driver might be causing
problems.
If the same slow boot is also happening when you boot to safe mode then
this is most likely a hardware problem or a problem with a boot device
driver. Bootlog the Safe-Mode boot and see if you can get useful
information from the bootlog. Safe-Mode loads fewer drivers so the
bootlog will be smaller than the log from a normal boot, it will be
easier to weed out the smaller safe mode log than that of the normal
boot. The bootlog will be written to the Ntbtlog.txt file and it will
be stored in the %SystemRoot% folder.
How long has this problem been going on? Did you install any new
hardware or update drivers before it started? Did you install any
software or do any operating system updates before this started? Is the
machine clean and free of any virus or other such pests? Do you have
USB drives connected to the machine, or cards inserted into card readers
when the machine is booting? Disconnect or power off all unnecessary
external peripherals while you troubleshoot the problem. Did you change
any settings in the BIOS? Resetting the BIOS to default or failsafe
settings might make a difference.
If you can't find any useful information from the boot log then I would
suggest that you run hardware diagnostics on the machine, run a
manufacturer diagnostic on the drive, chkdsk doesn't cut it when it
comes to hardware problems with disks.
John
Re: Missing boot-start driver bthex.dll
On 25/06/2010 12:59, John John - MVP wrote:
> Richard wrote:
>> On 24/06/2010 22:37, John John - MVP wrote:
>>>
>>> Richard wrote:
>>>> On 24/06/2010 18:31, John John - MVP wrote:
>>>>>
>>>>> Richard wrote:
>>>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>>>> Richard wrote:
>>>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>>>
>>>>>>>>> John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>>>> computer
>>>>>>>>>>>>>>> (with
>>>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>> before
>>>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>>>> bottom
>>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>>>> Windows
>>>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer
>>>>>>>>>>>>>>> for the
>>>>>>>>>>>>>>> System
>>>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex"
>>>>>>>>>>>>>>> was not
>>>>>>>>>>>>>>> found.
>>>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected
>>>>>>>>>>>>>>> to be
>>>>>>>>>>>>>>> found
>>>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>>>> DVD
>>>>>>>>>>>>>>> in the
>>>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>>>> there,
>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>>>> where I
>>>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>>>> their
>>>>>>>>>>>>>>> own
>>>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>>>> for any
>>>>>>>>>>>>>>> help
>>>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A
>>>>>>>>>>>>>> search
>>>>>>>>>>>>>> for this
>>>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>>>> virus or
>>>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>>>> machine is
>>>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Where *exactly* in the registry did you find reference to
>>>>>>>>>>>>>> this
>>>>>>>>>>>>>> file? It
>>>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>>>> infection and
>>>>>>>>>>>>>> that
>>>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> John
>>>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to
>>>>>>>>>>>>> "1")
>>>>>>>>>>>>> which
>>>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>>>>>> these
>>>>>>>>>>>>> references, could that help??
>>>>>>>>>>>>
>>>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>>>
>>>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>>>> make
>>>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>>>
>>>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>>>> to the
>>>>>>>>>>>> Windows XP-based computer
>>>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>>>
>>>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>>>> Manager to
>>>>>>>>>>>> show
>>>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>>>
>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>>>> start devmgmt.msc
>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>
>>>>>>>>>>>> You cannot delete the keys in the Enum section because you
>>>>>>>>>>>> do not
>>>>>>>>>>>> have
>>>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>>>> and you
>>>>>>>>>>>> will be able to remove the keys. Before you do that keep in
>>>>>>>>>>>> mind
>>>>>>>>>>>> that
>>>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>>>> permission to
>>>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>>>> remove
>>>>>>>>>>>> the
>>>>>>>>>>>> device in the Device Manager instead of removing it from the
>>>>>>>>>>>> Enum
>>>>>>>>>>>> keys.
>>>>>>>>>>>>
>>>>>>>>>>>> Before you change the permissions and delete keys please
>>>>>>>>>>>> read the
>>>>>>>>>>>> following:
>>>>>>>>>>>>
>>>>>>>>>>>> Enum
>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>>>
>>>>>>>>>>>> System and Startup Settings
>>>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>>>
>>>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>>>
>>>>>>>>>>>> John
>>>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>>>> No mention in Device Manager, or after running your batch
>>>>>>>>>>> file. I
>>>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>>>> permission
>>>>>>>>>>> if I did want to?? I will read the articles you mention, but
>>>>>>>>>>> since
>>>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>>>> searching
>>>>>>>>>>> for it?? Thanks again.
>>>>>>>>>>
>>>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>>>> permissions,
>>>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>>>
>>>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>>>> remove
>>>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>>>> in the
>>>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>>>> Configuration.
>>>>>>>>>
>>>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>>>> service
>>>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>>>> branch, I
>>>>>>>>> suggest that you remove or disable the service there. To
>>>>>>>>> disable the
>>>>>>>>> service set its Start value to 4.
>>>>>>>>>
>>>>>>>>> John
>>>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted,
>>>>>>>> the
>>>>>>>> problem is still there, but Event Viewer no longer reports a
>>>>>>>> problem
>>>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>>>> the
>>>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>>>> what it
>>>>>>>> might now be? Could it be something to do with Power On Self
>>>>>>>> Testing,
>>>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>>>> started
>>>>>>>> occuring? Cheers.
>>>>>>>
>>>>>>> I think that what you are seeing is part of the Windows boot process
>>>>>>> rather than the POST routine, an easy way to tell would be to
>>>>>>> press/tap
>>>>>>> the F8 key when the computer is booting and see how long it takes
>>>>>>> for
>>>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>>>> line
>>>>>>> in the boot.ini file and see how long it takes for ntldr to parse
>>>>>>> and
>>>>>>> present the boot menu.
>>>>>>>
>>>>>>> John
>>>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>>>> continue for about 2 mins, then the white progress bar appears and
>>>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>>>> menu appears. Choosing any option results in the correct procedure,
>>>>>> but another 15 mins for the bar to disappear and the Windows start-up
>>>>>> logo to kick in. Before all this began, the advanced options screen
>>>>>> would appear within seconds. Does this indicate Windows boot routine
>>>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>>>> in boot.ini what would the length of time tell me? Thank you very
>>>>>> much
>>>>>> for all your help with this.
>>>>>
>>>>> When the boot.ini file contains only one ARC path, (like most Windows
>>>>> installations), the boot loader (ntldr) simply parses the file and
>>>>> proceeds to boot the default Windows installation without
>>>>> presenting the
>>>>> user with a boot menu. When the boot.ini file contains more than one
>>>>> line ntldr reads the file then presents a boot menu for a certain
>>>>> length
>>>>> of time to allow the user to select which Windows installation to
>>>>> boot.
>>>>>
>>>>> For example:
>>>>>
>>>>> Most boot.ini files where only one Windows installation is present
>>>>> will
>>>>> look something like this:
>>>>>
>>>>> [boot loader]
>>>>> timeout=30
>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>> [operating systems]
>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>> Professional" /fastdetect
>>>>>
>>>>> In the above example the file only contains one ARC path:
>>>>>
>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>
>>>>> Ntldr sees that there is only one Windows installation present so it
>>>>> doesn't present a boot menu and proceeds to load the default Windows
>>>>> installation. If we were to add a second "phony" installation ntldr
>>>>> would pause to allow the user to select which Windows installation to
>>>>> boot, the boot.ini file could look like this:
>>>>>
>>>>> [boot loader]
>>>>> timeout=30
>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>> [operating systems]
>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>> Professional" /fastdetect
>>>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows"
>>>>> /fastdetect
>>>>>
>>>>> When seeing more than one ARC path lines ntldr will now pause when the
>>>>> computer is booted and it will present the user with a boot menu
>>>>> allowing the user to select one of the following:
>>>>>
>>>>> Microsoft Windows XP Professional
>>>>> Phony Windows
>>>>>
>>>>> If no selection is made after the timeout= time ntldr will load the
>>>>> default= operating system. With the above boot.ini file, if no
>>>>> selection
>>>>> is made, after 30 seconds ntldr will load the
>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>>>> quotation marks is for human eyes only, what you see on the boot menu,
>>>>> so the above "Phony Windows" line is valid, you will see Phony Windows
>>>>> as a boot option.
>>>>>
>>>>> This is simply an option that allows you to gauge how much time it
>>>>> takes
>>>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>>>> process to the boot sector of the active partition which then in turns
>>>>> passes the boot process to the ntldr boot loader, only then (when the
>>>>> boot sector passes the boot process to the boot loader) is Windows
>>>>> involved, anything prior to that has nothing to do with Windows. So
>>>>> what
>>>>> does all of this do? It simply allows one to gauge the time at which
>>>>> Windows actually becomes involved in the boot process, it can
>>>>> sometimes
>>>>> be helpful if one is having difficulties determining where the boot
>>>>> process is at when it hangs after the POST test.
>>>>>
>>>>> Your comments that there is whirling and clicking noises doesn't sound
>>>>> too good, this can be a sign of a failing hard drive. A failing drive
>>>>> can often be difficult to boot and it can take a long time to do so. I
>>>>> would strongly suggest that you backup all your precious files and run
>>>>> disk diagnostic utility from the drive manufacturer on the disk.
>>>>> Another
>>>>> way to do a quick test is to open the box and touch the hard disk, a
>>>>> failing whirling and clicking drive will usually also become quite hot
>>>>> to the touch.
>>>>>
>>>>> John
>>>> Found Boot.ini and added "phony" line. I got the phony choice after
>>>> only 15 secs, so I now assume the BIOS is doing its stuff OK. There is
>>>> then a wait of 2 mins till the progress bar appears (or 1min to the
>>>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>>>> about 12 mins to the Windows XP logo, then about 4 mins till my
>>>> startup programs have kicked in OK. So if it is Windows that is
>>>> involved and not now the BIOS or the POST, what can suddenly be
>>>> causing this huge delay of 14 mins?? Any more help greatly appreciated.
>>>
>>> Now it becomes a sleuthing exercise! How long does it take the machine
>>> to boot in Safe-Mode?
>>>
>>> John
>> It takes the same time,with same progress bar. I have just tried going
>> through msconfig and starting with *only* System Services and Original
>> boot.ini, and all other services disabled, but that makes no
>> differenve either!Is the progress bar a part of ntldr, in which case
>> how can I access ntldr itself and run some sort of diagnostic?
>
> The problem is not with ntldr and the progress bar is just a graphic
> display while drivers are being loaded, it can be turned off with the
> /noguiboot switch in the boot.ini file (can be done via the boot.ini tab
> in msconfig). Windows loads the VGA driver to display this progress bar,
> there could be problems with the driver, enabling the /noguiboot switch
> will instruct Windows to not load the driver, it's a stretch but give it
> a try and see what happens, the VGA driver might be causing problems.
>
> If the same slow boot is also happening when you boot to safe mode then
> this is most likely a hardware problem or a problem with a boot device
> driver. Bootlog the Safe-Mode boot and see if you can get useful
> information from the bootlog. Safe-Mode loads fewer drivers so the
> bootlog will be smaller than the log from a normal boot, it will be
> easier to weed out the smaller safe mode log than that of the normal
> boot. The bootlog will be written to the Ntbtlog.txt file and it will be
> stored in the %SystemRoot% folder.
>
> How long has this problem been going on? Did you install any new
> hardware or update drivers before it started? Did you install any
> software or do any operating system updates before this started? Is the
> machine clean and free of any virus or other such pests? Do you have USB
> drives connected to the machine, or cards inserted into card readers
> when the machine is booting? Disconnect or power off all unnecessary
> external peripherals while you troubleshoot the problem. Did you change
> any settings in the BIOS? Resetting the BIOS to default or failsafe
> settings might make a difference.
>
> If you can't find any useful information from the boot log then I would
> suggest that you run hardware diagnostics on the machine, run a
> manufacturer diagnostic on the drive, chkdsk doesn't cut it when it
> comes to hardware problems with disks.
>
> John
John - just to be clear - the white progress bar at issue is not the
little blue bar that appears under the Windows XP logo when Windows
finally kicks in; it is the one that appears when Windows "resumes"
after re-starting from hibernation. In my case, this bar takes about
15mins to reach the halfway point, then disappears and the Windows logo
appears and all is as before (OK). If I start from hibernation (I have
just discovered),when the screen comes alive that progress bar is
already half-filled and Windows starts normally to previous state.I will
do a safe-mode bootlog, add noguiboot, disconnect all peripherals and
see what happens. The problem has been with me about 2 months, but no,
as far as I can remember, I hadn't just installed/updated anything, and
yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the
deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the
BIOS. I will continue to let you know how I get on, but thank you so
much for all your efforts so far.
Richard.
> Richard wrote:
>> On 24/06/2010 22:37, John John - MVP wrote:
>>>
>>> Richard wrote:
>>>> On 24/06/2010 18:31, John John - MVP wrote:
>>>>>
>>>>> Richard wrote:
>>>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>>>> Richard wrote:
>>>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>>>
>>>>>>>>> John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>>>> computer
>>>>>>>>>>>>>>> (with
>>>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>> before
>>>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>>>> bottom
>>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>>>> Windows
>>>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer
>>>>>>>>>>>>>>> for the
>>>>>>>>>>>>>>> System
>>>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex"
>>>>>>>>>>>>>>> was not
>>>>>>>>>>>>>>> found.
>>>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected
>>>>>>>>>>>>>>> to be
>>>>>>>>>>>>>>> found
>>>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>>>> DVD
>>>>>>>>>>>>>>> in the
>>>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>>>> there,
>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>>>> where I
>>>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>>>> their
>>>>>>>>>>>>>>> own
>>>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>>>> for any
>>>>>>>>>>>>>>> help
>>>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A
>>>>>>>>>>>>>> search
>>>>>>>>>>>>>> for this
>>>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>>>> virus or
>>>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>>>> machine is
>>>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Where *exactly* in the registry did you find reference to
>>>>>>>>>>>>>> this
>>>>>>>>>>>>>> file? It
>>>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>>>> infection and
>>>>>>>>>>>>>> that
>>>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> John
>>>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to
>>>>>>>>>>>>> "1")
>>>>>>>>>>>>> which
>>>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all
>>>>>>>>>>>>> these
>>>>>>>>>>>>> references, could that help??
>>>>>>>>>>>>
>>>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>>>
>>>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>>>> make
>>>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>>>
>>>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>>>> to the
>>>>>>>>>>>> Windows XP-based computer
>>>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>>>
>>>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>>>> Manager to
>>>>>>>>>>>> show
>>>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>>>
>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>>>> start devmgmt.msc
>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>
>>>>>>>>>>>> You cannot delete the keys in the Enum section because you
>>>>>>>>>>>> do not
>>>>>>>>>>>> have
>>>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>>>> and you
>>>>>>>>>>>> will be able to remove the keys. Before you do that keep in
>>>>>>>>>>>> mind
>>>>>>>>>>>> that
>>>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>>>> permission to
>>>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>>>> remove
>>>>>>>>>>>> the
>>>>>>>>>>>> device in the Device Manager instead of removing it from the
>>>>>>>>>>>> Enum
>>>>>>>>>>>> keys.
>>>>>>>>>>>>
>>>>>>>>>>>> Before you change the permissions and delete keys please
>>>>>>>>>>>> read the
>>>>>>>>>>>> following:
>>>>>>>>>>>>
>>>>>>>>>>>> Enum
>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>>>
>>>>>>>>>>>> System and Startup Settings
>>>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>>>
>>>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>>>
>>>>>>>>>>>> John
>>>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>>>> No mention in Device Manager, or after running your batch
>>>>>>>>>>> file. I
>>>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>>>> permission
>>>>>>>>>>> if I did want to?? I will read the articles you mention, but
>>>>>>>>>>> since
>>>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>>>> searching
>>>>>>>>>>> for it?? Thanks again.
>>>>>>>>>>
>>>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>>>> permissions,
>>>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>>>
>>>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>>>> remove
>>>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>>>> in the
>>>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>>>> Configuration.
>>>>>>>>>
>>>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>>>> service
>>>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>>>> branch, I
>>>>>>>>> suggest that you remove or disable the service there. To
>>>>>>>>> disable the
>>>>>>>>> service set its Start value to 4.
>>>>>>>>>
>>>>>>>>> John
>>>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted,
>>>>>>>> the
>>>>>>>> problem is still there, but Event Viewer no longer reports a
>>>>>>>> problem
>>>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>>>> the
>>>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>>>> what it
>>>>>>>> might now be? Could it be something to do with Power On Self
>>>>>>>> Testing,
>>>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>>>> started
>>>>>>>> occuring? Cheers.
>>>>>>>
>>>>>>> I think that what you are seeing is part of the Windows boot process
>>>>>>> rather than the POST routine, an easy way to tell would be to
>>>>>>> press/tap
>>>>>>> the F8 key when the computer is booting and see how long it takes
>>>>>>> for
>>>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>>>> line
>>>>>>> in the boot.ini file and see how long it takes for ntldr to parse
>>>>>>> and
>>>>>>> present the boot menu.
>>>>>>>
>>>>>>> John
>>>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>>>> continue for about 2 mins, then the white progress bar appears and
>>>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>>>> menu appears. Choosing any option results in the correct procedure,
>>>>>> but another 15 mins for the bar to disappear and the Windows start-up
>>>>>> logo to kick in. Before all this began, the advanced options screen
>>>>>> would appear within seconds. Does this indicate Windows boot routine
>>>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>>>> in boot.ini what would the length of time tell me? Thank you very
>>>>>> much
>>>>>> for all your help with this.
>>>>>
>>>>> When the boot.ini file contains only one ARC path, (like most Windows
>>>>> installations), the boot loader (ntldr) simply parses the file and
>>>>> proceeds to boot the default Windows installation without
>>>>> presenting the
>>>>> user with a boot menu. When the boot.ini file contains more than one
>>>>> line ntldr reads the file then presents a boot menu for a certain
>>>>> length
>>>>> of time to allow the user to select which Windows installation to
>>>>> boot.
>>>>>
>>>>> For example:
>>>>>
>>>>> Most boot.ini files where only one Windows installation is present
>>>>> will
>>>>> look something like this:
>>>>>
>>>>> [boot loader]
>>>>> timeout=30
>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>> [operating systems]
>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>> Professional" /fastdetect
>>>>>
>>>>> In the above example the file only contains one ARC path:
>>>>>
>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>
>>>>> Ntldr sees that there is only one Windows installation present so it
>>>>> doesn't present a boot menu and proceeds to load the default Windows
>>>>> installation. If we were to add a second "phony" installation ntldr
>>>>> would pause to allow the user to select which Windows installation to
>>>>> boot, the boot.ini file could look like this:
>>>>>
>>>>> [boot loader]
>>>>> timeout=30
>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>> [operating systems]
>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>> Professional" /fastdetect
>>>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows"
>>>>> /fastdetect
>>>>>
>>>>> When seeing more than one ARC path lines ntldr will now pause when the
>>>>> computer is booted and it will present the user with a boot menu
>>>>> allowing the user to select one of the following:
>>>>>
>>>>> Microsoft Windows XP Professional
>>>>> Phony Windows
>>>>>
>>>>> If no selection is made after the timeout= time ntldr will load the
>>>>> default= operating system. With the above boot.ini file, if no
>>>>> selection
>>>>> is made, after 30 seconds ntldr will load the
>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>>>> quotation marks is for human eyes only, what you see on the boot menu,
>>>>> so the above "Phony Windows" line is valid, you will see Phony Windows
>>>>> as a boot option.
>>>>>
>>>>> This is simply an option that allows you to gauge how much time it
>>>>> takes
>>>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>>>> process to the boot sector of the active partition which then in turns
>>>>> passes the boot process to the ntldr boot loader, only then (when the
>>>>> boot sector passes the boot process to the boot loader) is Windows
>>>>> involved, anything prior to that has nothing to do with Windows. So
>>>>> what
>>>>> does all of this do? It simply allows one to gauge the time at which
>>>>> Windows actually becomes involved in the boot process, it can
>>>>> sometimes
>>>>> be helpful if one is having difficulties determining where the boot
>>>>> process is at when it hangs after the POST test.
>>>>>
>>>>> Your comments that there is whirling and clicking noises doesn't sound
>>>>> too good, this can be a sign of a failing hard drive. A failing drive
>>>>> can often be difficult to boot and it can take a long time to do so. I
>>>>> would strongly suggest that you backup all your precious files and run
>>>>> disk diagnostic utility from the drive manufacturer on the disk.
>>>>> Another
>>>>> way to do a quick test is to open the box and touch the hard disk, a
>>>>> failing whirling and clicking drive will usually also become quite hot
>>>>> to the touch.
>>>>>
>>>>> John
>>>> Found Boot.ini and added "phony" line. I got the phony choice after
>>>> only 15 secs, so I now assume the BIOS is doing its stuff OK. There is
>>>> then a wait of 2 mins till the progress bar appears (or 1min to the
>>>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>>>> about 12 mins to the Windows XP logo, then about 4 mins till my
>>>> startup programs have kicked in OK. So if it is Windows that is
>>>> involved and not now the BIOS or the POST, what can suddenly be
>>>> causing this huge delay of 14 mins?? Any more help greatly appreciated.
>>>
>>> Now it becomes a sleuthing exercise! How long does it take the machine
>>> to boot in Safe-Mode?
>>>
>>> John
>> It takes the same time,with same progress bar. I have just tried going
>> through msconfig and starting with *only* System Services and Original
>> boot.ini, and all other services disabled, but that makes no
>> differenve either!Is the progress bar a part of ntldr, in which case
>> how can I access ntldr itself and run some sort of diagnostic?
>
> The problem is not with ntldr and the progress bar is just a graphic
> display while drivers are being loaded, it can be turned off with the
> /noguiboot switch in the boot.ini file (can be done via the boot.ini tab
> in msconfig). Windows loads the VGA driver to display this progress bar,
> there could be problems with the driver, enabling the /noguiboot switch
> will instruct Windows to not load the driver, it's a stretch but give it
> a try and see what happens, the VGA driver might be causing problems.
>
> If the same slow boot is also happening when you boot to safe mode then
> this is most likely a hardware problem or a problem with a boot device
> driver. Bootlog the Safe-Mode boot and see if you can get useful
> information from the bootlog. Safe-Mode loads fewer drivers so the
> bootlog will be smaller than the log from a normal boot, it will be
> easier to weed out the smaller safe mode log than that of the normal
> boot. The bootlog will be written to the Ntbtlog.txt file and it will be
> stored in the %SystemRoot% folder.
>
> How long has this problem been going on? Did you install any new
> hardware or update drivers before it started? Did you install any
> software or do any operating system updates before this started? Is the
> machine clean and free of any virus or other such pests? Do you have USB
> drives connected to the machine, or cards inserted into card readers
> when the machine is booting? Disconnect or power off all unnecessary
> external peripherals while you troubleshoot the problem. Did you change
> any settings in the BIOS? Resetting the BIOS to default or failsafe
> settings might make a difference.
>
> If you can't find any useful information from the boot log then I would
> suggest that you run hardware diagnostics on the machine, run a
> manufacturer diagnostic on the drive, chkdsk doesn't cut it when it
> comes to hardware problems with disks.
>
> John
John - just to be clear - the white progress bar at issue is not the
little blue bar that appears under the Windows XP logo when Windows
finally kicks in; it is the one that appears when Windows "resumes"
after re-starting from hibernation. In my case, this bar takes about
15mins to reach the halfway point, then disappears and the Windows logo
appears and all is as before (OK). If I start from hibernation (I have
just discovered),when the screen comes alive that progress bar is
already half-filled and Windows starts normally to previous state.I will
do a safe-mode bootlog, add noguiboot, disconnect all peripherals and
see what happens. The problem has been with me about 2 months, but no,
as far as I can remember, I hadn't just installed/updated anything, and
yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the
deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the
BIOS. I will continue to let you know how I get on, but thank you so
much for all your efforts so far.
Richard.
Re: Missing boot-start driver bthex.dll
On 25/06/2010 13:45, Richard wrote:
> On 25/06/2010 12:59, John John - MVP wrote:
>> Richard wrote:
>>> On 24/06/2010 22:37, John John - MVP wrote:
>>>>
>>>> Richard wrote:
>>>>> On 24/06/2010 18:31, John John - MVP wrote:
>>>>>>
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>>>>
>>>>>>>>>> John John - MVP wrote:
>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>>>>> computer
>>>>>>>>>>>>>>>> (with
>>>>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>> before
>>>>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>>>>> bottom
>>>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>>>>> Windows
>>>>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer
>>>>>>>>>>>>>>>> for the
>>>>>>>>>>>>>>>> System
>>>>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex"
>>>>>>>>>>>>>>>> was not
>>>>>>>>>>>>>>>> found.
>>>>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected
>>>>>>>>>>>>>>>> to be
>>>>>>>>>>>>>>>> found
>>>>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>>>>> DVD
>>>>>>>>>>>>>>>> in the
>>>>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>>>>> there,
>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>>>>> where I
>>>>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>>>>> their
>>>>>>>>>>>>>>>> own
>>>>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>>>>> for any
>>>>>>>>>>>>>>>> help
>>>>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A
>>>>>>>>>>>>>>> search
>>>>>>>>>>>>>>> for this
>>>>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>>>>> virus or
>>>>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>>>>> machine is
>>>>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Where *exactly* in the registry did you find reference to
>>>>>>>>>>>>>>> this
>>>>>>>>>>>>>>> file? It
>>>>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>>>>> infection and
>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> John
>>>>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to
>>>>>>>>>>>>>> "1")
>>>>>>>>>>>>>> which
>>>>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete
>>>>>>>>>>>>>> all
>>>>>>>>>>>>>> these
>>>>>>>>>>>>>> references, could that help??
>>>>>>>>>>>>>
>>>>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>>>>> make
>>>>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>>>>> to the
>>>>>>>>>>>>> Windows XP-based computer
>>>>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>>>>
>>>>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>>>>> Manager to
>>>>>>>>>>>>> show
>>>>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>>>>
>>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>>>>> start devmgmt.msc
>>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>>
>>>>>>>>>>>>> You cannot delete the keys in the Enum section because you
>>>>>>>>>>>>> do not
>>>>>>>>>>>>> have
>>>>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>>>>> and you
>>>>>>>>>>>>> will be able to remove the keys. Before you do that keep in
>>>>>>>>>>>>> mind
>>>>>>>>>>>>> that
>>>>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>>>>> permission to
>>>>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>>>>> remove
>>>>>>>>>>>>> the
>>>>>>>>>>>>> device in the Device Manager instead of removing it from the
>>>>>>>>>>>>> Enum
>>>>>>>>>>>>> keys.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Before you change the permissions and delete keys please
>>>>>>>>>>>>> read the
>>>>>>>>>>>>> following:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Enum
>>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>>>>
>>>>>>>>>>>>> System and Startup Settings
>>>>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>>>>
>>>>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>>>>
>>>>>>>>>>>>> John
>>>>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>>>>> No mention in Device Manager, or after running your batch
>>>>>>>>>>>> file. I
>>>>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>>>>> permission
>>>>>>>>>>>> if I did want to?? I will read the articles you mention, but
>>>>>>>>>>>> since
>>>>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>>>>> searching
>>>>>>>>>>>> for it?? Thanks again.
>>>>>>>>>>>
>>>>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>>>>> permissions,
>>>>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>>>>
>>>>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>>>>> remove
>>>>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>>>>> in the
>>>>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>>>>> Configuration.
>>>>>>>>>>
>>>>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>>>>> service
>>>>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>>>>> branch, I
>>>>>>>>>> suggest that you remove or disable the service there. To
>>>>>>>>>> disable the
>>>>>>>>>> service set its Start value to 4.
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted,
>>>>>>>>> the
>>>>>>>>> problem is still there, but Event Viewer no longer reports a
>>>>>>>>> problem
>>>>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>>>>> the
>>>>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>>>>> what it
>>>>>>>>> might now be? Could it be something to do with Power On Self
>>>>>>>>> Testing,
>>>>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>>>>> started
>>>>>>>>> occuring? Cheers.
>>>>>>>>
>>>>>>>> I think that what you are seeing is part of the Windows boot
>>>>>>>> process
>>>>>>>> rather than the POST routine, an easy way to tell would be to
>>>>>>>> press/tap
>>>>>>>> the F8 key when the computer is booting and see how long it takes
>>>>>>>> for
>>>>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>>>>> line
>>>>>>>> in the boot.ini file and see how long it takes for ntldr to parse
>>>>>>>> and
>>>>>>>> present the boot menu.
>>>>>>>>
>>>>>>>> John
>>>>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>>>>> continue for about 2 mins, then the white progress bar appears and
>>>>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>>>>> menu appears. Choosing any option results in the correct procedure,
>>>>>>> but another 15 mins for the bar to disappear and the Windows
>>>>>>> start-up
>>>>>>> logo to kick in. Before all this began, the advanced options screen
>>>>>>> would appear within seconds. Does this indicate Windows boot routine
>>>>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>>>>> in boot.ini what would the length of time tell me? Thank you very
>>>>>>> much
>>>>>>> for all your help with this.
>>>>>>
>>>>>> When the boot.ini file contains only one ARC path, (like most Windows
>>>>>> installations), the boot loader (ntldr) simply parses the file and
>>>>>> proceeds to boot the default Windows installation without
>>>>>> presenting the
>>>>>> user with a boot menu. When the boot.ini file contains more than one
>>>>>> line ntldr reads the file then presents a boot menu for a certain
>>>>>> length
>>>>>> of time to allow the user to select which Windows installation to
>>>>>> boot.
>>>>>>
>>>>>> For example:
>>>>>>
>>>>>> Most boot.ini files where only one Windows installation is present
>>>>>> will
>>>>>> look something like this:
>>>>>>
>>>>>> [boot loader]
>>>>>> timeout=30
>>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>> [operating systems]
>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>>> Professional" /fastdetect
>>>>>>
>>>>>> In the above example the file only contains one ARC path:
>>>>>>
>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>>
>>>>>> Ntldr sees that there is only one Windows installation present so it
>>>>>> doesn't present a boot menu and proceeds to load the default Windows
>>>>>> installation. If we were to add a second "phony" installation ntldr
>>>>>> would pause to allow the user to select which Windows installation to
>>>>>> boot, the boot.ini file could look like this:
>>>>>>
>>>>>> [boot loader]
>>>>>> timeout=30
>>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>> [operating systems]
>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>>> Professional" /fastdetect
>>>>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows"
>>>>>> /fastdetect
>>>>>>
>>>>>> When seeing more than one ARC path lines ntldr will now pause when
>>>>>> the
>>>>>> computer is booted and it will present the user with a boot menu
>>>>>> allowing the user to select one of the following:
>>>>>>
>>>>>> Microsoft Windows XP Professional
>>>>>> Phony Windows
>>>>>>
>>>>>> If no selection is made after the timeout= time ntldr will load the
>>>>>> default= operating system. With the above boot.ini file, if no
>>>>>> selection
>>>>>> is made, after 30 seconds ntldr will load the
>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>>>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>>>>> quotation marks is for human eyes only, what you see on the boot
>>>>>> menu,
>>>>>> so the above "Phony Windows" line is valid, you will see Phony
>>>>>> Windows
>>>>>> as a boot option.
>>>>>>
>>>>>> This is simply an option that allows you to gauge how much time it
>>>>>> takes
>>>>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>>>>> process to the boot sector of the active partition which then in
>>>>>> turns
>>>>>> passes the boot process to the ntldr boot loader, only then (when the
>>>>>> boot sector passes the boot process to the boot loader) is Windows
>>>>>> involved, anything prior to that has nothing to do with Windows. So
>>>>>> what
>>>>>> does all of this do? It simply allows one to gauge the time at which
>>>>>> Windows actually becomes involved in the boot process, it can
>>>>>> sometimes
>>>>>> be helpful if one is having difficulties determining where the boot
>>>>>> process is at when it hangs after the POST test.
>>>>>>
>>>>>> Your comments that there is whirling and clicking noises doesn't
>>>>>> sound
>>>>>> too good, this can be a sign of a failing hard drive. A failing drive
>>>>>> can often be difficult to boot and it can take a long time to do
>>>>>> so. I
>>>>>> would strongly suggest that you backup all your precious files and
>>>>>> run
>>>>>> disk diagnostic utility from the drive manufacturer on the disk.
>>>>>> Another
>>>>>> way to do a quick test is to open the box and touch the hard disk, a
>>>>>> failing whirling and clicking drive will usually also become quite
>>>>>> hot
>>>>>> to the touch.
>>>>>>
>>>>>> John
>>>>> Found Boot.ini and added "phony" line. I got the phony choice after
>>>>> only 15 secs, so I now assume the BIOS is doing its stuff OK. There is
>>>>> then a wait of 2 mins till the progress bar appears (or 1min to the
>>>>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>>>>> about 12 mins to the Windows XP logo, then about 4 mins till my
>>>>> startup programs have kicked in OK. So if it is Windows that is
>>>>> involved and not now the BIOS or the POST, what can suddenly be
>>>>> causing this huge delay of 14 mins?? Any more help greatly
>>>>> appreciated.
>>>>
>>>> Now it becomes a sleuthing exercise! How long does it take the machine
>>>> to boot in Safe-Mode?
>>>>
>>>> John
>>> It takes the same time,with same progress bar. I have just tried going
>>> through msconfig and starting with *only* System Services and Original
>>> boot.ini, and all other services disabled, but that makes no
>>> differenve either!Is the progress bar a part of ntldr, in which case
>>> how can I access ntldr itself and run some sort of diagnostic?
>>
>> The problem is not with ntldr and the progress bar is just a graphic
>> display while drivers are being loaded, it can be turned off with the
>> /noguiboot switch in the boot.ini file (can be done via the boot.ini tab
>> in msconfig). Windows loads the VGA driver to display this progress bar,
>> there could be problems with the driver, enabling the /noguiboot switch
>> will instruct Windows to not load the driver, it's a stretch but give it
>> a try and see what happens, the VGA driver might be causing problems.
>>
>> If the same slow boot is also happening when you boot to safe mode then
>> this is most likely a hardware problem or a problem with a boot device
>> driver. Bootlog the Safe-Mode boot and see if you can get useful
>> information from the bootlog. Safe-Mode loads fewer drivers so the
>> bootlog will be smaller than the log from a normal boot, it will be
>> easier to weed out the smaller safe mode log than that of the normal
>> boot. The bootlog will be written to the Ntbtlog.txt file and it will be
>> stored in the %SystemRoot% folder.
>>
>> How long has this problem been going on? Did you install any new
>> hardware or update drivers before it started? Did you install any
>> software or do any operating system updates before this started? Is the
>> machine clean and free of any virus or other such pests? Do you have USB
>> drives connected to the machine, or cards inserted into card readers
>> when the machine is booting? Disconnect or power off all unnecessary
>> external peripherals while you troubleshoot the problem. Did you change
>> any settings in the BIOS? Resetting the BIOS to default or failsafe
>> settings might make a difference.
>>
>> If you can't find any useful information from the boot log then I would
>> suggest that you run hardware diagnostics on the machine, run a
>> manufacturer diagnostic on the drive, chkdsk doesn't cut it when it
>> comes to hardware problems with disks.
>>
>> John
> John - just to be clear - the white progress bar at issue is not the
> little blue bar that appears under the Windows XP logo when Windows
> finally kicks in; it is the one that appears when Windows "resumes"
> after re-starting from hibernation. In my case, this bar takes about
> 15mins to reach the halfway point, then disappears and the Windows logo
> appears and all is as before (OK). If I start from hibernation (I have
> just discovered),when the screen comes alive that progress bar is
> already half-filled and Windows starts normally to previous state.I will
> do a safe-mode bootlog, add noguiboot, disconnect all peripherals and
> see what happens. The problem has been with me about 2 months, but no,
> as far as I can remember, I hadn't just installed/updated anything, and
> yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the
> deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the
> BIOS. I will continue to let you know how I get on, but thank you so
> much for all your efforts so far.
> Richard.
To update - safe mode bootlog gave a huge list of drivers that did not
start (as expected)but no better speed. Noguiboot prevented the white
bar from appearing but did not speed anything up. One thing - the
Alternative options screen appeared almost immediately after pressing
F8, whereas last time it took about 90 secs. But after that, same old
problem. I did a normal start with bootlogging and all drivers loaded
apart from the following: NDProxy.sys, lbrtfdc.sys, fdc.sys,
flpydisk.sys, sfloppy.sys (I don't have a floppy drive) i20mgmt.sys,
Changer.sys, cdaudio.sys, processr.sys, PCIDump.sys, avg2k.sys,
rdbss.sys, mrxsmbr.sys, Serial.sys and ipnat.sys. I don't know what any
of these do but "processr.sys" sounds a bit dire!? While watching the
safe-mode boot I noticed that all the drivers loading information
appeared one after the other very slowly, rather than in a blur as I
seem to remember from some time before. Could it be that my drivers are
initialising one at a time rather than synchronously, and how would I
rectify it if so?? Thanks again.
Richard.
> On 25/06/2010 12:59, John John - MVP wrote:
>> Richard wrote:
>>> On 24/06/2010 22:37, John John - MVP wrote:
>>>>
>>>> Richard wrote:
>>>>> On 24/06/2010 18:31, John John - MVP wrote:
>>>>>>
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>>>>
>>>>>>>>>> John John - MVP wrote:
>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>>>>> computer
>>>>>>>>>>>>>>>> (with
>>>>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen
>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>> before
>>>>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>>>>> bottom
>>>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual
>>>>>>>>>>>>>>>> Windows
>>>>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer
>>>>>>>>>>>>>>>> for the
>>>>>>>>>>>>>>>> System
>>>>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex"
>>>>>>>>>>>>>>>> was not
>>>>>>>>>>>>>>>> found.
>>>>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected
>>>>>>>>>>>>>>>> to be
>>>>>>>>>>>>>>>> found
>>>>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has
>>>>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>>>>> deleted\renamed it or something. I have put my installation
>>>>>>>>>>>>>>>> DVD
>>>>>>>>>>>>>>>> in the
>>>>>>>>>>>>>>>> drive and tried a repair but this driver cannot be located
>>>>>>>>>>>>>>>> there,
>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest
>>>>>>>>>>>>>>>> where I
>>>>>>>>>>>>>>>> might find this system file, or maybe even search for it on
>>>>>>>>>>>>>>>> their
>>>>>>>>>>>>>>>> own
>>>>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>>>>> for any
>>>>>>>>>>>>>>>> help
>>>>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A
>>>>>>>>>>>>>>> search
>>>>>>>>>>>>>>> for this
>>>>>>>>>>>>>>> file yields no results, often an indication that the file is
>>>>>>>>>>>>>>> virus or
>>>>>>>>>>>>>>> malware related. I would suggest that you make sure that the
>>>>>>>>>>>>>>> machine is
>>>>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Where *exactly* in the registry did you find reference to
>>>>>>>>>>>>>>> this
>>>>>>>>>>>>>>> file? It
>>>>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>>>>> infection and
>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> John
>>>>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to
>>>>>>>>>>>>>> "1")
>>>>>>>>>>>>>> which
>>>>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete
>>>>>>>>>>>>>> all
>>>>>>>>>>>>>> these
>>>>>>>>>>>>>> references, could that help??
>>>>>>>>>>>>>
>>>>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Look for phantom devices in the Device Manager and see if any
>>>>>>>>>>>>> make
>>>>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Device Manager does not display devices that are not connected
>>>>>>>>>>>>> to the
>>>>>>>>>>>>> Windows XP-based computer
>>>>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>>>>
>>>>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>>>>> Manager to
>>>>>>>>>>>>> show
>>>>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>>>>
>>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>>>>> start devmgmt.msc
>>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>>
>>>>>>>>>>>>> You cannot delete the keys in the Enum section because you
>>>>>>>>>>>>> do not
>>>>>>>>>>>>> have
>>>>>>>>>>>>> permission to do so, grant yourself the necessary permissions
>>>>>>>>>>>>> and you
>>>>>>>>>>>>> will be able to remove the keys. Before you do that keep in
>>>>>>>>>>>>> mind
>>>>>>>>>>>>> that
>>>>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>>>>> permission to
>>>>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>>>>> remove
>>>>>>>>>>>>> the
>>>>>>>>>>>>> device in the Device Manager instead of removing it from the
>>>>>>>>>>>>> Enum
>>>>>>>>>>>>> keys.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Before you change the permissions and delete keys please
>>>>>>>>>>>>> read the
>>>>>>>>>>>>> following:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Enum
>>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>>>>
>>>>>>>>>>>>> System and Startup Settings
>>>>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>>>>
>>>>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>>>>
>>>>>>>>>>>>> John
>>>>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>>>>> No mention in Device Manager, or after running your batch
>>>>>>>>>>>> file. I
>>>>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>>>>> permission
>>>>>>>>>>>> if I did want to?? I will read the articles you mention, but
>>>>>>>>>>>> since
>>>>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>>>>> searching
>>>>>>>>>>>> for it?? Thanks again.
>>>>>>>>>>>
>>>>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>>>>> permissions,
>>>>>>>>>>> just right click on the offending key and select Permissions...
>>>>>>>>>>>
>>>>>>>>>>> If you are convinced that this is the culprit and if you cannot
>>>>>>>>>>> remove
>>>>>>>>>>> the device from the Device Manager then just grant yourself full
>>>>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>>>>> in the
>>>>>>>>>>> CurrentControlSet only! If the Windows installation balks at its
>>>>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>>>>> Configuration.
>>>>>>>>>>
>>>>>>>>>> PS. The problem is more likely to be caused by the status of the
>>>>>>>>>> service
>>>>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>>>>> branch, I
>>>>>>>>>> suggest that you remove or disable the service there. To
>>>>>>>>>> disable the
>>>>>>>>>> service set its Start value to 4.
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted,
>>>>>>>>> the
>>>>>>>>> problem is still there, but Event Viewer no longer reports a
>>>>>>>>> problem
>>>>>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not*
>>>>>>>>> the
>>>>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>>>>> what it
>>>>>>>>> might now be? Could it be something to do with Power On Self
>>>>>>>>> Testing,
>>>>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>>>>> started
>>>>>>>>> occuring? Cheers.
>>>>>>>>
>>>>>>>> I think that what you are seeing is part of the Windows boot
>>>>>>>> process
>>>>>>>> rather than the POST routine, an easy way to tell would be to
>>>>>>>> press/tap
>>>>>>>> the F8 key when the computer is booting and see how long it takes
>>>>>>>> for
>>>>>>>> the advanced Windows boot options show up. Or put a second (phony)
>>>>>>>> line
>>>>>>>> in the boot.ini file and see how long it takes for ntldr to parse
>>>>>>>> and
>>>>>>>> present the boot menu.
>>>>>>>>
>>>>>>>> John
>>>>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>>>>> continue for about 2 mins, then the white progress bar appears and
>>>>>>> continues another 2 or 3 mins, and then at last the advanced options
>>>>>>> menu appears. Choosing any option results in the correct procedure,
>>>>>>> but another 15 mins for the bar to disappear and the Windows
>>>>>>> start-up
>>>>>>> logo to kick in. Before all this began, the advanced options screen
>>>>>>> would appear within seconds. Does this indicate Windows boot routine
>>>>>>> or POST, and if so what does this indicate? If I placed a phony line
>>>>>>> in boot.ini what would the length of time tell me? Thank you very
>>>>>>> much
>>>>>>> for all your help with this.
>>>>>>
>>>>>> When the boot.ini file contains only one ARC path, (like most Windows
>>>>>> installations), the boot loader (ntldr) simply parses the file and
>>>>>> proceeds to boot the default Windows installation without
>>>>>> presenting the
>>>>>> user with a boot menu. When the boot.ini file contains more than one
>>>>>> line ntldr reads the file then presents a boot menu for a certain
>>>>>> length
>>>>>> of time to allow the user to select which Windows installation to
>>>>>> boot.
>>>>>>
>>>>>> For example:
>>>>>>
>>>>>> Most boot.ini files where only one Windows installation is present
>>>>>> will
>>>>>> look something like this:
>>>>>>
>>>>>> [boot loader]
>>>>>> timeout=30
>>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>> [operating systems]
>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>>> Professional" /fastdetect
>>>>>>
>>>>>> In the above example the file only contains one ARC path:
>>>>>>
>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>>
>>>>>> Ntldr sees that there is only one Windows installation present so it
>>>>>> doesn't present a boot menu and proceeds to load the default Windows
>>>>>> installation. If we were to add a second "phony" installation ntldr
>>>>>> would pause to allow the user to select which Windows installation to
>>>>>> boot, the boot.ini file could look like this:
>>>>>>
>>>>>> [boot loader]
>>>>>> timeout=30
>>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>> [operating systems]
>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>>> Professional" /fastdetect
>>>>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows"
>>>>>> /fastdetect
>>>>>>
>>>>>> When seeing more than one ARC path lines ntldr will now pause when
>>>>>> the
>>>>>> computer is booted and it will present the user with a boot menu
>>>>>> allowing the user to select one of the following:
>>>>>>
>>>>>> Microsoft Windows XP Professional
>>>>>> Phony Windows
>>>>>>
>>>>>> If no selection is made after the timeout= time ntldr will load the
>>>>>> default= operating system. With the above boot.ini file, if no
>>>>>> selection
>>>>>> is made, after 30 seconds ntldr will load the
>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one
>>>>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>>>>> quotation marks is for human eyes only, what you see on the boot
>>>>>> menu,
>>>>>> so the above "Phony Windows" line is valid, you will see Phony
>>>>>> Windows
>>>>>> as a boot option.
>>>>>>
>>>>>> This is simply an option that allows you to gauge how much time it
>>>>>> takes
>>>>>> for the BIOS to do it's stuff and load the MBR and then pass the boot
>>>>>> process to the boot sector of the active partition which then in
>>>>>> turns
>>>>>> passes the boot process to the ntldr boot loader, only then (when the
>>>>>> boot sector passes the boot process to the boot loader) is Windows
>>>>>> involved, anything prior to that has nothing to do with Windows. So
>>>>>> what
>>>>>> does all of this do? It simply allows one to gauge the time at which
>>>>>> Windows actually becomes involved in the boot process, it can
>>>>>> sometimes
>>>>>> be helpful if one is having difficulties determining where the boot
>>>>>> process is at when it hangs after the POST test.
>>>>>>
>>>>>> Your comments that there is whirling and clicking noises doesn't
>>>>>> sound
>>>>>> too good, this can be a sign of a failing hard drive. A failing drive
>>>>>> can often be difficult to boot and it can take a long time to do
>>>>>> so. I
>>>>>> would strongly suggest that you backup all your precious files and
>>>>>> run
>>>>>> disk diagnostic utility from the drive manufacturer on the disk.
>>>>>> Another
>>>>>> way to do a quick test is to open the box and touch the hard disk, a
>>>>>> failing whirling and clicking drive will usually also become quite
>>>>>> hot
>>>>>> to the touch.
>>>>>>
>>>>>> John
>>>>> Found Boot.ini and added "phony" line. I got the phony choice after
>>>>> only 15 secs, so I now assume the BIOS is doing its stuff OK. There is
>>>>> then a wait of 2 mins till the progress bar appears (or 1min to the
>>>>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>>>>> about 12 mins to the Windows XP logo, then about 4 mins till my
>>>>> startup programs have kicked in OK. So if it is Windows that is
>>>>> involved and not now the BIOS or the POST, what can suddenly be
>>>>> causing this huge delay of 14 mins?? Any more help greatly
>>>>> appreciated.
>>>>
>>>> Now it becomes a sleuthing exercise! How long does it take the machine
>>>> to boot in Safe-Mode?
>>>>
>>>> John
>>> It takes the same time,with same progress bar. I have just tried going
>>> through msconfig and starting with *only* System Services and Original
>>> boot.ini, and all other services disabled, but that makes no
>>> differenve either!Is the progress bar a part of ntldr, in which case
>>> how can I access ntldr itself and run some sort of diagnostic?
>>
>> The problem is not with ntldr and the progress bar is just a graphic
>> display while drivers are being loaded, it can be turned off with the
>> /noguiboot switch in the boot.ini file (can be done via the boot.ini tab
>> in msconfig). Windows loads the VGA driver to display this progress bar,
>> there could be problems with the driver, enabling the /noguiboot switch
>> will instruct Windows to not load the driver, it's a stretch but give it
>> a try and see what happens, the VGA driver might be causing problems.
>>
>> If the same slow boot is also happening when you boot to safe mode then
>> this is most likely a hardware problem or a problem with a boot device
>> driver. Bootlog the Safe-Mode boot and see if you can get useful
>> information from the bootlog. Safe-Mode loads fewer drivers so the
>> bootlog will be smaller than the log from a normal boot, it will be
>> easier to weed out the smaller safe mode log than that of the normal
>> boot. The bootlog will be written to the Ntbtlog.txt file and it will be
>> stored in the %SystemRoot% folder.
>>
>> How long has this problem been going on? Did you install any new
>> hardware or update drivers before it started? Did you install any
>> software or do any operating system updates before this started? Is the
>> machine clean and free of any virus or other such pests? Do you have USB
>> drives connected to the machine, or cards inserted into card readers
>> when the machine is booting? Disconnect or power off all unnecessary
>> external peripherals while you troubleshoot the problem. Did you change
>> any settings in the BIOS? Resetting the BIOS to default or failsafe
>> settings might make a difference.
>>
>> If you can't find any useful information from the boot log then I would
>> suggest that you run hardware diagnostics on the machine, run a
>> manufacturer diagnostic on the drive, chkdsk doesn't cut it when it
>> comes to hardware problems with disks.
>>
>> John
> John - just to be clear - the white progress bar at issue is not the
> little blue bar that appears under the Windows XP logo when Windows
> finally kicks in; it is the one that appears when Windows "resumes"
> after re-starting from hibernation. In my case, this bar takes about
> 15mins to reach the halfway point, then disappears and the Windows logo
> appears and all is as before (OK). If I start from hibernation (I have
> just discovered),when the screen comes alive that progress bar is
> already half-filled and Windows starts normally to previous state.I will
> do a safe-mode bootlog, add noguiboot, disconnect all peripherals and
> see what happens. The problem has been with me about 2 months, but no,
> as far as I can remember, I hadn't just installed/updated anything, and
> yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the
> deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the
> BIOS. I will continue to let you know how I get on, but thank you so
> much for all your efforts so far.
> Richard.
To update - safe mode bootlog gave a huge list of drivers that did not
start (as expected)but no better speed. Noguiboot prevented the white
bar from appearing but did not speed anything up. One thing - the
Alternative options screen appeared almost immediately after pressing
F8, whereas last time it took about 90 secs. But after that, same old
problem. I did a normal start with bootlogging and all drivers loaded
apart from the following: NDProxy.sys, lbrtfdc.sys, fdc.sys,
flpydisk.sys, sfloppy.sys (I don't have a floppy drive) i20mgmt.sys,
Changer.sys, cdaudio.sys, processr.sys, PCIDump.sys, avg2k.sys,
rdbss.sys, mrxsmbr.sys, Serial.sys and ipnat.sys. I don't know what any
of these do but "processr.sys" sounds a bit dire!? While watching the
safe-mode boot I noticed that all the drivers loading information
appeared one after the other very slowly, rather than in a blur as I
seem to remember from some time before. Could it be that my drivers are
initialising one at a time rather than synchronously, and how would I
rectify it if so?? Thanks again.
Richard.
Re: Missing boot-start driver bthex.dll
John John - MVP wrote:
> Richard wrote:
>> On 25/06/2010 13:45, Richard wrote:
>>> On 25/06/2010 12:59, John John - MVP wrote:
>>>> Richard wrote:
>>>>> On 24/06/2010 22:37, John John - MVP wrote:
>>>>>>
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 18:31, John John - MVP wrote:
>>>>>>>>
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> John John - MVP wrote:
>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>>>>>>> computer
>>>>>>>>>>>>>>>>>> (with
>>>>>>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info
>>>>>>>>>>>>>>>>>> screen
>>>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>>> before
>>>>>>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>>>>>>> bottom
>>>>>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>>>>>> screen that fills up over about 20 minutes before the
>>>>>>>>>>>>>>>>>> usual
>>>>>>>>>>>>>>>>>> Windows
>>>>>>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer
>>>>>>>>>>>>>>>>>> for the
>>>>>>>>>>>>>>>>>> System
>>>>>>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex"
>>>>>>>>>>>>>>>>>> was not
>>>>>>>>>>>>>>>>>> found.
>>>>>>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected
>>>>>>>>>>>>>>>>>> to be
>>>>>>>>>>>>>>>>>> found
>>>>>>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something
>>>>>>>>>>>>>>>>>> has
>>>>>>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>>>>>>> deleted\renamed it or something. I have put my
>>>>>>>>>>>>>>>>>> installation
>>>>>>>>>>>>>>>>>> DVD
>>>>>>>>>>>>>>>>>> in the
>>>>>>>>>>>>>>>>>> drive and tried a repair but this driver cannot be
>>>>>>>>>>>>>>>>>> located
>>>>>>>>>>>>>>>>>> there,
>>>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone
>>>>>>>>>>>>>>>>>> suggest
>>>>>>>>>>>>>>>>>> where I
>>>>>>>>>>>>>>>>>> might find this system file, or maybe even search for
>>>>>>>>>>>>>>>>>> it on
>>>>>>>>>>>>>>>>>> their
>>>>>>>>>>>>>>>>>> own
>>>>>>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>>>>>>> for any
>>>>>>>>>>>>>>>>>> help
>>>>>>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A
>>>>>>>>>>>>>>>>> search
>>>>>>>>>>>>>>>>> for this
>>>>>>>>>>>>>>>>> file yields no results, often an indication that the
>>>>>>>>>>>>>>>>> file is
>>>>>>>>>>>>>>>>> virus or
>>>>>>>>>>>>>>>>> malware related. I would suggest that you make sure
>>>>>>>>>>>>>>>>> that the
>>>>>>>>>>>>>>>>> machine is
>>>>>>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Where *exactly* in the registry did you find reference to
>>>>>>>>>>>>>>>>> this
>>>>>>>>>>>>>>>>> file? It
>>>>>>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>>>>>>> infection and
>>>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> John
>>>>>>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to
>>>>>>>>>>>>>>>> "1")
>>>>>>>>>>>>>>>> which
>>>>>>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete
>>>>>>>>>>>>>>>> all
>>>>>>>>>>>>>>>> these
>>>>>>>>>>>>>>>> references, could that help??
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Look for phantom devices in the Device Manager and see if
>>>>>>>>>>>>>>> any
>>>>>>>>>>>>>>> make
>>>>>>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Device Manager does not display devices that are not
>>>>>>>>>>>>>>> connected
>>>>>>>>>>>>>>> to the
>>>>>>>>>>>>>>> Windows XP-based computer
>>>>>>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>>>>>>> Manager to
>>>>>>>>>>>>>>> show
>>>>>>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>>>>>>> start devmgmt.msc
>>>>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> You cannot delete the keys in the Enum section because you
>>>>>>>>>>>>>>> do not
>>>>>>>>>>>>>>> have
>>>>>>>>>>>>>>> permission to do so, grant yourself the necessary
>>>>>>>>>>>>>>> permissions
>>>>>>>>>>>>>>> and you
>>>>>>>>>>>>>>> will be able to remove the keys. Before you do that keep in
>>>>>>>>>>>>>>> mind
>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>>>>>>> permission to
>>>>>>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>>>>>>> remove
>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>> device in the Device Manager instead of removing it from the
>>>>>>>>>>>>>>> Enum
>>>>>>>>>>>>>>> keys.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Before you change the permissions and delete keys please
>>>>>>>>>>>>>>> read the
>>>>>>>>>>>>>>> following:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Enum
>>>>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> System and Startup Settings
>>>>>>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> John
>>>>>>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>>>>>>> No mention in Device Manager, or after running your batch
>>>>>>>>>>>>>> file. I
>>>>>>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>>>>>>> permission
>>>>>>>>>>>>>> if I did want to?? I will read the articles you mention, but
>>>>>>>>>>>>>> since
>>>>>>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>>>>>>> searching
>>>>>>>>>>>>>> for it?? Thanks again.
>>>>>>>>>>>>>
>>>>>>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>>>>>>> permissions,
>>>>>>>>>>>>> just right click on the offending key and select
>>>>>>>>>>>>> Permissions...
>>>>>>>>>>>>>
>>>>>>>>>>>>> If you are convinced that this is the culprit and if you
>>>>>>>>>>>>> cannot
>>>>>>>>>>>>> remove
>>>>>>>>>>>>> the device from the Device Manager then just grant yourself
>>>>>>>>>>>>> full
>>>>>>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>>>>>>> in the
>>>>>>>>>>>>> CurrentControlSet only! If the Windows installation balks
>>>>>>>>>>>>> at its
>>>>>>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>>>>>>> Configuration.
>>>>>>>>>>>>
>>>>>>>>>>>> PS. The problem is more likely to be caused by the status of
>>>>>>>>>>>> the
>>>>>>>>>>>> service
>>>>>>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>>>>>>> branch, I
>>>>>>>>>>>> suggest that you remove or disable the service there. To
>>>>>>>>>>>> disable the
>>>>>>>>>>>> service set its Start value to 4.
>>>>>>>>>>>>
>>>>>>>>>>>> John
>>>>>>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted,
>>>>>>>>>>> the
>>>>>>>>>>> problem is still there, but Event Viewer no longer reports a
>>>>>>>>>>> problem
>>>>>>>>>>> in looking for bthex. So I presume bthex, whatever it is, is
>>>>>>>>>>> *not*
>>>>>>>>>>> the
>>>>>>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>>>>>>> what it
>>>>>>>>>>> might now be? Could it be something to do with Power On Self
>>>>>>>>>>> Testing,
>>>>>>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>>>>>>> started
>>>>>>>>>>> occuring? Cheers.
>>>>>>>>>>
>>>>>>>>>> I think that what you are seeing is part of the Windows boot
>>>>>>>>>> process
>>>>>>>>>> rather than the POST routine, an easy way to tell would be to
>>>>>>>>>> press/tap
>>>>>>>>>> the F8 key when the computer is booting and see how long it takes
>>>>>>>>>> for
>>>>>>>>>> the advanced Windows boot options show up. Or put a second
>>>>>>>>>> (phony)
>>>>>>>>>> line
>>>>>>>>>> in the boot.ini file and see how long it takes for ntldr to parse
>>>>>>>>>> and
>>>>>>>>>> present the boot menu.
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>>>>>>> continue for about 2 mins, then the white progress bar appears and
>>>>>>>>> continues another 2 or 3 mins, and then at last the advanced
>>>>>>>>> options
>>>>>>>>> menu appears. Choosing any option results in the correct
>>>>>>>>> procedure,
>>>>>>>>> but another 15 mins for the bar to disappear and the Windows
>>>>>>>>> start-up
>>>>>>>>> logo to kick in. Before all this began, the advanced options
>>>>>>>>> screen
>>>>>>>>> would appear within seconds. Does this indicate Windows boot
>>>>>>>>> routine
>>>>>>>>> or POST, and if so what does this indicate? If I placed a phony
>>>>>>>>> line
>>>>>>>>> in boot.ini what would the length of time tell me? Thank you very
>>>>>>>>> much
>>>>>>>>> for all your help with this.
>>>>>>>>
>>>>>>>> When the boot.ini file contains only one ARC path, (like most
>>>>>>>> Windows
>>>>>>>> installations), the boot loader (ntldr) simply parses the file and
>>>>>>>> proceeds to boot the default Windows installation without
>>>>>>>> presenting the
>>>>>>>> user with a boot menu. When the boot.ini file contains more than
>>>>>>>> one
>>>>>>>> line ntldr reads the file then presents a boot menu for a certain
>>>>>>>> length
>>>>>>>> of time to allow the user to select which Windows installation to
>>>>>>>> boot.
>>>>>>>>
>>>>>>>> For example:
>>>>>>>>
>>>>>>>> Most boot.ini files where only one Windows installation is present
>>>>>>>> will
>>>>>>>> look something like this:
>>>>>>>>
>>>>>>>> [boot loader]
>>>>>>>> timeout=30
>>>>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>>>> [operating systems]
>>>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>>>>> Professional" /fastdetect
>>>>>>>>
>>>>>>>> In the above example the file only contains one ARC path:
>>>>>>>>
>>>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>>>>
>>>>>>>> Ntldr sees that there is only one Windows installation present
>>>>>>>> so it
>>>>>>>> doesn't present a boot menu and proceeds to load the default
>>>>>>>> Windows
>>>>>>>> installation. If we were to add a second "phony" installation ntldr
>>>>>>>> would pause to allow the user to select which Windows
>>>>>>>> installation to
>>>>>>>> boot, the boot.ini file could look like this:
>>>>>>>>
>>>>>>>> [boot loader]
>>>>>>>> timeout=30
>>>>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>>>> [operating systems]
>>>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>>>>> Professional" /fastdetect
>>>>>>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows"
>>>>>>>> /fastdetect
>>>>>>>>
>>>>>>>> When seeing more than one ARC path lines ntldr will now pause when
>>>>>>>> the
>>>>>>>> computer is booted and it will present the user with a boot menu
>>>>>>>> allowing the user to select one of the following:
>>>>>>>>
>>>>>>>> Microsoft Windows XP Professional
>>>>>>>> Phony Windows
>>>>>>>>
>>>>>>>> If no selection is made after the timeout= time ntldr will load the
>>>>>>>> default= operating system. With the above boot.ini file, if no
>>>>>>>> selection
>>>>>>>> is made, after 30 seconds ntldr will load the
>>>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system,
>>>>>>>> the one
>>>>>>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>>>>>>> quotation marks is for human eyes only, what you see on the boot
>>>>>>>> menu,
>>>>>>>> so the above "Phony Windows" line is valid, you will see Phony
>>>>>>>> Windows
>>>>>>>> as a boot option.
>>>>>>>>
>>>>>>>> This is simply an option that allows you to gauge how much time it
>>>>>>>> takes
>>>>>>>> for the BIOS to do it's stuff and load the MBR and then pass the
>>>>>>>> boot
>>>>>>>> process to the boot sector of the active partition which then in
>>>>>>>> turns
>>>>>>>> passes the boot process to the ntldr boot loader, only then
>>>>>>>> (when the
>>>>>>>> boot sector passes the boot process to the boot loader) is Windows
>>>>>>>> involved, anything prior to that has nothing to do with Windows. So
>>>>>>>> what
>>>>>>>> does all of this do? It simply allows one to gauge the time at
>>>>>>>> which
>>>>>>>> Windows actually becomes involved in the boot process, it can
>>>>>>>> sometimes
>>>>>>>> be helpful if one is having difficulties determining where the boot
>>>>>>>> process is at when it hangs after the POST test.
>>>>>>>>
>>>>>>>> Your comments that there is whirling and clicking noises doesn't
>>>>>>>> sound
>>>>>>>> too good, this can be a sign of a failing hard drive. A failing
>>>>>>>> drive
>>>>>>>> can often be difficult to boot and it can take a long time to do
>>>>>>>> so. I
>>>>>>>> would strongly suggest that you backup all your precious files and
>>>>>>>> run
>>>>>>>> disk diagnostic utility from the drive manufacturer on the disk.
>>>>>>>> Another
>>>>>>>> way to do a quick test is to open the box and touch the hard
>>>>>>>> disk, a
>>>>>>>> failing whirling and clicking drive will usually also become quite
>>>>>>>> hot
>>>>>>>> to the touch.
>>>>>>>>
>>>>>>>> John
>>>>>>> Found Boot.ini and added "phony" line. I got the phony choice after
>>>>>>> only 15 secs, so I now assume the BIOS is doing its stuff OK.
>>>>>>> There is
>>>>>>> then a wait of 2 mins till the progress bar appears (or 1min to the
>>>>>>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>>>>>>> about 12 mins to the Windows XP logo, then about 4 mins till my
>>>>>>> startup programs have kicked in OK. So if it is Windows that is
>>>>>>> involved and not now the BIOS or the POST, what can suddenly be
>>>>>>> causing this huge delay of 14 mins?? Any more help greatly
>>>>>>> appreciated.
>>>>>>
>>>>>> Now it becomes a sleuthing exercise! How long does it take the
>>>>>> machine
>>>>>> to boot in Safe-Mode?
>>>>>>
>>>>>> John
>>>>> It takes the same time,with same progress bar. I have just tried going
>>>>> through msconfig and starting with *only* System Services and Original
>>>>> boot.ini, and all other services disabled, but that makes no
>>>>> differenve either!Is the progress bar a part of ntldr, in which case
>>>>> how can I access ntldr itself and run some sort of diagnostic?
>>>>
>>>> The problem is not with ntldr and the progress bar is just a graphic
>>>> display while drivers are being loaded, it can be turned off with the
>>>> /noguiboot switch in the boot.ini file (can be done via the boot.ini
>>>> tab
>>>> in msconfig). Windows loads the VGA driver to display this progress
>>>> bar,
>>>> there could be problems with the driver, enabling the /noguiboot switch
>>>> will instruct Windows to not load the driver, it's a stretch but
>>>> give it
>>>> a try and see what happens, the VGA driver might be causing problems.
>>>>
>>>> If the same slow boot is also happening when you boot to safe mode then
>>>> this is most likely a hardware problem or a problem with a boot device
>>>> driver. Bootlog the Safe-Mode boot and see if you can get useful
>>>> information from the bootlog. Safe-Mode loads fewer drivers so the
>>>> bootlog will be smaller than the log from a normal boot, it will be
>>>> easier to weed out the smaller safe mode log than that of the normal
>>>> boot. The bootlog will be written to the Ntbtlog.txt file and it
>>>> will be
>>>> stored in the %SystemRoot% folder.
>>>>
>>>> How long has this problem been going on? Did you install any new
>>>> hardware or update drivers before it started? Did you install any
>>>> software or do any operating system updates before this started? Is the
>>>> machine clean and free of any virus or other such pests? Do you have
>>>> USB
>>>> drives connected to the machine, or cards inserted into card readers
>>>> when the machine is booting? Disconnect or power off all unnecessary
>>>> external peripherals while you troubleshoot the problem. Did you change
>>>> any settings in the BIOS? Resetting the BIOS to default or failsafe
>>>> settings might make a difference.
>>>>
>>>> If you can't find any useful information from the boot log then I would
>>>> suggest that you run hardware diagnostics on the machine, run a
>>>> manufacturer diagnostic on the drive, chkdsk doesn't cut it when it
>>>> comes to hardware problems with disks.
>>>>
>>>> John
>>> John - just to be clear - the white progress bar at issue is not the
>>> little blue bar that appears under the Windows XP logo when Windows
>>> finally kicks in; it is the one that appears when Windows "resumes"
>>> after re-starting from hibernation. In my case, this bar takes about
>>> 15mins to reach the halfway point, then disappears and the Windows logo
>>> appears and all is as before (OK). If I start from hibernation (I have
>>> just discovered),when the screen comes alive that progress bar is
>>> already half-filled and Windows starts normally to previous state.I will
>>> do a safe-mode bootlog, add noguiboot, disconnect all peripherals and
>>> see what happens. The problem has been with me about 2 months, but no,
>>> as far as I can remember, I hadn't just installed/updated anything, and
>>> yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the
>>> deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the
>>> BIOS. I will continue to let you know how I get on, but thank you so
>>> much for all your efforts so far.
>>> Richard.
>> To update - safe mode bootlog gave a huge list of drivers that did not
>> start (as expected)but no better speed. Noguiboot prevented the white
>> bar from appearing but did not speed anything up. One thing - the
>> Alternative options screen appeared almost immediately after pressing
>> F8, whereas last time it took about 90 secs. But after that, same old
>> problem. I did a normal start with bootlogging and all drivers loaded
>> apart from the following: NDProxy.sys, lbrtfdc.sys, fdc.sys,
>> flpydisk.sys, sfloppy.sys (I don't have a floppy drive) i20mgmt.sys,
>> Changer.sys, cdaudio.sys, processr.sys, PCIDump.sys, avg2k.sys,
>> rdbss.sys, mrxsmbr.sys, Serial.sys and ipnat.sys. I don't know what
>> any of these do but "processr.sys" sounds a bit dire!? While watching
>> the safe-mode boot I noticed that all the drivers loading information
>> appeared one after the other very slowly, rather than in a blur as I
>> seem to remember from some time before. Could it be that my drivers
>> are initialising one at a time rather than synchronously, and how
>> would I rectify it if so??
>
> Difficult to say, the load order of the drivers is determined by which
> service group they belong to and the group load order, I don't know of
> any way to change the the group load order. If all the drivers are
> loading very slowly I'm being lead to believe that there is a problem
> with the hard drive or with the controller drivers, it could be having
> difficulties reading the drive in the early stage of the booting
> process. Maybe check to make sure that the drive is not being placed in
> PIO mode. Other than that it could be a loose or bad cable or it could
> be that the drive is not properly identified in the BIOS.
>
> Take a look in the Device Manager to see if anything looks amiss. In the
> Device Manager verify the computer type to see if it is listed as an
> ACPI type PC. At this juncture I would need to have the machine at my
> hands to try to solve the problem, I don't have any solid advice to
> give, just general suggestions and guesswork! If you have a spare hard
> disk maybe you could try setting up a new Windows installation and see
> how well it runs. If the drive passes all manufacturer tests then I
> would probably do an in-place upgrade (reinstallation) of the operating
> system to force a reenumeration of the Plug and Play devices and the
> hardware abstraction layer (HAL).
>
> John
You can install a free hard drive investigating software and see if it helps
try http://www.hdsentinel.com/
> Richard wrote:
>> On 25/06/2010 13:45, Richard wrote:
>>> On 25/06/2010 12:59, John John - MVP wrote:
>>>> Richard wrote:
>>>>> On 24/06/2010 22:37, John John - MVP wrote:
>>>>>>
>>>>>> Richard wrote:
>>>>>>> On 24/06/2010 18:31, John John - MVP wrote:
>>>>>>>>
>>>>>>>> Richard wrote:
>>>>>>>>> On 24/06/2010 17:22, John John - MVP wrote:
>>>>>>>>>> Richard wrote:
>>>>>>>>>>> On 24/06/2010 15:09, John John - MVP wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> John John - MVP wrote:
>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>>>>>>>>>>>>> Richard wrote:
>>>>>>>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my
>>>>>>>>>>>>>>>>>> computer
>>>>>>>>>>>>>>>>>> (with
>>>>>>>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info
>>>>>>>>>>>>>>>>>> screen
>>>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>>> before
>>>>>>>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the
>>>>>>>>>>>>>>>>>> bottom
>>>>>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>>>>>> screen that fills up over about 20 minutes before the
>>>>>>>>>>>>>>>>>> usual
>>>>>>>>>>>>>>>>>> Windows
>>>>>>>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer
>>>>>>>>>>>>>>>>>> for the
>>>>>>>>>>>>>>>>>> System
>>>>>>>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex"
>>>>>>>>>>>>>>>>>> was not
>>>>>>>>>>>>>>>>>> found.
>>>>>>>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected
>>>>>>>>>>>>>>>>>> to be
>>>>>>>>>>>>>>>>>> found
>>>>>>>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something
>>>>>>>>>>>>>>>>>> has
>>>>>>>>>>>>>>>>>> suddenly
>>>>>>>>>>>>>>>>>> deleted\renamed it or something. I have put my
>>>>>>>>>>>>>>>>>> installation
>>>>>>>>>>>>>>>>>> DVD
>>>>>>>>>>>>>>>>>> in the
>>>>>>>>>>>>>>>>>> drive and tried a repair but this driver cannot be
>>>>>>>>>>>>>>>>>> located
>>>>>>>>>>>>>>>>>> there,
>>>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>>> I have googled for it but with no luck. Can anyone
>>>>>>>>>>>>>>>>>> suggest
>>>>>>>>>>>>>>>>>> where I
>>>>>>>>>>>>>>>>>> might find this system file, or maybe even search for
>>>>>>>>>>>>>>>>>> it on
>>>>>>>>>>>>>>>>>> their
>>>>>>>>>>>>>>>>>> own
>>>>>>>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks
>>>>>>>>>>>>>>>>>> for any
>>>>>>>>>>>>>>>>>> help
>>>>>>>>>>>>>>>>>> in advance.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A
>>>>>>>>>>>>>>>>> search
>>>>>>>>>>>>>>>>> for this
>>>>>>>>>>>>>>>>> file yields no results, often an indication that the
>>>>>>>>>>>>>>>>> file is
>>>>>>>>>>>>>>>>> virus or
>>>>>>>>>>>>>>>>> malware related. I would suggest that you make sure
>>>>>>>>>>>>>>>>> that the
>>>>>>>>>>>>>>>>> machine is
>>>>>>>>>>>>>>>>> free of any pests.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Where *exactly* in the registry did you find reference to
>>>>>>>>>>>>>>>>> this
>>>>>>>>>>>>>>>>> file? It
>>>>>>>>>>>>>>>>> could be that your Anti-Virus tools have removed an
>>>>>>>>>>>>>>>>> infection and
>>>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>>>> the entry is just a remnant.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> John
>>>>>>>>>>>>>>>> Appears at HKLM/System/ControlSet001(and
>>>>>>>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to
>>>>>>>>>>>>>>>> "1")
>>>>>>>>>>>>>>>> which
>>>>>>>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>>>>>>>>>>>>> 3)/services/bthex/ (and
>>>>>>>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath
>>>>>>>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete
>>>>>>>>>>>>>>>> all
>>>>>>>>>>>>>>>> these
>>>>>>>>>>>>>>>> references, could that help??
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Is it in the CurrentControlSet?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Look for phantom devices in the Device Manager and see if
>>>>>>>>>>>>>>> any
>>>>>>>>>>>>>>> make
>>>>>>>>>>>>>>> mention this BTHEX driver:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Device Manager does not display devices that are not
>>>>>>>>>>>>>>> connected
>>>>>>>>>>>>>>> to the
>>>>>>>>>>>>>>> Windows XP-based computer
>>>>>>>>>>>>>>> http://support.microsoft.com/kb/315539
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> This little batch file will automatically set the Device
>>>>>>>>>>>>>>> Manager to
>>>>>>>>>>>>>>> show
>>>>>>>>>>>>>>> phantom devices and open it for you:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>>>> set devmgr_show_nonpresent_devices-1
>>>>>>>>>>>>>>> start devmgmt.msc
>>>>>>>>>>>>>>> ----------------------------------------------------
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> You cannot delete the keys in the Enum section because you
>>>>>>>>>>>>>>> do not
>>>>>>>>>>>>>>> have
>>>>>>>>>>>>>>> permission to do so, grant yourself the necessary
>>>>>>>>>>>>>>> permissions
>>>>>>>>>>>>>>> and you
>>>>>>>>>>>>>>> will be able to remove the keys. Before you do that keep in
>>>>>>>>>>>>>>> mind
>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>> there is a good reason why only the System account has
>>>>>>>>>>>>>>> permission to
>>>>>>>>>>>>>>> delete keys in the in the \Enum branch! It would be best to
>>>>>>>>>>>>>>> remove
>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>> device in the Device Manager instead of removing it from the
>>>>>>>>>>>>>>> Enum
>>>>>>>>>>>>>>> keys.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Before you change the permissions and delete keys please
>>>>>>>>>>>>>>> read the
>>>>>>>>>>>>>>> following:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Enum
>>>>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 76176.aspx
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> System and Startup Settings
>>>>>>>>>>>>>>> http://technet.microsoft.com/en-us/libr ... 42541.aspx
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>>>>>>>>>>>>> http://technet.microsoft.com/en-ca/libr ... 78528.aspx
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> John
>>>>>>>>>>>>>> Yes - it is in CurrentControlSet under
>>>>>>>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000.
>>>>>>>>>>>>>> No mention in Device Manager, or after running your batch
>>>>>>>>>>>>>> file. I
>>>>>>>>>>>>>> won't try to meddle with Enum, but how do I grant myself
>>>>>>>>>>>>>> permission
>>>>>>>>>>>>>> if I did want to?? I will read the articles you mention, but
>>>>>>>>>>>>>> since
>>>>>>>>>>>>>> this is the file that is causing my 20 min startup delay,
>>>>>>>>>>>>>> ex-infection or otherwise - how do I get rid of my system
>>>>>>>>>>>>>> searching
>>>>>>>>>>>>>> for it?? Thanks again.
>>>>>>>>>>>>>
>>>>>>>>>>>>> The registry permissions are just like regular NTFS file
>>>>>>>>>>>>> permissions,
>>>>>>>>>>>>> just right click on the offending key and select
>>>>>>>>>>>>> Permissions...
>>>>>>>>>>>>>
>>>>>>>>>>>>> If you are convinced that this is the culprit and if you
>>>>>>>>>>>>> cannot
>>>>>>>>>>>>> remove
>>>>>>>>>>>>> the device from the Device Manager then just grant yourself
>>>>>>>>>>>>> full
>>>>>>>>>>>>> control on the key and delete it. For the time being remove it
>>>>>>>>>>>>> in the
>>>>>>>>>>>>> CurrentControlSet only! If the Windows installation balks
>>>>>>>>>>>>> at its
>>>>>>>>>>>>> removal (when you reboot) just boot to the Last Known Good
>>>>>>>>>>>>> Configuration.
>>>>>>>>>>>>
>>>>>>>>>>>> PS. The problem is more likely to be caused by the status of
>>>>>>>>>>>> the
>>>>>>>>>>>> service
>>>>>>>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
>>>>>>>>>>>> branch, I
>>>>>>>>>>>> suggest that you remove or disable the service there. To
>>>>>>>>>>>> disable the
>>>>>>>>>>>> service set its Start value to 4.
>>>>>>>>>>>>
>>>>>>>>>>>> John
>>>>>>>>>>> Well, Having deleted it from the CurrentControlSet and rebooted,
>>>>>>>>>>> the
>>>>>>>>>>> problem is still there, but Event Viewer no longer reports a
>>>>>>>>>>> problem
>>>>>>>>>>> in looking for bthex. So I presume bthex, whatever it is, is
>>>>>>>>>>> *not*
>>>>>>>>>>> the
>>>>>>>>>>> reason for my slow progress bar in booting up. Any ideas as to
>>>>>>>>>>> what it
>>>>>>>>>>> might now be? Could it be something to do with Power On Self
>>>>>>>>>>> Testing,
>>>>>>>>>>> or if not is there any way of diagnosing why this has suddenly
>>>>>>>>>>> started
>>>>>>>>>>> occuring? Cheers.
>>>>>>>>>>
>>>>>>>>>> I think that what you are seeing is part of the Windows boot
>>>>>>>>>> process
>>>>>>>>>> rather than the POST routine, an easy way to tell would be to
>>>>>>>>>> press/tap
>>>>>>>>>> the F8 key when the computer is booting and see how long it takes
>>>>>>>>>> for
>>>>>>>>>> the advanced Windows boot options show up. Or put a second
>>>>>>>>>> (phony)
>>>>>>>>>> line
>>>>>>>>>> in the boot.ini file and see how long it takes for ntldr to parse
>>>>>>>>>> and
>>>>>>>>>> present the boot menu.
>>>>>>>>>>
>>>>>>>>>> John
>>>>>>>>> When I tap the F8 key the (by now usual) slow clicks and whirrs
>>>>>>>>> continue for about 2 mins, then the white progress bar appears and
>>>>>>>>> continues another 2 or 3 mins, and then at last the advanced
>>>>>>>>> options
>>>>>>>>> menu appears. Choosing any option results in the correct
>>>>>>>>> procedure,
>>>>>>>>> but another 15 mins for the bar to disappear and the Windows
>>>>>>>>> start-up
>>>>>>>>> logo to kick in. Before all this began, the advanced options
>>>>>>>>> screen
>>>>>>>>> would appear within seconds. Does this indicate Windows boot
>>>>>>>>> routine
>>>>>>>>> or POST, and if so what does this indicate? If I placed a phony
>>>>>>>>> line
>>>>>>>>> in boot.ini what would the length of time tell me? Thank you very
>>>>>>>>> much
>>>>>>>>> for all your help with this.
>>>>>>>>
>>>>>>>> When the boot.ini file contains only one ARC path, (like most
>>>>>>>> Windows
>>>>>>>> installations), the boot loader (ntldr) simply parses the file and
>>>>>>>> proceeds to boot the default Windows installation without
>>>>>>>> presenting the
>>>>>>>> user with a boot menu. When the boot.ini file contains more than
>>>>>>>> one
>>>>>>>> line ntldr reads the file then presents a boot menu for a certain
>>>>>>>> length
>>>>>>>> of time to allow the user to select which Windows installation to
>>>>>>>> boot.
>>>>>>>>
>>>>>>>> For example:
>>>>>>>>
>>>>>>>> Most boot.ini files where only one Windows installation is present
>>>>>>>> will
>>>>>>>> look something like this:
>>>>>>>>
>>>>>>>> [boot loader]
>>>>>>>> timeout=30
>>>>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>>>> [operating systems]
>>>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>>>>> Professional" /fastdetect
>>>>>>>>
>>>>>>>> In the above example the file only contains one ARC path:
>>>>>>>>
>>>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>>>>
>>>>>>>> Ntldr sees that there is only one Windows installation present
>>>>>>>> so it
>>>>>>>> doesn't present a boot menu and proceeds to load the default
>>>>>>>> Windows
>>>>>>>> installation. If we were to add a second "phony" installation ntldr
>>>>>>>> would pause to allow the user to select which Windows
>>>>>>>> installation to
>>>>>>>> boot, the boot.ini file could look like this:
>>>>>>>>
>>>>>>>> [boot loader]
>>>>>>>> timeout=30
>>>>>>>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
>>>>>>>> [operating systems]
>>>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
>>>>>>>> Professional" /fastdetect
>>>>>>>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows"
>>>>>>>> /fastdetect
>>>>>>>>
>>>>>>>> When seeing more than one ARC path lines ntldr will now pause when
>>>>>>>> the
>>>>>>>> computer is booted and it will present the user with a boot menu
>>>>>>>> allowing the user to select one of the following:
>>>>>>>>
>>>>>>>> Microsoft Windows XP Professional
>>>>>>>> Phony Windows
>>>>>>>>
>>>>>>>> If no selection is made after the timeout= time ntldr will load the
>>>>>>>> default= operating system. With the above boot.ini file, if no
>>>>>>>> selection
>>>>>>>> is made, after 30 seconds ntldr will load the
>>>>>>>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system,
>>>>>>>> the one
>>>>>>>> labeled "Microsoft Windows XP Professional". The stuff between the
>>>>>>>> quotation marks is for human eyes only, what you see on the boot
>>>>>>>> menu,
>>>>>>>> so the above "Phony Windows" line is valid, you will see Phony
>>>>>>>> Windows
>>>>>>>> as a boot option.
>>>>>>>>
>>>>>>>> This is simply an option that allows you to gauge how much time it
>>>>>>>> takes
>>>>>>>> for the BIOS to do it's stuff and load the MBR and then pass the
>>>>>>>> boot
>>>>>>>> process to the boot sector of the active partition which then in
>>>>>>>> turns
>>>>>>>> passes the boot process to the ntldr boot loader, only then
>>>>>>>> (when the
>>>>>>>> boot sector passes the boot process to the boot loader) is Windows
>>>>>>>> involved, anything prior to that has nothing to do with Windows. So
>>>>>>>> what
>>>>>>>> does all of this do? It simply allows one to gauge the time at
>>>>>>>> which
>>>>>>>> Windows actually becomes involved in the boot process, it can
>>>>>>>> sometimes
>>>>>>>> be helpful if one is having difficulties determining where the boot
>>>>>>>> process is at when it hangs after the POST test.
>>>>>>>>
>>>>>>>> Your comments that there is whirling and clicking noises doesn't
>>>>>>>> sound
>>>>>>>> too good, this can be a sign of a failing hard drive. A failing
>>>>>>>> drive
>>>>>>>> can often be difficult to boot and it can take a long time to do
>>>>>>>> so. I
>>>>>>>> would strongly suggest that you backup all your precious files and
>>>>>>>> run
>>>>>>>> disk diagnostic utility from the drive manufacturer on the disk.
>>>>>>>> Another
>>>>>>>> way to do a quick test is to open the box and touch the hard
>>>>>>>> disk, a
>>>>>>>> failing whirling and clicking drive will usually also become quite
>>>>>>>> hot
>>>>>>>> to the touch.
>>>>>>>>
>>>>>>>> John
>>>>>>> Found Boot.ini and added "phony" line. I got the phony choice after
>>>>>>> only 15 secs, so I now assume the BIOS is doing its stuff OK.
>>>>>>> There is
>>>>>>> then a wait of 2 mins till the progress bar appears (or 1min to the
>>>>>>> Advanced Options Screen if I had pressed F8, then 1 more min), then
>>>>>>> about 12 mins to the Windows XP logo, then about 4 mins till my
>>>>>>> startup programs have kicked in OK. So if it is Windows that is
>>>>>>> involved and not now the BIOS or the POST, what can suddenly be
>>>>>>> causing this huge delay of 14 mins?? Any more help greatly
>>>>>>> appreciated.
>>>>>>
>>>>>> Now it becomes a sleuthing exercise! How long does it take the
>>>>>> machine
>>>>>> to boot in Safe-Mode?
>>>>>>
>>>>>> John
>>>>> It takes the same time,with same progress bar. I have just tried going
>>>>> through msconfig and starting with *only* System Services and Original
>>>>> boot.ini, and all other services disabled, but that makes no
>>>>> differenve either!Is the progress bar a part of ntldr, in which case
>>>>> how can I access ntldr itself and run some sort of diagnostic?
>>>>
>>>> The problem is not with ntldr and the progress bar is just a graphic
>>>> display while drivers are being loaded, it can be turned off with the
>>>> /noguiboot switch in the boot.ini file (can be done via the boot.ini
>>>> tab
>>>> in msconfig). Windows loads the VGA driver to display this progress
>>>> bar,
>>>> there could be problems with the driver, enabling the /noguiboot switch
>>>> will instruct Windows to not load the driver, it's a stretch but
>>>> give it
>>>> a try and see what happens, the VGA driver might be causing problems.
>>>>
>>>> If the same slow boot is also happening when you boot to safe mode then
>>>> this is most likely a hardware problem or a problem with a boot device
>>>> driver. Bootlog the Safe-Mode boot and see if you can get useful
>>>> information from the bootlog. Safe-Mode loads fewer drivers so the
>>>> bootlog will be smaller than the log from a normal boot, it will be
>>>> easier to weed out the smaller safe mode log than that of the normal
>>>> boot. The bootlog will be written to the Ntbtlog.txt file and it
>>>> will be
>>>> stored in the %SystemRoot% folder.
>>>>
>>>> How long has this problem been going on? Did you install any new
>>>> hardware or update drivers before it started? Did you install any
>>>> software or do any operating system updates before this started? Is the
>>>> machine clean and free of any virus or other such pests? Do you have
>>>> USB
>>>> drives connected to the machine, or cards inserted into card readers
>>>> when the machine is booting? Disconnect or power off all unnecessary
>>>> external peripherals while you troubleshoot the problem. Did you change
>>>> any settings in the BIOS? Resetting the BIOS to default or failsafe
>>>> settings might make a difference.
>>>>
>>>> If you can't find any useful information from the boot log then I would
>>>> suggest that you run hardware diagnostics on the machine, run a
>>>> manufacturer diagnostic on the drive, chkdsk doesn't cut it when it
>>>> comes to hardware problems with disks.
>>>>
>>>> John
>>> John - just to be clear - the white progress bar at issue is not the
>>> little blue bar that appears under the Windows XP logo when Windows
>>> finally kicks in; it is the one that appears when Windows "resumes"
>>> after re-starting from hibernation. In my case, this bar takes about
>>> 15mins to reach the halfway point, then disappears and the Windows logo
>>> appears and all is as before (OK). If I start from hibernation (I have
>>> just discovered),when the screen comes alive that progress bar is
>>> already half-filled and Windows starts normally to previous state.I will
>>> do a safe-mode bootlog, add noguiboot, disconnect all peripherals and
>>> see what happens. The problem has been with me about 2 months, but no,
>>> as far as I can remember, I hadn't just installed/updated anything, and
>>> yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the
>>> deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the
>>> BIOS. I will continue to let you know how I get on, but thank you so
>>> much for all your efforts so far.
>>> Richard.
>> To update - safe mode bootlog gave a huge list of drivers that did not
>> start (as expected)but no better speed. Noguiboot prevented the white
>> bar from appearing but did not speed anything up. One thing - the
>> Alternative options screen appeared almost immediately after pressing
>> F8, whereas last time it took about 90 secs. But after that, same old
>> problem. I did a normal start with bootlogging and all drivers loaded
>> apart from the following: NDProxy.sys, lbrtfdc.sys, fdc.sys,
>> flpydisk.sys, sfloppy.sys (I don't have a floppy drive) i20mgmt.sys,
>> Changer.sys, cdaudio.sys, processr.sys, PCIDump.sys, avg2k.sys,
>> rdbss.sys, mrxsmbr.sys, Serial.sys and ipnat.sys. I don't know what
>> any of these do but "processr.sys" sounds a bit dire!? While watching
>> the safe-mode boot I noticed that all the drivers loading information
>> appeared one after the other very slowly, rather than in a blur as I
>> seem to remember from some time before. Could it be that my drivers
>> are initialising one at a time rather than synchronously, and how
>> would I rectify it if so??
>
> Difficult to say, the load order of the drivers is determined by which
> service group they belong to and the group load order, I don't know of
> any way to change the the group load order. If all the drivers are
> loading very slowly I'm being lead to believe that there is a problem
> with the hard drive or with the controller drivers, it could be having
> difficulties reading the drive in the early stage of the booting
> process. Maybe check to make sure that the drive is not being placed in
> PIO mode. Other than that it could be a loose or bad cable or it could
> be that the drive is not properly identified in the BIOS.
>
> Take a look in the Device Manager to see if anything looks amiss. In the
> Device Manager verify the computer type to see if it is listed as an
> ACPI type PC. At this juncture I would need to have the machine at my
> hands to try to solve the problem, I don't have any solid advice to
> give, just general suggestions and guesswork! If you have a spare hard
> disk maybe you could try setting up a new Windows installation and see
> how well it runs. If the drive passes all manufacturer tests then I
> would probably do an in-place upgrade (reinstallation) of the operating
> system to force a reenumeration of the Plug and Play devices and the
> hardware abstraction layer (HAL).
>
> John
You can install a free hard drive investigating software and see if it helps
try http://www.hdsentinel.com/