From: Richard on
On 24/06/2010 14:13, John John - MVP wrote:
> Richard wrote:
>> On 24/06/2010 13:20, John John - MVP wrote:
>>> Richard wrote:
>>>> (This may be repeated....if so, sorry!)When I start my computer (with
>>>> Win XP Home SP3 installed), just after the BIOS info screen and before
>>>> Windows even kicks in, I get a white progress bar at the bottom of the
>>>> screen that fills up over about 20 minutes before the usual Windows
>>>> logo/start screen appears. Looking at the event viewer for the System
>>>> I find that "boot-start or system-start driver "bthex" was not found.
>>>> Looking in the Registry indicates that bthex is expected to be found
>>>> in Win\System32\Drivers. It is not there, so something has suddenly
>>>> deleted\renamed it or something. I have put my installation DVD in the
>>>> drive and tried a repair but this driver cannot be located there, and
>>>> I have googled for it but with no luck. Can anyone suggest where I
>>>> might find this system file, or maybe even search for it on their own
>>>> Syste32 folder and make it available to me?? Many thanks for any help
>>>> in advance.
>>>
>>> If it's a driver it would be a .sys file (not a .dll). A search for this
>>> file yields no results, often an indication that the file is virus or
>>> malware related. I would suggest that you make sure that the machine is
>>> free of any pests.
>>>
>>> Where *exactly* in the registry did you find reference to this file? It
>>> could be that your Anti-Virus tools have removed an infection and that
>>> the entry is just a remnant.
>>>
>>> John
>> Appears at HKLM/System/ControlSet001(and
>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which
>> I am not allowed to edit: also at ditto\controlset001 (and
>> 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath
>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these
>> references, could that help??
>
> Is it in the CurrentControlSet?
>
> Look for phantom devices in the Device Manager and see if any make
> mention this BTHEX driver:
>
> Device Manager does not display devices that are not connected to the
> Windows XP-based computer
> http://support.microsoft.com/kb/315539
>
> This little batch file will automatically set the Device Manager to show
> phantom devices and open it for you:
>
> ----------------------------------------------------
> set devmgr_show_nonpresent_devices-1
> start devmgmt.msc
> ----------------------------------------------------
>
> You cannot delete the keys in the Enum section because you do not have
> permission to do so, grant yourself the necessary permissions and you
> will be able to remove the keys. Before you do that keep in mind that
> there is a good reason why only the System account has permission to
> delete keys in the in the \Enum branch! It would be best to remove the
> device in the Device Manager instead of removing it from the Enum keys.
>
> Before you change the permissions and delete keys please read the
> following:
>
> Enum
> http://technet.microsoft.com/en-ca/library/cc976176.aspx
>
> System and Startup Settings
> http://technet.microsoft.com/en-us/library/bb742541.aspx
>
> HKEY_LOCAL_MACHINE\SYSTEM\Select
> http://technet.microsoft.com/en-ca/library/cc978528.aspx
>
> John
Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. No
mention in Device Manager, or after running your batch file. I won't try
to meddle with Enum, but how do I grant myself permission if I did want
to?? I will read the articles you mention, but since this is the file
that is causing my 20 min startup delay, ex-infection or otherwise - how
do I get rid of my system searching for it?? Thanks again.
Richard
From: John John - MVP on
Richard wrote:
> On 24/06/2010 14:13, John John - MVP wrote:
>> Richard wrote:
>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>> Richard wrote:
>>>>> (This may be repeated....if so, sorry!)When I start my computer (with
>>>>> Win XP Home SP3 installed), just after the BIOS info screen and before
>>>>> Windows even kicks in, I get a white progress bar at the bottom of the
>>>>> screen that fills up over about 20 minutes before the usual Windows
>>>>> logo/start screen appears. Looking at the event viewer for the System
>>>>> I find that "boot-start or system-start driver "bthex" was not found.
>>>>> Looking in the Registry indicates that bthex is expected to be found
>>>>> in Win\System32\Drivers. It is not there, so something has suddenly
>>>>> deleted\renamed it or something. I have put my installation DVD in the
>>>>> drive and tried a repair but this driver cannot be located there, and
>>>>> I have googled for it but with no luck. Can anyone suggest where I
>>>>> might find this system file, or maybe even search for it on their own
>>>>> Syste32 folder and make it available to me?? Many thanks for any help
>>>>> in advance.
>>>>
>>>> If it's a driver it would be a .sys file (not a .dll). A search for
>>>> this
>>>> file yields no results, often an indication that the file is virus or
>>>> malware related. I would suggest that you make sure that the machine is
>>>> free of any pests.
>>>>
>>>> Where *exactly* in the registry did you find reference to this file? It
>>>> could be that your Anti-Virus tools have removed an infection and that
>>>> the entry is just a remnant.
>>>>
>>>> John
>>> Appears at HKLM/System/ControlSet001(and
>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which
>>> I am not allowed to edit: also at ditto\controlset001 (and
>>> 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath
>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these
>>> references, could that help??
>>
>> Is it in the CurrentControlSet?
>>
>> Look for phantom devices in the Device Manager and see if any make
>> mention this BTHEX driver:
>>
>> Device Manager does not display devices that are not connected to the
>> Windows XP-based computer
>> http://support.microsoft.com/kb/315539
>>
>> This little batch file will automatically set the Device Manager to show
>> phantom devices and open it for you:
>>
>> ----------------------------------------------------
>> set devmgr_show_nonpresent_devices-1
>> start devmgmt.msc
>> ----------------------------------------------------
>>
>> You cannot delete the keys in the Enum section because you do not have
>> permission to do so, grant yourself the necessary permissions and you
>> will be able to remove the keys. Before you do that keep in mind that
>> there is a good reason why only the System account has permission to
>> delete keys in the in the \Enum branch! It would be best to remove the
>> device in the Device Manager instead of removing it from the Enum keys.
>>
>> Before you change the permissions and delete keys please read the
>> following:
>>
>> Enum
>> http://technet.microsoft.com/en-ca/library/cc976176.aspx
>>
>> System and Startup Settings
>> http://technet.microsoft.com/en-us/library/bb742541.aspx
>>
>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>> http://technet.microsoft.com/en-ca/library/cc978528.aspx
>>
>> John
> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. No
> mention in Device Manager, or after running your batch file. I won't try
> to meddle with Enum, but how do I grant myself permission if I did want
> to?? I will read the articles you mention, but since this is the file
> that is causing my 20 min startup delay, ex-infection or otherwise - how
> do I get rid of my system searching for it?? Thanks again.

The registry permissions are just like regular NTFS file permissions,
just right click on the offending key and select Permissions...

If you are convinced that this is the culprit and if you cannot remove
the device from the Device Manager then just grant yourself full control
on the key and delete it. For the time being remove it in the
CurrentControlSet only! If the Windows installation balks at its
removal (when you reboot) just boot to the Last Known Good Configuration.

John
From: John John - MVP on
John John - MVP wrote:
> Richard wrote:
>> On 24/06/2010 14:13, John John - MVP wrote:
>>> Richard wrote:
>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> (This may be repeated....if so, sorry!)When I start my computer (with
>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>> before
>>>>>> Windows even kicks in, I get a white progress bar at the bottom of
>>>>>> the
>>>>>> screen that fills up over about 20 minutes before the usual Windows
>>>>>> logo/start screen appears. Looking at the event viewer for the System
>>>>>> I find that "boot-start or system-start driver "bthex" was not found.
>>>>>> Looking in the Registry indicates that bthex is expected to be found
>>>>>> in Win\System32\Drivers. It is not there, so something has suddenly
>>>>>> deleted\renamed it or something. I have put my installation DVD in
>>>>>> the
>>>>>> drive and tried a repair but this driver cannot be located there, and
>>>>>> I have googled for it but with no luck. Can anyone suggest where I
>>>>>> might find this system file, or maybe even search for it on their own
>>>>>> Syste32 folder and make it available to me?? Many thanks for any help
>>>>>> in advance.
>>>>>
>>>>> If it's a driver it would be a .sys file (not a .dll). A search for
>>>>> this
>>>>> file yields no results, often an indication that the file is virus or
>>>>> malware related. I would suggest that you make sure that the
>>>>> machine is
>>>>> free of any pests.
>>>>>
>>>>> Where *exactly* in the registry did you find reference to this
>>>>> file? It
>>>>> could be that your Anti-Virus tools have removed an infection and that
>>>>> the entry is just a remnant.
>>>>>
>>>>> John
>>>> Appears at HKLM/System/ControlSet001(and
>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which
>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>> 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath
>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these
>>>> references, could that help??
>>>
>>> Is it in the CurrentControlSet?
>>>
>>> Look for phantom devices in the Device Manager and see if any make
>>> mention this BTHEX driver:
>>>
>>> Device Manager does not display devices that are not connected to the
>>> Windows XP-based computer
>>> http://support.microsoft.com/kb/315539
>>>
>>> This little batch file will automatically set the Device Manager to show
>>> phantom devices and open it for you:
>>>
>>> ----------------------------------------------------
>>> set devmgr_show_nonpresent_devices-1
>>> start devmgmt.msc
>>> ----------------------------------------------------
>>>
>>> You cannot delete the keys in the Enum section because you do not have
>>> permission to do so, grant yourself the necessary permissions and you
>>> will be able to remove the keys. Before you do that keep in mind that
>>> there is a good reason why only the System account has permission to
>>> delete keys in the in the \Enum branch! It would be best to remove the
>>> device in the Device Manager instead of removing it from the Enum keys.
>>>
>>> Before you change the permissions and delete keys please read the
>>> following:
>>>
>>> Enum
>>> http://technet.microsoft.com/en-ca/library/cc976176.aspx
>>>
>>> System and Startup Settings
>>> http://technet.microsoft.com/en-us/library/bb742541.aspx
>>>
>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>> http://technet.microsoft.com/en-ca/library/cc978528.aspx
>>>
>>> John
>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>> No mention in Device Manager, or after running your batch file. I
>> won't try to meddle with Enum, but how do I grant myself permission if
>> I did want to?? I will read the articles you mention, but since this
>> is the file that is causing my 20 min startup delay, ex-infection or
>> otherwise - how do I get rid of my system searching for it?? Thanks
>> again.
>
> The registry permissions are just like regular NTFS file permissions,
> just right click on the offending key and select Permissions...
>
> If you are convinced that this is the culprit and if you cannot remove
> the device from the Device Manager then just grant yourself full control
> on the key and delete it. For the time being remove it in the
> CurrentControlSet only! If the Windows installation balks at its
> removal (when you reboot) just boot to the Last Known Good Configuration.

PS. The problem is more likely to be caused by the status of the
service in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
branch, I suggest that you remove or disable the service there. To
disable the service set its Start value to 4.

John
From: Richard on
On 24/06/2010 14:59, John John - MVP wrote:
> Richard wrote:
>> On 24/06/2010 14:13, John John - MVP wrote:
>>> Richard wrote:
>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>> Richard wrote:
>>>>>> (This may be repeated....if so, sorry!)When I start my computer (with
>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>> before
>>>>>> Windows even kicks in, I get a white progress bar at the bottom of
>>>>>> the
>>>>>> screen that fills up over about 20 minutes before the usual Windows
>>>>>> logo/start screen appears. Looking at the event viewer for the System
>>>>>> I find that "boot-start or system-start driver "bthex" was not found.
>>>>>> Looking in the Registry indicates that bthex is expected to be found
>>>>>> in Win\System32\Drivers. It is not there, so something has suddenly
>>>>>> deleted\renamed it or something. I have put my installation DVD in
>>>>>> the
>>>>>> drive and tried a repair but this driver cannot be located there, and
>>>>>> I have googled for it but with no luck. Can anyone suggest where I
>>>>>> might find this system file, or maybe even search for it on their own
>>>>>> Syste32 folder and make it available to me?? Many thanks for any help
>>>>>> in advance.
>>>>>
>>>>> If it's a driver it would be a .sys file (not a .dll). A search for
>>>>> this
>>>>> file yields no results, often an indication that the file is virus or
>>>>> malware related. I would suggest that you make sure that the
>>>>> machine is
>>>>> free of any pests.
>>>>>
>>>>> Where *exactly* in the registry did you find reference to this
>>>>> file? It
>>>>> could be that your Anti-Virus tools have removed an infection and that
>>>>> the entry is just a remnant.
>>>>>
>>>>> John
>>>> Appears at HKLM/System/ControlSet001(and
>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which
>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>> 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath
>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these
>>>> references, could that help??
>>>
>>> Is it in the CurrentControlSet?
>>>
>>> Look for phantom devices in the Device Manager and see if any make
>>> mention this BTHEX driver:
>>>
>>> Device Manager does not display devices that are not connected to the
>>> Windows XP-based computer
>>> http://support.microsoft.com/kb/315539
>>>
>>> This little batch file will automatically set the Device Manager to show
>>> phantom devices and open it for you:
>>>
>>> ----------------------------------------------------
>>> set devmgr_show_nonpresent_devices-1
>>> start devmgmt.msc
>>> ----------------------------------------------------
>>>
>>> You cannot delete the keys in the Enum section because you do not have
>>> permission to do so, grant yourself the necessary permissions and you
>>> will be able to remove the keys. Before you do that keep in mind that
>>> there is a good reason why only the System account has permission to
>>> delete keys in the in the \Enum branch! It would be best to remove the
>>> device in the Device Manager instead of removing it from the Enum keys.
>>>
>>> Before you change the permissions and delete keys please read the
>>> following:
>>>
>>> Enum
>>> http://technet.microsoft.com/en-ca/library/cc976176.aspx
>>>
>>> System and Startup Settings
>>> http://technet.microsoft.com/en-us/library/bb742541.aspx
>>>
>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>> http://technet.microsoft.com/en-ca/library/cc978528.aspx
>>>
>>> John
>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>> No mention in Device Manager, or after running your batch file. I
>> won't try to meddle with Enum, but how do I grant myself permission if
>> I did want to?? I will read the articles you mention, but since this
>> is the file that is causing my 20 min startup delay, ex-infection or
>> otherwise - how do I get rid of my system searching for it?? Thanks
>> again.
>
> The registry permissions are just like regular NTFS file permissions,
> just right click on the offending key and select Permissions...
>
> If you are convinced that this is the culprit and if you cannot remove
> the device from the Device Manager then just grant yourself full control
> on the key and delete it. For the time being remove it in the
> CurrentControlSet only! If the Windows installation balks at its removal
> (when you reboot) just boot to the Last Known Good Configuration.
>
> John
Thanks John - I will try that and report back, assuming I don't mess
something up! Will take a while. Thanks again.
From: John John - MVP on
Richard wrote:
> On 24/06/2010 14:59, John John - MVP wrote:
>> Richard wrote:
>>> On 24/06/2010 14:13, John John - MVP wrote:
>>>> Richard wrote:
>>>>> On 24/06/2010 13:20, John John - MVP wrote:
>>>>>> Richard wrote:
>>>>>>> (This may be repeated....if so, sorry!)When I start my computer
>>>>>>> (with
>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and
>>>>>>> before
>>>>>>> Windows even kicks in, I get a white progress bar at the bottom of
>>>>>>> the
>>>>>>> screen that fills up over about 20 minutes before the usual Windows
>>>>>>> logo/start screen appears. Looking at the event viewer for the
>>>>>>> System
>>>>>>> I find that "boot-start or system-start driver "bthex" was not
>>>>>>> found.
>>>>>>> Looking in the Registry indicates that bthex is expected to be found
>>>>>>> in Win\System32\Drivers. It is not there, so something has suddenly
>>>>>>> deleted\renamed it or something. I have put my installation DVD in
>>>>>>> the
>>>>>>> drive and tried a repair but this driver cannot be located there,
>>>>>>> and
>>>>>>> I have googled for it but with no luck. Can anyone suggest where I
>>>>>>> might find this system file, or maybe even search for it on their
>>>>>>> own
>>>>>>> Syste32 folder and make it available to me?? Many thanks for any
>>>>>>> help
>>>>>>> in advance.
>>>>>>
>>>>>> If it's a driver it would be a .sys file (not a .dll). A search for
>>>>>> this
>>>>>> file yields no results, often an indication that the file is virus or
>>>>>> malware related. I would suggest that you make sure that the
>>>>>> machine is
>>>>>> free of any pests.
>>>>>>
>>>>>> Where *exactly* in the registry did you find reference to this
>>>>>> file? It
>>>>>> could be that your Anti-Virus tools have removed an infection and
>>>>>> that
>>>>>> the entry is just a remnant.
>>>>>>
>>>>>> John
>>>>> Appears at HKLM/System/ControlSet001(and
>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which
>>>>> I am not allowed to edit: also at ditto\controlset001 (and
>>>>> 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath
>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these
>>>>> references, could that help??
>>>>
>>>> Is it in the CurrentControlSet?
>>>>
>>>> Look for phantom devices in the Device Manager and see if any make
>>>> mention this BTHEX driver:
>>>>
>>>> Device Manager does not display devices that are not connected to the
>>>> Windows XP-based computer
>>>> http://support.microsoft.com/kb/315539
>>>>
>>>> This little batch file will automatically set the Device Manager to
>>>> show
>>>> phantom devices and open it for you:
>>>>
>>>> ----------------------------------------------------
>>>> set devmgr_show_nonpresent_devices-1
>>>> start devmgmt.msc
>>>> ----------------------------------------------------
>>>>
>>>> You cannot delete the keys in the Enum section because you do not have
>>>> permission to do so, grant yourself the necessary permissions and you
>>>> will be able to remove the keys. Before you do that keep in mind that
>>>> there is a good reason why only the System account has permission to
>>>> delete keys in the in the \Enum branch! It would be best to remove the
>>>> device in the Device Manager instead of removing it from the Enum keys.
>>>>
>>>> Before you change the permissions and delete keys please read the
>>>> following:
>>>>
>>>> Enum
>>>> http://technet.microsoft.com/en-ca/library/cc976176.aspx
>>>>
>>>> System and Startup Settings
>>>> http://technet.microsoft.com/en-us/library/bb742541.aspx
>>>>
>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select
>>>> http://technet.microsoft.com/en-ca/library/cc978528.aspx
>>>>
>>>> John
>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000.
>>> No mention in Device Manager, or after running your batch file. I
>>> won't try to meddle with Enum, but how do I grant myself permission if
>>> I did want to?? I will read the articles you mention, but since this
>>> is the file that is causing my 20 min startup delay, ex-infection or
>>> otherwise - how do I get rid of my system searching for it?? Thanks
>>> again.
>>
>> The registry permissions are just like regular NTFS file permissions,
>> just right click on the offending key and select Permissions...
>>
>> If you are convinced that this is the culprit and if you cannot remove
>> the device from the Device Manager then just grant yourself full control
>> on the key and delete it. For the time being remove it in the
>> CurrentControlSet only! If the Windows installation balks at its removal
>> (when you reboot) just boot to the Last Known Good Configuration.
>>
>> John
> Thanks John - I will try that and report back, assuming I don't mess
> something up! Will take a while. Thanks again.

You're welcome. See my other post about disabling/removing the service.

John