Missing boot-start driver bthex.dll
in [Windows XP Basics]
|
From: John John - MVP on 24 Jun 2010 13:31 Richard wrote: > On 24/06/2010 17:22, John John - MVP wrote: >> Richard wrote: >>> On 24/06/2010 15:09, John John - MVP wrote: >>>> >>>> John John - MVP wrote: >>>>> Richard wrote: >>>>>> On 24/06/2010 14:13, John John - MVP wrote: >>>>>>> Richard wrote: >>>>>>>> On 24/06/2010 13:20, John John - MVP wrote: >>>>>>>>> Richard wrote: >>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer >>>>>>>>>> (with >>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and >>>>>>>>>> before >>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom >>>>>>>>>> of the >>>>>>>>>> screen that fills up over about 20 minutes before the usual >>>>>>>>>> Windows >>>>>>>>>> logo/start screen appears. Looking at the event viewer for the >>>>>>>>>> System >>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not >>>>>>>>>> found. >>>>>>>>>> Looking in the Registry indicates that bthex is expected to be >>>>>>>>>> found >>>>>>>>>> in Win\System32\Drivers. It is not there, so something has >>>>>>>>>> suddenly >>>>>>>>>> deleted\renamed it or something. I have put my installation DVD >>>>>>>>>> in the >>>>>>>>>> drive and tried a repair but this driver cannot be located there, >>>>>>>>>> and >>>>>>>>>> I have googled for it but with no luck. Can anyone suggest >>>>>>>>>> where I >>>>>>>>>> might find this system file, or maybe even search for it on their >>>>>>>>>> own >>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any >>>>>>>>>> help >>>>>>>>>> in advance. >>>>>>>>> >>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search >>>>>>>>> for this >>>>>>>>> file yields no results, often an indication that the file is >>>>>>>>> virus or >>>>>>>>> malware related. I would suggest that you make sure that the >>>>>>>>> machine is >>>>>>>>> free of any pests. >>>>>>>>> >>>>>>>>> Where *exactly* in the registry did you find reference to this >>>>>>>>> file? It >>>>>>>>> could be that your Anti-Virus tools have removed an infection and >>>>>>>>> that >>>>>>>>> the entry is just a remnant. >>>>>>>>> >>>>>>>>> John >>>>>>>> Appears at HKLM/System/ControlSet001(and >>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") >>>>>>>> which >>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and >>>>>>>> 3)/services/bthex/ (and >>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath >>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all >>>>>>>> these >>>>>>>> references, could that help?? >>>>>>> >>>>>>> Is it in the CurrentControlSet? >>>>>>> >>>>>>> Look for phantom devices in the Device Manager and see if any make >>>>>>> mention this BTHEX driver: >>>>>>> >>>>>>> Device Manager does not display devices that are not connected to >>>>>>> the >>>>>>> Windows XP-based computer >>>>>>> http://support.microsoft.com/kb/315539 >>>>>>> >>>>>>> This little batch file will automatically set the Device Manager to >>>>>>> show >>>>>>> phantom devices and open it for you: >>>>>>> >>>>>>> ---------------------------------------------------- >>>>>>> set devmgr_show_nonpresent_devices-1 >>>>>>> start devmgmt.msc >>>>>>> ---------------------------------------------------- >>>>>>> >>>>>>> You cannot delete the keys in the Enum section because you do not >>>>>>> have >>>>>>> permission to do so, grant yourself the necessary permissions and >>>>>>> you >>>>>>> will be able to remove the keys. Before you do that keep in mind >>>>>>> that >>>>>>> there is a good reason why only the System account has permission to >>>>>>> delete keys in the in the \Enum branch! It would be best to remove >>>>>>> the >>>>>>> device in the Device Manager instead of removing it from the Enum >>>>>>> keys. >>>>>>> >>>>>>> Before you change the permissions and delete keys please read the >>>>>>> following: >>>>>>> >>>>>>> Enum >>>>>>> http://technet.microsoft.com/en-ca/library/cc976176.aspx >>>>>>> >>>>>>> System and Startup Settings >>>>>>> http://technet.microsoft.com/en-us/library/bb742541.aspx >>>>>>> >>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select >>>>>>> http://technet.microsoft.com/en-ca/library/cc978528.aspx >>>>>>> >>>>>>> John >>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. >>>>>> No mention in Device Manager, or after running your batch file. I >>>>>> won't try to meddle with Enum, but how do I grant myself permission >>>>>> if I did want to?? I will read the articles you mention, but since >>>>>> this is the file that is causing my 20 min startup delay, >>>>>> ex-infection or otherwise - how do I get rid of my system searching >>>>>> for it?? Thanks again. >>>>> >>>>> The registry permissions are just like regular NTFS file permissions, >>>>> just right click on the offending key and select Permissions... >>>>> >>>>> If you are convinced that this is the culprit and if you cannot remove >>>>> the device from the Device Manager then just grant yourself full >>>>> control on the key and delete it. For the time being remove it in the >>>>> CurrentControlSet only! If the Windows installation balks at its >>>>> removal (when you reboot) just boot to the Last Known Good >>>>> Configuration. >>>> >>>> PS. The problem is more likely to be caused by the status of the >>>> service >>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I >>>> suggest that you remove or disable the service there. To disable the >>>> service set its Start value to 4. >>>> >>>> John >>> Well, Having deleted it from the CurrentControlSet and rebooted, the >>> problem is still there, but Event Viewer no longer reports a problem >>> in looking for bthex. So I presume bthex, whatever it is, is *not* the >>> reason for my slow progress bar in booting up. Any ideas as to what it >>> might now be? Could it be something to do with Power On Self Testing, >>> or if not is there any way of diagnosing why this has suddenly started >>> occuring? Cheers. >> >> I think that what you are seeing is part of the Windows boot process >> rather than the POST routine, an easy way to tell would be to press/tap >> the F8 key when the computer is booting and see how long it takes for >> the advanced Windows boot options show up. Or put a second (phony) line >> in the boot.ini file and see how long it takes for ntldr to parse and >> present the boot menu. >> >> John > When I tap the F8 key the (by now usual) slow clicks and whirrs continue > for about 2 mins, then the white progress bar appears and continues > another 2 or 3 mins, and then at last the advanced options menu appears. > Choosing any option results in the correct procedure, but another 15 > mins for the bar to disappear and the Windows start-up logo to kick in. > Before all this began, the advanced options screen would appear within > seconds. Does this indicate Windows boot routine or POST, and if so what > does this indicate? If I placed a phony line in boot.ini what would the > length of time tell me? Thank you very much for all your help with this. When the boot.ini file contains only one ARC path, (like most Windows installations), the boot loader (ntldr) simply parses the file and proceeds to boot the default Windows installation without presenting the user with a boot menu. When the boot.ini file contains more than one line ntldr reads the file then presents a boot menu for a certain length of time to allow the user to select which Windows installation to boot. For example: Most boot.ini files where only one Windows installation is present will look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect In the above example the file only contains one ARC path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Ntldr sees that there is only one Windows installation present so it doesn't present a boot menu and proceeds to load the default Windows installation. If we were to add a second "phony" installation ntldr would pause to allow the user to select which Windows installation to boot, the boot.ini file could look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect When seeing more than one ARC path lines ntldr will now pause when the computer is booted and it will present the user with a boot menu allowing the user to select one of the following: Microsoft Windows XP Professional Phony Windows If no selection is made after the timeout= time ntldr will load the default= operating system. With the above boot.ini file, if no selection is made, after 30 seconds ntldr will load the multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one labeled "Microsoft Windows XP Professional". The stuff between the quotation marks is for human eyes only, what you see on the boot menu, so the above "Phony Windows" line is valid, you will see Phony Windows as a boot option. This is simply an option that allows you to gauge how much time it takes for the BIOS to do it's stuff and load the MBR and then pass the boot process to the boot sector of the active partition which then in turns passes the boot process to the ntldr boot loader, only then (when the boot sector passes the boot process to the boot loader) is Windows involved, anything prior to that has nothing to do with Windows. So what does all of this do? It simply allows one to gauge the time at which Windows actually becomes involved in the boot process, it can sometimes be helpful if one is having difficulties determining where the boot process is at when it hangs after the POST test. Your comments that there is whirling and clicking noises doesn't sound too good, this can be a sign of a failing hard drive. A failing drive can often be difficult to boot and it can take a long time to do so. I would strongly suggest that you backup all your precious files and run disk diagnostic utility from the drive manufacturer on the disk. Another way to do a quick test is to open the box and touch the hard disk, a failing whirling and clicking drive will usually also become quite hot to the touch. John
From: Richard on 24 Jun 2010 15:48 On 24/06/2010 18:31, John John - MVP wrote: > > Richard wrote: >> On 24/06/2010 17:22, John John - MVP wrote: >>> Richard wrote: >>>> On 24/06/2010 15:09, John John - MVP wrote: >>>>> >>>>> John John - MVP wrote: >>>>>> Richard wrote: >>>>>>> On 24/06/2010 14:13, John John - MVP wrote: >>>>>>>> Richard wrote: >>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote: >>>>>>>>>> Richard wrote: >>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer >>>>>>>>>>> (with >>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and >>>>>>>>>>> before >>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom >>>>>>>>>>> of the >>>>>>>>>>> screen that fills up over about 20 minutes before the usual >>>>>>>>>>> Windows >>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the >>>>>>>>>>> System >>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not >>>>>>>>>>> found. >>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be >>>>>>>>>>> found >>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has >>>>>>>>>>> suddenly >>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD >>>>>>>>>>> in the >>>>>>>>>>> drive and tried a repair but this driver cannot be located >>>>>>>>>>> there, >>>>>>>>>>> and >>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest >>>>>>>>>>> where I >>>>>>>>>>> might find this system file, or maybe even search for it on >>>>>>>>>>> their >>>>>>>>>>> own >>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any >>>>>>>>>>> help >>>>>>>>>>> in advance. >>>>>>>>>> >>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search >>>>>>>>>> for this >>>>>>>>>> file yields no results, often an indication that the file is >>>>>>>>>> virus or >>>>>>>>>> malware related. I would suggest that you make sure that the >>>>>>>>>> machine is >>>>>>>>>> free of any pests. >>>>>>>>>> >>>>>>>>>> Where *exactly* in the registry did you find reference to this >>>>>>>>>> file? It >>>>>>>>>> could be that your Anti-Virus tools have removed an infection and >>>>>>>>>> that >>>>>>>>>> the entry is just a remnant. >>>>>>>>>> >>>>>>>>>> John >>>>>>>>> Appears at HKLM/System/ControlSet001(and >>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") >>>>>>>>> which >>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and >>>>>>>>> 3)/services/bthex/ (and >>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath >>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all >>>>>>>>> these >>>>>>>>> references, could that help?? >>>>>>>> >>>>>>>> Is it in the CurrentControlSet? >>>>>>>> >>>>>>>> Look for phantom devices in the Device Manager and see if any make >>>>>>>> mention this BTHEX driver: >>>>>>>> >>>>>>>> Device Manager does not display devices that are not connected >>>>>>>> to the >>>>>>>> Windows XP-based computer >>>>>>>> http://support.microsoft.com/kb/315539 >>>>>>>> >>>>>>>> This little batch file will automatically set the Device Manager to >>>>>>>> show >>>>>>>> phantom devices and open it for you: >>>>>>>> >>>>>>>> ---------------------------------------------------- >>>>>>>> set devmgr_show_nonpresent_devices-1 >>>>>>>> start devmgmt.msc >>>>>>>> ---------------------------------------------------- >>>>>>>> >>>>>>>> You cannot delete the keys in the Enum section because you do not >>>>>>>> have >>>>>>>> permission to do so, grant yourself the necessary permissions >>>>>>>> and you >>>>>>>> will be able to remove the keys. Before you do that keep in mind >>>>>>>> that >>>>>>>> there is a good reason why only the System account has >>>>>>>> permission to >>>>>>>> delete keys in the in the \Enum branch! It would be best to remove >>>>>>>> the >>>>>>>> device in the Device Manager instead of removing it from the Enum >>>>>>>> keys. >>>>>>>> >>>>>>>> Before you change the permissions and delete keys please read the >>>>>>>> following: >>>>>>>> >>>>>>>> Enum >>>>>>>> http://technet.microsoft.com/en-ca/library/cc976176.aspx >>>>>>>> >>>>>>>> System and Startup Settings >>>>>>>> http://technet.microsoft.com/en-us/library/bb742541.aspx >>>>>>>> >>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select >>>>>>>> http://technet.microsoft.com/en-ca/library/cc978528.aspx >>>>>>>> >>>>>>>> John >>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. >>>>>>> No mention in Device Manager, or after running your batch file. I >>>>>>> won't try to meddle with Enum, but how do I grant myself permission >>>>>>> if I did want to?? I will read the articles you mention, but since >>>>>>> this is the file that is causing my 20 min startup delay, >>>>>>> ex-infection or otherwise - how do I get rid of my system searching >>>>>>> for it?? Thanks again. >>>>>> >>>>>> The registry permissions are just like regular NTFS file permissions, >>>>>> just right click on the offending key and select Permissions... >>>>>> >>>>>> If you are convinced that this is the culprit and if you cannot >>>>>> remove >>>>>> the device from the Device Manager then just grant yourself full >>>>>> control on the key and delete it. For the time being remove it in the >>>>>> CurrentControlSet only! If the Windows installation balks at its >>>>>> removal (when you reboot) just boot to the Last Known Good >>>>>> Configuration. >>>>> >>>>> PS. The problem is more likely to be caused by the status of the >>>>> service >>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I >>>>> suggest that you remove or disable the service there. To disable the >>>>> service set its Start value to 4. >>>>> >>>>> John >>>> Well, Having deleted it from the CurrentControlSet and rebooted, the >>>> problem is still there, but Event Viewer no longer reports a problem >>>> in looking for bthex. So I presume bthex, whatever it is, is *not* the >>>> reason for my slow progress bar in booting up. Any ideas as to what it >>>> might now be? Could it be something to do with Power On Self Testing, >>>> or if not is there any way of diagnosing why this has suddenly started >>>> occuring? Cheers. >>> >>> I think that what you are seeing is part of the Windows boot process >>> rather than the POST routine, an easy way to tell would be to press/tap >>> the F8 key when the computer is booting and see how long it takes for >>> the advanced Windows boot options show up. Or put a second (phony) line >>> in the boot.ini file and see how long it takes for ntldr to parse and >>> present the boot menu. >>> >>> John >> When I tap the F8 key the (by now usual) slow clicks and whirrs >> continue for about 2 mins, then the white progress bar appears and >> continues another 2 or 3 mins, and then at last the advanced options >> menu appears. Choosing any option results in the correct procedure, >> but another 15 mins for the bar to disappear and the Windows start-up >> logo to kick in. Before all this began, the advanced options screen >> would appear within seconds. Does this indicate Windows boot routine >> or POST, and if so what does this indicate? If I placed a phony line >> in boot.ini what would the length of time tell me? Thank you very much >> for all your help with this. > > When the boot.ini file contains only one ARC path, (like most Windows > installations), the boot loader (ntldr) simply parses the file and > proceeds to boot the default Windows installation without presenting the > user with a boot menu. When the boot.ini file contains more than one > line ntldr reads the file then presents a boot menu for a certain length > of time to allow the user to select which Windows installation to boot. > > For example: > > Most boot.ini files where only one Windows installation is present will > look something like this: > > [boot loader] > timeout=30 > default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS > [operating systems] > multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP > Professional" /fastdetect > > In the above example the file only contains one ARC path: > > multi(0)disk(0)rdisk(0)partition(1)\WINDOWS > > Ntldr sees that there is only one Windows installation present so it > doesn't present a boot menu and proceeds to load the default Windows > installation. If we were to add a second "phony" installation ntldr > would pause to allow the user to select which Windows installation to > boot, the boot.ini file could look like this: > > [boot loader] > timeout=30 > default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS > [operating systems] > multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP > Professional" /fastdetect > multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect > > When seeing more than one ARC path lines ntldr will now pause when the > computer is booted and it will present the user with a boot menu > allowing the user to select one of the following: > > Microsoft Windows XP Professional > Phony Windows > > If no selection is made after the timeout= time ntldr will load the > default= operating system. With the above boot.ini file, if no selection > is made, after 30 seconds ntldr will load the > multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one > labeled "Microsoft Windows XP Professional". The stuff between the > quotation marks is for human eyes only, what you see on the boot menu, > so the above "Phony Windows" line is valid, you will see Phony Windows > as a boot option. > > This is simply an option that allows you to gauge how much time it takes > for the BIOS to do it's stuff and load the MBR and then pass the boot > process to the boot sector of the active partition which then in turns > passes the boot process to the ntldr boot loader, only then (when the > boot sector passes the boot process to the boot loader) is Windows > involved, anything prior to that has nothing to do with Windows. So what > does all of this do? It simply allows one to gauge the time at which > Windows actually becomes involved in the boot process, it can sometimes > be helpful if one is having difficulties determining where the boot > process is at when it hangs after the POST test. > > Your comments that there is whirling and clicking noises doesn't sound > too good, this can be a sign of a failing hard drive. A failing drive > can often be difficult to boot and it can take a long time to do so. I > would strongly suggest that you backup all your precious files and run > disk diagnostic utility from the drive manufacturer on the disk. Another > way to do a quick test is to open the box and touch the hard disk, a > failing whirling and clicking drive will usually also become quite hot > to the touch. > > John John, Thnk you for all that detailed info which I will digest. The whirring and clicking is actually present whenever a program is executing, and always has been (I think). The machine is quite noisy. However, I take your advice and will ensure good backup. I have done a "chkdsk /r" over the last hour or so - all apparently OK. All this seems to be happening before Windows gets involved, so could there be a problem with MBR/boot sector/ntldr? If so, again what can I do to rectify it? Also, after "fastdetect" in boot.ini, I have "/NoExecute=OptIn". Should that be there? I can see Boot.ini in msconfig, but I can't find it on the disk to put in another line. I will continue later and post any results I may get to let you know if all your help has got me anywhere. Thanks again. Richard.
From: Richard on 24 Jun 2010 16:38 On 24/06/2010 18:31, John John - MVP wrote: > > Richard wrote: >> On 24/06/2010 17:22, John John - MVP wrote: >>> Richard wrote: >>>> On 24/06/2010 15:09, John John - MVP wrote: >>>>> >>>>> John John - MVP wrote: >>>>>> Richard wrote: >>>>>>> On 24/06/2010 14:13, John John - MVP wrote: >>>>>>>> Richard wrote: >>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote: >>>>>>>>>> Richard wrote: >>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer >>>>>>>>>>> (with >>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and >>>>>>>>>>> before >>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom >>>>>>>>>>> of the >>>>>>>>>>> screen that fills up over about 20 minutes before the usual >>>>>>>>>>> Windows >>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the >>>>>>>>>>> System >>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not >>>>>>>>>>> found. >>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be >>>>>>>>>>> found >>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has >>>>>>>>>>> suddenly >>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD >>>>>>>>>>> in the >>>>>>>>>>> drive and tried a repair but this driver cannot be located >>>>>>>>>>> there, >>>>>>>>>>> and >>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest >>>>>>>>>>> where I >>>>>>>>>>> might find this system file, or maybe even search for it on >>>>>>>>>>> their >>>>>>>>>>> own >>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for any >>>>>>>>>>> help >>>>>>>>>>> in advance. >>>>>>>>>> >>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search >>>>>>>>>> for this >>>>>>>>>> file yields no results, often an indication that the file is >>>>>>>>>> virus or >>>>>>>>>> malware related. I would suggest that you make sure that the >>>>>>>>>> machine is >>>>>>>>>> free of any pests. >>>>>>>>>> >>>>>>>>>> Where *exactly* in the registry did you find reference to this >>>>>>>>>> file? It >>>>>>>>>> could be that your Anti-Virus tools have removed an infection and >>>>>>>>>> that >>>>>>>>>> the entry is just a remnant. >>>>>>>>>> >>>>>>>>>> John >>>>>>>>> Appears at HKLM/System/ControlSet001(and >>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") >>>>>>>>> which >>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and >>>>>>>>> 3)/services/bthex/ (and >>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath >>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all >>>>>>>>> these >>>>>>>>> references, could that help?? >>>>>>>> >>>>>>>> Is it in the CurrentControlSet? >>>>>>>> >>>>>>>> Look for phantom devices in the Device Manager and see if any make >>>>>>>> mention this BTHEX driver: >>>>>>>> >>>>>>>> Device Manager does not display devices that are not connected >>>>>>>> to the >>>>>>>> Windows XP-based computer >>>>>>>> http://support.microsoft.com/kb/315539 >>>>>>>> >>>>>>>> This little batch file will automatically set the Device Manager to >>>>>>>> show >>>>>>>> phantom devices and open it for you: >>>>>>>> >>>>>>>> ---------------------------------------------------- >>>>>>>> set devmgr_show_nonpresent_devices-1 >>>>>>>> start devmgmt.msc >>>>>>>> ---------------------------------------------------- >>>>>>>> >>>>>>>> You cannot delete the keys in the Enum section because you do not >>>>>>>> have >>>>>>>> permission to do so, grant yourself the necessary permissions >>>>>>>> and you >>>>>>>> will be able to remove the keys. Before you do that keep in mind >>>>>>>> that >>>>>>>> there is a good reason why only the System account has >>>>>>>> permission to >>>>>>>> delete keys in the in the \Enum branch! It would be best to remove >>>>>>>> the >>>>>>>> device in the Device Manager instead of removing it from the Enum >>>>>>>> keys. >>>>>>>> >>>>>>>> Before you change the permissions and delete keys please read the >>>>>>>> following: >>>>>>>> >>>>>>>> Enum >>>>>>>> http://technet.microsoft.com/en-ca/library/cc976176.aspx >>>>>>>> >>>>>>>> System and Startup Settings >>>>>>>> http://technet.microsoft.com/en-us/library/bb742541.aspx >>>>>>>> >>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select >>>>>>>> http://technet.microsoft.com/en-ca/library/cc978528.aspx >>>>>>>> >>>>>>>> John >>>>>>> Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. >>>>>>> No mention in Device Manager, or after running your batch file. I >>>>>>> won't try to meddle with Enum, but how do I grant myself permission >>>>>>> if I did want to?? I will read the articles you mention, but since >>>>>>> this is the file that is causing my 20 min startup delay, >>>>>>> ex-infection or otherwise - how do I get rid of my system searching >>>>>>> for it?? Thanks again. >>>>>> >>>>>> The registry permissions are just like regular NTFS file permissions, >>>>>> just right click on the offending key and select Permissions... >>>>>> >>>>>> If you are convinced that this is the culprit and if you cannot >>>>>> remove >>>>>> the device from the Device Manager then just grant yourself full >>>>>> control on the key and delete it. For the time being remove it in the >>>>>> CurrentControlSet only! If the Windows installation balks at its >>>>>> removal (when you reboot) just boot to the Last Known Good >>>>>> Configuration. >>>>> >>>>> PS. The problem is more likely to be caused by the status of the >>>>> service >>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I >>>>> suggest that you remove or disable the service there. To disable the >>>>> service set its Start value to 4. >>>>> >>>>> John >>>> Well, Having deleted it from the CurrentControlSet and rebooted, the >>>> problem is still there, but Event Viewer no longer reports a problem >>>> in looking for bthex. So I presume bthex, whatever it is, is *not* the >>>> reason for my slow progress bar in booting up. Any ideas as to what it >>>> might now be? Could it be something to do with Power On Self Testing, >>>> or if not is there any way of diagnosing why this has suddenly started >>>> occuring? Cheers. >>> >>> I think that what you are seeing is part of the Windows boot process >>> rather than the POST routine, an easy way to tell would be to press/tap >>> the F8 key when the computer is booting and see how long it takes for >>> the advanced Windows boot options show up. Or put a second (phony) line >>> in the boot.ini file and see how long it takes for ntldr to parse and >>> present the boot menu. >>> >>> John >> When I tap the F8 key the (by now usual) slow clicks and whirrs >> continue for about 2 mins, then the white progress bar appears and >> continues another 2 or 3 mins, and then at last the advanced options >> menu appears. Choosing any option results in the correct procedure, >> but another 15 mins for the bar to disappear and the Windows start-up >> logo to kick in. Before all this began, the advanced options screen >> would appear within seconds. Does this indicate Windows boot routine >> or POST, and if so what does this indicate? If I placed a phony line >> in boot.ini what would the length of time tell me? Thank you very much >> for all your help with this. > > When the boot.ini file contains only one ARC path, (like most Windows > installations), the boot loader (ntldr) simply parses the file and > proceeds to boot the default Windows installation without presenting the > user with a boot menu. When the boot.ini file contains more than one > line ntldr reads the file then presents a boot menu for a certain length > of time to allow the user to select which Windows installation to boot. > > For example: > > Most boot.ini files where only one Windows installation is present will > look something like this: > > [boot loader] > timeout=30 > default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS > [operating systems] > multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP > Professional" /fastdetect > > In the above example the file only contains one ARC path: > > multi(0)disk(0)rdisk(0)partition(1)\WINDOWS > > Ntldr sees that there is only one Windows installation present so it > doesn't present a boot menu and proceeds to load the default Windows > installation. If we were to add a second "phony" installation ntldr > would pause to allow the user to select which Windows installation to > boot, the boot.ini file could look like this: > > [boot loader] > timeout=30 > default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS > [operating systems] > multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP > Professional" /fastdetect > multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect > > When seeing more than one ARC path lines ntldr will now pause when the > computer is booted and it will present the user with a boot menu > allowing the user to select one of the following: > > Microsoft Windows XP Professional > Phony Windows > > If no selection is made after the timeout= time ntldr will load the > default= operating system. With the above boot.ini file, if no selection > is made, after 30 seconds ntldr will load the > multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one > labeled "Microsoft Windows XP Professional". The stuff between the > quotation marks is for human eyes only, what you see on the boot menu, > so the above "Phony Windows" line is valid, you will see Phony Windows > as a boot option. > > This is simply an option that allows you to gauge how much time it takes > for the BIOS to do it's stuff and load the MBR and then pass the boot > process to the boot sector of the active partition which then in turns > passes the boot process to the ntldr boot loader, only then (when the > boot sector passes the boot process to the boot loader) is Windows > involved, anything prior to that has nothing to do with Windows. So what > does all of this do? It simply allows one to gauge the time at which > Windows actually becomes involved in the boot process, it can sometimes > be helpful if one is having difficulties determining where the boot > process is at when it hangs after the POST test. > > Your comments that there is whirling and clicking noises doesn't sound > too good, this can be a sign of a failing hard drive. A failing drive > can often be difficult to boot and it can take a long time to do so. I > would strongly suggest that you backup all your precious files and run > disk diagnostic utility from the drive manufacturer on the disk. Another > way to do a quick test is to open the box and touch the hard disk, a > failing whirling and clicking drive will usually also become quite hot > to the touch. > > John Found Boot.ini and added "phony" line. I got the phony choice after only 15 secs, so I now assume the BIOS is doing its stuff OK. There is then a wait of 2 mins till the progress bar appears (or 1min to the Advanced Options Screen if I had pressed F8, then 1 more min), then about 12 mins to the Windows XP logo, then about 4 mins till my startup programs have kicked in OK. So if it is Windows that is involved and not now the BIOS or the POST, what can suddenly be causing this huge delay of 14 mins?? Any more help greatly appreciated. Regards, Richard
From: John John - MVP on 24 Jun 2010 16:52 Richard wrote: > On 24/06/2010 18:31, John John - MVP wrote: >> >> Richard wrote: >>> On 24/06/2010 17:22, John John - MVP wrote: >>>> Richard wrote: >>>>> On 24/06/2010 15:09, John John - MVP wrote: >>>>>> >>>>>> John John - MVP wrote: >>>>>>> Richard wrote: >>>>>>>> On 24/06/2010 14:13, John John - MVP wrote: >>>>>>>>> Richard wrote: >>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote: >>>>>>>>>>> Richard wrote: >>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my computer >>>>>>>>>>>> (with >>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen and >>>>>>>>>>>> before >>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the bottom >>>>>>>>>>>> of the >>>>>>>>>>>> screen that fills up over about 20 minutes before the usual >>>>>>>>>>>> Windows >>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the >>>>>>>>>>>> System >>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not >>>>>>>>>>>> found. >>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be >>>>>>>>>>>> found >>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has >>>>>>>>>>>> suddenly >>>>>>>>>>>> deleted\renamed it or something. I have put my installation DVD >>>>>>>>>>>> in the >>>>>>>>>>>> drive and tried a repair but this driver cannot be located >>>>>>>>>>>> there, >>>>>>>>>>>> and >>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest >>>>>>>>>>>> where I >>>>>>>>>>>> might find this system file, or maybe even search for it on >>>>>>>>>>>> their >>>>>>>>>>>> own >>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks for >>>>>>>>>>>> any >>>>>>>>>>>> help >>>>>>>>>>>> in advance. >>>>>>>>>>> >>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search >>>>>>>>>>> for this >>>>>>>>>>> file yields no results, often an indication that the file is >>>>>>>>>>> virus or >>>>>>>>>>> malware related. I would suggest that you make sure that the >>>>>>>>>>> machine is >>>>>>>>>>> free of any pests. >>>>>>>>>>> >>>>>>>>>>> Where *exactly* in the registry did you find reference to this >>>>>>>>>>> file? It >>>>>>>>>>> could be that your Anti-Virus tools have removed an infection >>>>>>>>>>> and >>>>>>>>>>> that >>>>>>>>>>> the entry is just a remnant. >>>>>>>>>>> >>>>>>>>>>> John >>>>>>>>>> Appears at HKLM/System/ControlSet001(and >>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") >>>>>>>>>> which >>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and >>>>>>>>>> 3)/services/bthex/ (and >>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath >>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all >>>>>>>>>> these >>>>>>>>>> references, could that help?? >>>>>>>>> >>>>>>>>> Is it in the CurrentControlSet? >>>>>>>>> >>>>>>>>> Look for phantom devices in the Device Manager and see if any make >>>>>>>>> mention this BTHEX driver: >>>>>>>>> >>>>>>>>> Device Manager does not display devices that are not connected >>>>>>>>> to the >>>>>>>>> Windows XP-based computer >>>>>>>>> http://support.microsoft.com/kb/315539 >>>>>>>>> >>>>>>>>> This little batch file will automatically set the Device >>>>>>>>> Manager to >>>>>>>>> show >>>>>>>>> phantom devices and open it for you: >>>>>>>>> >>>>>>>>> ---------------------------------------------------- >>>>>>>>> set devmgr_show_nonpresent_devices-1 >>>>>>>>> start devmgmt.msc >>>>>>>>> ---------------------------------------------------- >>>>>>>>> >>>>>>>>> You cannot delete the keys in the Enum section because you do not >>>>>>>>> have >>>>>>>>> permission to do so, grant yourself the necessary permissions >>>>>>>>> and you >>>>>>>>> will be able to remove the keys. Before you do that keep in mind >>>>>>>>> that >>>>>>>>> there is a good reason why only the System account has >>>>>>>>> permission to >>>>>>>>> delete keys in the in the \Enum branch! It would be best to remove >>>>>>>>> the >>>>>>>>> device in the Device Manager instead of removing it from the Enum >>>>>>>>> keys. >>>>>>>>> >>>>>>>>> Before you change the permissions and delete keys please read the >>>>>>>>> following: >>>>>>>>> >>>>>>>>> Enum >>>>>>>>> http://technet.microsoft.com/en-ca/library/cc976176.aspx >>>>>>>>> >>>>>>>>> System and Startup Settings >>>>>>>>> http://technet.microsoft.com/en-us/library/bb742541.aspx >>>>>>>>> >>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select >>>>>>>>> http://technet.microsoft.com/en-ca/library/cc978528.aspx >>>>>>>>> >>>>>>>>> John >>>>>>>> Yes - it is in CurrentControlSet under >>>>>>>> /Enum/Root/LEGACY_BTHEX/0000. >>>>>>>> No mention in Device Manager, or after running your batch file. I >>>>>>>> won't try to meddle with Enum, but how do I grant myself permission >>>>>>>> if I did want to?? I will read the articles you mention, but since >>>>>>>> this is the file that is causing my 20 min startup delay, >>>>>>>> ex-infection or otherwise - how do I get rid of my system searching >>>>>>>> for it?? Thanks again. >>>>>>> >>>>>>> The registry permissions are just like regular NTFS file >>>>>>> permissions, >>>>>>> just right click on the offending key and select Permissions... >>>>>>> >>>>>>> If you are convinced that this is the culprit and if you cannot >>>>>>> remove >>>>>>> the device from the Device Manager then just grant yourself full >>>>>>> control on the key and delete it. For the time being remove it in >>>>>>> the >>>>>>> CurrentControlSet only! If the Windows installation balks at its >>>>>>> removal (when you reboot) just boot to the Last Known Good >>>>>>> Configuration. >>>>>> >>>>>> PS. The problem is more likely to be caused by the status of the >>>>>> service >>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services branch, I >>>>>> suggest that you remove or disable the service there. To disable the >>>>>> service set its Start value to 4. >>>>>> >>>>>> John >>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the >>>>> problem is still there, but Event Viewer no longer reports a problem >>>>> in looking for bthex. So I presume bthex, whatever it is, is *not* the >>>>> reason for my slow progress bar in booting up. Any ideas as to what it >>>>> might now be? Could it be something to do with Power On Self Testing, >>>>> or if not is there any way of diagnosing why this has suddenly started >>>>> occuring? Cheers. >>>> >>>> I think that what you are seeing is part of the Windows boot process >>>> rather than the POST routine, an easy way to tell would be to press/tap >>>> the F8 key when the computer is booting and see how long it takes for >>>> the advanced Windows boot options show up. Or put a second (phony) line >>>> in the boot.ini file and see how long it takes for ntldr to parse and >>>> present the boot menu. >>>> >>>> John >>> When I tap the F8 key the (by now usual) slow clicks and whirrs >>> continue for about 2 mins, then the white progress bar appears and >>> continues another 2 or 3 mins, and then at last the advanced options >>> menu appears. Choosing any option results in the correct procedure, >>> but another 15 mins for the bar to disappear and the Windows start-up >>> logo to kick in. Before all this began, the advanced options screen >>> would appear within seconds. Does this indicate Windows boot routine >>> or POST, and if so what does this indicate? If I placed a phony line >>> in boot.ini what would the length of time tell me? Thank you very much >>> for all your help with this. >> >> When the boot.ini file contains only one ARC path, (like most Windows >> installations), the boot loader (ntldr) simply parses the file and >> proceeds to boot the default Windows installation without presenting the >> user with a boot menu. When the boot.ini file contains more than one >> line ntldr reads the file then presents a boot menu for a certain length >> of time to allow the user to select which Windows installation to boot. >> >> For example: >> >> Most boot.ini files where only one Windows installation is present will >> look something like this: >> >> [boot loader] >> timeout=30 >> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS >> [operating systems] >> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP >> Professional" /fastdetect >> >> In the above example the file only contains one ARC path: >> >> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS >> >> Ntldr sees that there is only one Windows installation present so it >> doesn't present a boot menu and proceeds to load the default Windows >> installation. If we were to add a second "phony" installation ntldr >> would pause to allow the user to select which Windows installation to >> boot, the boot.ini file could look like this: >> >> [boot loader] >> timeout=30 >> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS >> [operating systems] >> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP >> Professional" /fastdetect >> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect >> >> When seeing more than one ARC path lines ntldr will now pause when the >> computer is booted and it will present the user with a boot menu >> allowing the user to select one of the following: >> >> Microsoft Windows XP Professional >> Phony Windows >> >> If no selection is made after the timeout= time ntldr will load the >> default= operating system. With the above boot.ini file, if no selection >> is made, after 30 seconds ntldr will load the >> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one >> labeled "Microsoft Windows XP Professional". The stuff between the >> quotation marks is for human eyes only, what you see on the boot menu, >> so the above "Phony Windows" line is valid, you will see Phony Windows >> as a boot option. >> >> This is simply an option that allows you to gauge how much time it takes >> for the BIOS to do it's stuff and load the MBR and then pass the boot >> process to the boot sector of the active partition which then in turns >> passes the boot process to the ntldr boot loader, only then (when the >> boot sector passes the boot process to the boot loader) is Windows >> involved, anything prior to that has nothing to do with Windows. So what >> does all of this do? It simply allows one to gauge the time at which >> Windows actually becomes involved in the boot process, it can sometimes >> be helpful if one is having difficulties determining where the boot >> process is at when it hangs after the POST test. >> >> Your comments that there is whirling and clicking noises doesn't sound >> too good, this can be a sign of a failing hard drive. A failing drive >> can often be difficult to boot and it can take a long time to do so. I >> would strongly suggest that you backup all your precious files and run >> disk diagnostic utility from the drive manufacturer on the disk. Another >> way to do a quick test is to open the box and touch the hard disk, a >> failing whirling and clicking drive will usually also become quite hot >> to the touch. >> >> John > John, Thnk you for all that detailed info which I will digest. The > whirring and clicking is actually present whenever a program is > executing, and always has been (I think). The machine is quite noisy. > However, I take your advice and will ensure good backup. I have done a > "chkdsk /r" over the last hour or so - all apparently OK. All this seems > to be happening before Windows gets involved, so could there be a > problem with MBR/boot sector/ntldr? If so, again what can I do to > rectify it? Also, after "fastdetect" in boot.ini, I have > "/NoExecute=OptIn". Should that be there? I can see Boot.ini in > msconfig, but I can't find it on the disk to put in another line. I will > continue later and post any results I may get to let you know if all > your help has got me anywhere. Thanks again. Leave the /NoExecute=OptIn switch in place, this is the Data Execution Prevention (DEP) switch, it prevents malicious software from executing in memory locations, it has nothing to do with your problems. To edit the boot.ini file go in to System Properties (right click My Computer and select Properties) then click on the Advanced tab and then click on the Start Up and Recovery Settings button. Don't remove or modify the existing lines! Just add another one as mentioned earlier. John
From: Richard on 24 Jun 2010 17:14
On 24/06/2010 21:52, John John - MVP wrote: > > Richard wrote: >> On 24/06/2010 18:31, John John - MVP wrote: >>> >>> Richard wrote: >>>> On 24/06/2010 17:22, John John - MVP wrote: >>>>> Richard wrote: >>>>>> On 24/06/2010 15:09, John John - MVP wrote: >>>>>>> >>>>>>> John John - MVP wrote: >>>>>>>> Richard wrote: >>>>>>>>> On 24/06/2010 14:13, John John - MVP wrote: >>>>>>>>>> Richard wrote: >>>>>>>>>>> On 24/06/2010 13:20, John John - MVP wrote: >>>>>>>>>>>> Richard wrote: >>>>>>>>>>>>> (This may be repeated....if so, sorry!)When I start my >>>>>>>>>>>>> computer >>>>>>>>>>>>> (with >>>>>>>>>>>>> Win XP Home SP3 installed), just after the BIOS info screen >>>>>>>>>>>>> and >>>>>>>>>>>>> before >>>>>>>>>>>>> Windows even kicks in, I get a white progress bar at the >>>>>>>>>>>>> bottom >>>>>>>>>>>>> of the >>>>>>>>>>>>> screen that fills up over about 20 minutes before the usual >>>>>>>>>>>>> Windows >>>>>>>>>>>>> logo/start screen appears. Looking at the event viewer for the >>>>>>>>>>>>> System >>>>>>>>>>>>> I find that "boot-start or system-start driver "bthex" was not >>>>>>>>>>>>> found. >>>>>>>>>>>>> Looking in the Registry indicates that bthex is expected to be >>>>>>>>>>>>> found >>>>>>>>>>>>> in Win\System32\Drivers. It is not there, so something has >>>>>>>>>>>>> suddenly >>>>>>>>>>>>> deleted\renamed it or something. I have put my installation >>>>>>>>>>>>> DVD >>>>>>>>>>>>> in the >>>>>>>>>>>>> drive and tried a repair but this driver cannot be located >>>>>>>>>>>>> there, >>>>>>>>>>>>> and >>>>>>>>>>>>> I have googled for it but with no luck. Can anyone suggest >>>>>>>>>>>>> where I >>>>>>>>>>>>> might find this system file, or maybe even search for it on >>>>>>>>>>>>> their >>>>>>>>>>>>> own >>>>>>>>>>>>> Syste32 folder and make it available to me?? Many thanks >>>>>>>>>>>>> for any >>>>>>>>>>>>> help >>>>>>>>>>>>> in advance. >>>>>>>>>>>> >>>>>>>>>>>> If it's a driver it would be a .sys file (not a .dll). A search >>>>>>>>>>>> for this >>>>>>>>>>>> file yields no results, often an indication that the file is >>>>>>>>>>>> virus or >>>>>>>>>>>> malware related. I would suggest that you make sure that the >>>>>>>>>>>> machine is >>>>>>>>>>>> free of any pests. >>>>>>>>>>>> >>>>>>>>>>>> Where *exactly* in the registry did you find reference to this >>>>>>>>>>>> file? It >>>>>>>>>>>> could be that your Anti-Virus tools have removed an >>>>>>>>>>>> infection and >>>>>>>>>>>> that >>>>>>>>>>>> the entry is just a remnant. >>>>>>>>>>>> >>>>>>>>>>>> John >>>>>>>>>>> Appears at HKLM/System/ControlSet001(and >>>>>>>>>>> 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") >>>>>>>>>>> which >>>>>>>>>>> I am not allowed to edit: also at ditto\controlset001 (and >>>>>>>>>>> 3)/services/bthex/ (and >>>>>>>>>>> services/enum/explorerbars/{C4EE31})ImagePath >>>>>>>>>>> REG_DWORD set to "system32/drivers/bthex.sys." If I delete all >>>>>>>>>>> these >>>>>>>>>>> references, could that help?? >>>>>>>>>> >>>>>>>>>> Is it in the CurrentControlSet? >>>>>>>>>> >>>>>>>>>> Look for phantom devices in the Device Manager and see if any >>>>>>>>>> make >>>>>>>>>> mention this BTHEX driver: >>>>>>>>>> >>>>>>>>>> Device Manager does not display devices that are not connected >>>>>>>>>> to the >>>>>>>>>> Windows XP-based computer >>>>>>>>>> http://support.microsoft.com/kb/315539 >>>>>>>>>> >>>>>>>>>> This little batch file will automatically set the Device >>>>>>>>>> Manager to >>>>>>>>>> show >>>>>>>>>> phantom devices and open it for you: >>>>>>>>>> >>>>>>>>>> ---------------------------------------------------- >>>>>>>>>> set devmgr_show_nonpresent_devices-1 >>>>>>>>>> start devmgmt.msc >>>>>>>>>> ---------------------------------------------------- >>>>>>>>>> >>>>>>>>>> You cannot delete the keys in the Enum section because you do not >>>>>>>>>> have >>>>>>>>>> permission to do so, grant yourself the necessary permissions >>>>>>>>>> and you >>>>>>>>>> will be able to remove the keys. Before you do that keep in mind >>>>>>>>>> that >>>>>>>>>> there is a good reason why only the System account has >>>>>>>>>> permission to >>>>>>>>>> delete keys in the in the \Enum branch! It would be best to >>>>>>>>>> remove >>>>>>>>>> the >>>>>>>>>> device in the Device Manager instead of removing it from the Enum >>>>>>>>>> keys. >>>>>>>>>> >>>>>>>>>> Before you change the permissions and delete keys please read the >>>>>>>>>> following: >>>>>>>>>> >>>>>>>>>> Enum >>>>>>>>>> http://technet.microsoft.com/en-ca/library/cc976176.aspx >>>>>>>>>> >>>>>>>>>> System and Startup Settings >>>>>>>>>> http://technet.microsoft.com/en-us/library/bb742541.aspx >>>>>>>>>> >>>>>>>>>> HKEY_LOCAL_MACHINE\SYSTEM\Select >>>>>>>>>> http://technet.microsoft.com/en-ca/library/cc978528.aspx >>>>>>>>>> >>>>>>>>>> John >>>>>>>>> Yes - it is in CurrentControlSet under >>>>>>>>> /Enum/Root/LEGACY_BTHEX/0000. >>>>>>>>> No mention in Device Manager, or after running your batch file. I >>>>>>>>> won't try to meddle with Enum, but how do I grant myself >>>>>>>>> permission >>>>>>>>> if I did want to?? I will read the articles you mention, but since >>>>>>>>> this is the file that is causing my 20 min startup delay, >>>>>>>>> ex-infection or otherwise - how do I get rid of my system >>>>>>>>> searching >>>>>>>>> for it?? Thanks again. >>>>>>>> >>>>>>>> The registry permissions are just like regular NTFS file >>>>>>>> permissions, >>>>>>>> just right click on the offending key and select Permissions... >>>>>>>> >>>>>>>> If you are convinced that this is the culprit and if you cannot >>>>>>>> remove >>>>>>>> the device from the Device Manager then just grant yourself full >>>>>>>> control on the key and delete it. For the time being remove it >>>>>>>> in the >>>>>>>> CurrentControlSet only! If the Windows installation balks at its >>>>>>>> removal (when you reboot) just boot to the Last Known Good >>>>>>>> Configuration. >>>>>>> >>>>>>> PS. The problem is more likely to be caused by the status of the >>>>>>> service >>>>>>> in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services >>>>>>> branch, I >>>>>>> suggest that you remove or disable the service there. To disable the >>>>>>> service set its Start value to 4. >>>>>>> >>>>>>> John >>>>>> Well, Having deleted it from the CurrentControlSet and rebooted, the >>>>>> problem is still there, but Event Viewer no longer reports a problem >>>>>> in looking for bthex. So I presume bthex, whatever it is, is *not* >>>>>> the >>>>>> reason for my slow progress bar in booting up. Any ideas as to >>>>>> what it >>>>>> might now be? Could it be something to do with Power On Self Testing, >>>>>> or if not is there any way of diagnosing why this has suddenly >>>>>> started >>>>>> occuring? Cheers. >>>>> >>>>> I think that what you are seeing is part of the Windows boot process >>>>> rather than the POST routine, an easy way to tell would be to >>>>> press/tap >>>>> the F8 key when the computer is booting and see how long it takes for >>>>> the advanced Windows boot options show up. Or put a second (phony) >>>>> line >>>>> in the boot.ini file and see how long it takes for ntldr to parse and >>>>> present the boot menu. >>>>> >>>>> John >>>> When I tap the F8 key the (by now usual) slow clicks and whirrs >>>> continue for about 2 mins, then the white progress bar appears and >>>> continues another 2 or 3 mins, and then at last the advanced options >>>> menu appears. Choosing any option results in the correct procedure, >>>> but another 15 mins for the bar to disappear and the Windows start-up >>>> logo to kick in. Before all this began, the advanced options screen >>>> would appear within seconds. Does this indicate Windows boot routine >>>> or POST, and if so what does this indicate? If I placed a phony line >>>> in boot.ini what would the length of time tell me? Thank you very much >>>> for all your help with this. >>> >>> When the boot.ini file contains only one ARC path, (like most Windows >>> installations), the boot loader (ntldr) simply parses the file and >>> proceeds to boot the default Windows installation without presenting the >>> user with a boot menu. When the boot.ini file contains more than one >>> line ntldr reads the file then presents a boot menu for a certain length >>> of time to allow the user to select which Windows installation to boot. >>> >>> For example: >>> >>> Most boot.ini files where only one Windows installation is present will >>> look something like this: >>> >>> [boot loader] >>> timeout=30 >>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS >>> [operating systems] >>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP >>> Professional" /fastdetect >>> >>> In the above example the file only contains one ARC path: >>> >>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS >>> >>> Ntldr sees that there is only one Windows installation present so it >>> doesn't present a boot menu and proceeds to load the default Windows >>> installation. If we were to add a second "phony" installation ntldr >>> would pause to allow the user to select which Windows installation to >>> boot, the boot.ini file could look like this: >>> >>> [boot loader] >>> timeout=30 >>> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS >>> [operating systems] >>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP >>> Professional" /fastdetect >>> multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect >>> >>> When seeing more than one ARC path lines ntldr will now pause when the >>> computer is booted and it will present the user with a boot menu >>> allowing the user to select one of the following: >>> >>> Microsoft Windows XP Professional >>> Phony Windows >>> >>> If no selection is made after the timeout= time ntldr will load the >>> default= operating system. With the above boot.ini file, if no selection >>> is made, after 30 seconds ntldr will load the >>> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one >>> labeled "Microsoft Windows XP Professional". The stuff between the >>> quotation marks is for human eyes only, what you see on the boot menu, >>> so the above "Phony Windows" line is valid, you will see Phony Windows >>> as a boot option. >>> >>> This is simply an option that allows you to gauge how much time it takes >>> for the BIOS to do it's stuff and load the MBR and then pass the boot >>> process to the boot sector of the active partition which then in turns >>> passes the boot process to the ntldr boot loader, only then (when the >>> boot sector passes the boot process to the boot loader) is Windows >>> involved, anything prior to that has nothing to do with Windows. So what >>> does all of this do? It simply allows one to gauge the time at which >>> Windows actually becomes involved in the boot process, it can sometimes >>> be helpful if one is having difficulties determining where the boot >>> process is at when it hangs after the POST test. >>> >>> Your comments that there is whirling and clicking noises doesn't sound >>> too good, this can be a sign of a failing hard drive. A failing drive >>> can often be difficult to boot and it can take a long time to do so. I >>> would strongly suggest that you backup all your precious files and run >>> disk diagnostic utility from the drive manufacturer on the disk. Another >>> way to do a quick test is to open the box and touch the hard disk, a >>> failing whirling and clicking drive will usually also become quite hot >>> to the touch. >>> >>> John >> John, Thnk you for all that detailed info which I will digest. The >> whirring and clicking is actually present whenever a program is >> executing, and always has been (I think). The machine is quite noisy. >> However, I take your advice and will ensure good backup. I have done a >> "chkdsk /r" over the last hour or so - all apparently OK. All this >> seems to be happening before Windows gets involved, so could there be >> a problem with MBR/boot sector/ntldr? If so, again what can I do to >> rectify it? Also, after "fastdetect" in boot.ini, I have >> "/NoExecute=OptIn". Should that be there? I can see Boot.ini in >> msconfig, but I can't find it on the disk to put in another line. I >> will continue later and post any results I may get to let you know if >> all your help has got me anywhere. Thanks again. > > Leave the /NoExecute=OptIn switch in place, this is the Data Execution > Prevention (DEP) switch, it prevents malicious software from executing > in memory locations, it has nothing to do with your problems. > > To edit the boot.ini file go in to System Properties (right click My > Computer and select Properties) then click on the Advanced tab and then > click on the Start Up and Recovery Settings button. Don't remove or > modify the existing lines! Just add another one as mentioned earlier. > > John See post beneath from 21.38. |