Minor but annoying XP startup issue with 4.7.981

Greetings, all…

Just a quick question to see if anyone else has experienced a slow startup of parts of Windows XP SP2 since the update to .981. With the previous version, on booting up, the desktop would appear, then a second or two later the XP taskbar would appear and the tedious XP startup sound would play simultaneously; startup programs would immediately run, and the avast tray icon did not display the red slash that shows up when one of its components is not functioning. In other words, it was a nice, crisp, clean startup.

But since the update to .981, the taskbar appears immediately, but the startup sound occurs about 10 -15 seconds later, and during this period the avast icon in the tray shows the red slash (or whatever it is) until the sound plays. I guess .981 doesn’t like something about my system…

My specs: Intel Core 2 Duo 6400 on Asus P5L-VM 1394, 1 GB memory, Windows XP SP2, firewall is XP’s built-in thing. No other security apps run at startup, and in fact the only other things set to run at startup are NeroCheck (version 6) and Nero InCD (version 4.3.something); I don’t allow Creative’s X-Fi startup crap to run (yes, I’m very anal retentive). Hardware drivers include Intel chipset software, most recent X-FI driver (ONLY the driver is installed, not the other bloatware) and Asus/Attansic LAN driver, and NVIDIA Forceware 93.71. All drivers are WHQL certified.

This is not a major crisis, of course, but I’m curious about what might be causing this. Any insight would be appreciated.

Regards,
Crashman

Hi Crashman, and welcome to the avast forums.

Could you please try this: http://forum.avast.com/index.php?topic=27733.msg226219#msg226219 ?

Thanks
Vlk

Hello, Vlk!!!

I deleted that value from the registry and the boot process seems just about normal again. The only remaining hint that there was an issue is that the red slash hangs on for a few seconds, but desktop, taskbar, and startup sound all materialize at virtually the same time again. I think you got it…

Thanks for the welcome to the forum, the great help, and the quick reply!

Well, this is in fact an interesting problem that we intend to analyze a bit deeper. Would you be willing to do some more tests for us? The problem is, we’re unable to simulate the problem on any of our machines.

The thing is - we seem to know the cure but don’t know the cause. That is never good in software engineering, and makes us a bit nervous :frowning: :slight_smile:

Cheers
Vlk

Greetings again, Vlk,

I’d be happy to help in any way I can. Your interest in tracking down and fixing the issue is admirable, and it’s well worth the time to carry my share of the water in that process. ;D

Best regards,
Crashman

Thanks.

To start, I’d like to know if the problem still happens if you:

  • put back the Groups reg value (to do this, you can use the following reg file http://public.avast.com/~vlk/avast-fast-start.reg), AND
  • uninstall all the avast on-access providers except for Outlook/Exchange (to do this, please head to Control Panel, Add/Remove Programs, Avast antivirus, Change/Remove, Change and untick the boxes next to each of the items under “Resident Protection”, except for “Outlook/Exchange” [that’s the only one that should stay with the green check mark]).

The reboot and see if it has any effect on the issue.

Thanks
Vlk

Vlk,

With only Outlook/Exchange installed and the “groups” value ENABLED, the boot delay is back. But I should also note that on my original installation, with only Internet Mail, Network Shield, Web Shield, and Standard shield installed (no Outlook/Exchange, P2P, Instant Messaging or skins installed) and only English language modules, the boot delay DOES occur.

I will await your next instructions.

Crashman

Thanks. Interesting, so it seems the problem is not related to any of the providers.

Two more questions:

  • do you have a fast Internet connection?
  • do you have a PS/2 keyboard (as opposed to USB)?

Thanks
Vlk

Vlk,

Yes to both questions. I’m on 768K DSL broadband which require a dial-up-like logon process.

Crashman

Just a thought here…

Could the services Windows XP runs at bootup have something to do with this? I know that disabling the Web Client service had no effect on the boot lag when I tried that yesterday, but the SSDP Discovery service is set to “manual” but still runs at Windows startup anyway (apparently because of Windows Media Player 11 being installed on this computer).

I might also note that I have .NET framework 2.0 installed as well.

Crashman

What I’d need is a full memory dump of the machine at the time it is “stuck”.

The procedure is described here: http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71

It’s a bit time-consuming (you have to do some config changes, reboot, then generate the dump, reboot again, and then upload the dump to our ftp site, which usually takes quite long). If you don’t have time to do it, no problem! :wink:

Thanks
Vlk

Vlk, no problem, but I’ll need about 20 minutes or so. I’ll reinstall avast! with the Standard, Web, Network, and Internet Mail shields enabled, and the groups registry value in place, then follow the full memory dump procedure.

Back to you soon,

Crashman

Vlk,

I have the complete memory dump, but I’ve never sent anything using FTP. How do I use XP’s FTP client to send the file to ftp.avast.com/incoming?

Thanks,

Crashman

With IE or a clone, Upload them to ftp://ftp.avast.com/incoming - Connect to the link and drag the file into the Right pane and drop it, that starts the upload, you don’t have read access to this folder.

DavidR,

Thanks for the info.

Before I could read your reply, I think I figured out how to use XP’s ftp client. I’m currently sending the file as the binary file crashman.dmp (hope this was right!).

Regards,
Crashman

I see it coming. However, I’d strongly suggest to compress (e.g. ZIP) the file - this usually makes it at least 3x smaller.

Thanks
Vlk

@ Crashman
That looks fine, naming the file as you have should help Vlk if there are other .dmp files.

Edit: didn’t see Vlk’s post on a 2nd page and he has already seen it

Vlk,

Sorry about not compressing the dump file before sending it. I was so excited that I figured out how to FTP it to you that I just sent it off without thinking. :-[ ;D With some luck, the upload should be finished in a few hours.

I got to thinking about why this boot hang seems to be such an isolated problem. On April 10, Microsoft issued a number of critical XP patches which changed what I believe are core system files, and which I installed when Windows Update offered them last Tuesday. For example,
KB931784 provided new versions of ntkrnlmp.exe, ntkrpamp.exe, ntoskrnl.exe and ntkrnlpa.exe;
KB930178 issued a new version of winsrv.dll;
KB925902 installed updated versions of mf3216.dll, gdi32.dll, win32k.sys and user32.dll;
KB931261 gave us a new upnphost.dll; and
KB932168 updated xpsp3res.dll and agentdpv.dll
Perhaps something new in one or more of these updated core files caused .981 to hang a bit at boot up when the “group” registry setting is enabled.

I would also add that the HAL.dll that my system is using is actually renamed from halmacpi.dll for my dual-core processor. This file is version 5.1.2600.2180 and dated 2/28/2006.

Thanks again for your patience with me in this process and for your quick help in tracking down whatever the issue might be.

Regards,
Crashman

Hi Crashman,

the dump finally arrives. Thanks!

Now, I’d need you to do some more tests. From the command-line (cmd.exe), please try the following commands:

fltmc instances

fltmc volumes

(one at a time) and please post back the output you’re getting.

Thanks
Vlk

Hi Vlk,

For the first, I get “no filters/instances found” and for the second I get “no volumes found”.

Regards,
Crashman