If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#31
|
|||
|
|||
Missing boot-start driver bthex.dll
On 27/06/2010 14:58, Smiles wrote:
John John - MVP wrote: Richard wrote: On 25/06/2010 13:45, Richard wrote: On 25/06/2010 12:59, John John - MVP wrote: Richard wrote: On 24/06/2010 22:37, John John - MVP wrote: Richard wrote: On 24/06/2010 18:31, John John - MVP wrote: Richard wrote: On 24/06/2010 17:22, John John - MVP wrote: Richard wrote: On 24/06/2010 15:09, John John - MVP wrote: John John - MVP wrote: Richard wrote: On 24/06/2010 14:13, John John - MVP wrote: Richard wrote: On 24/06/2010 13:20, John John - MVP wrote: Richard wrote: (This may be repeated....if so, sorry!)When I start my computer (with Win XP Home SP3 installed), just after the BIOS info screen and before Windows even kicks in, I get a white progress bar at the bottom of the screen that fills up over about 20 minutes before the usual Windows logo/start screen appears. Looking at the event viewer for the System I find that "boot-start or system-start driver "bthex" was not found. Looking in the Registry indicates that bthex is expected to be found in Win\System32\Drivers. It is not there, so something has suddenly deleted\renamed it or something. I have put my installation DVD in the drive and tried a repair but this driver cannot be located there, and I have googled for it but with no luck. Can anyone suggest where I might find this system file, or maybe even search for it on their own Syste32 folder and make it available to me?? Many thanks for any help in advance. If it's a driver it would be a .sys file (not a .dll). A search for this file yields no results, often an indication that the file is virus or malware related. I would suggest that you make sure that the machine is free of any pests. Where *exactly* in the registry did you find reference to this file? It could be that your Anti-Virus tools have removed an infection and that the entry is just a remnant. John Appears at HKLM/System/ControlSet001(and 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which I am not allowed to edit: also at ditto\controlset001 (and 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these references, could that help?? Is it in the CurrentControlSet? Look for phantom devices in the Device Manager and see if any make mention this BTHEX driver: Device Manager does not display devices that are not connected to the Windows XP-based computer http://support.microsoft.com/kb/315539 This little batch file will automatically set the Device Manager to show phantom devices and open it for you: ---------------------------------------------------- set devmgr_show_nonpresent_devices-1 start devmgmt.msc ---------------------------------------------------- You cannot delete the keys in the Enum section because you do not have permission to do so, grant yourself the necessary permissions and you will be able to remove the keys. Before you do that keep in mind that there is a good reason why only the System account has permission to delete keys in the in the \Enum branch! It would be best to remove the device in the Device Manager instead of removing it from the Enum keys. Before you change the permissions and delete keys please read the following: Enum http://technet.microsoft.com/en-ca/l.../cc976176.aspx System and Startup Settings http://technet.microsoft.com/en-us/l.../bb742541.aspx HKEY_LOCAL_MACHINE\SYSTEM\Select http://technet.microsoft.com/en-ca/l.../cc978528.aspx John Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. No mention in Device Manager, or after running your batch file. I won't try to meddle with Enum, but how do I grant myself permission if I did want to?? I will read the articles you mention, but since this is the file that is causing my 20 min startup delay, ex-infection or otherwise - how do I get rid of my system searching for it?? Thanks again. The registry permissions are just like regular NTFS file permissions, just right click on the offending key and select Permissions... If you are convinced that this is the culprit and if you cannot remove the device from the Device Manager then just grant yourself full control on the key and delete it. For the time being remove it in the CurrentControlSet only! If the Windows installation balks at its removal (when you reboot) just boot to the Last Known Good Configuration. PS. The problem is more likely to be caused by the status of the service in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es branch, I suggest that you remove or disable the service there. To disable the service set its Start value to 4. John Well, Having deleted it from the CurrentControlSet and rebooted, the problem is still there, but Event Viewer no longer reports a problem in looking for bthex. So I presume bthex, whatever it is, is *not* the reason for my slow progress bar in booting up. Any ideas as to what it might now be? Could it be something to do with Power On Self Testing, or if not is there any way of diagnosing why this has suddenly started occuring? Cheers. I think that what you are seeing is part of the Windows boot process rather than the POST routine, an easy way to tell would be to press/tap the F8 key when the computer is booting and see how long it takes for the advanced Windows boot options show up. Or put a second (phony) line in the boot.ini file and see how long it takes for ntldr to parse and present the boot menu. John When I tap the F8 key the (by now usual) slow clicks and whirrs continue for about 2 mins, then the white progress bar appears and continues another 2 or 3 mins, and then at last the advanced options menu appears. Choosing any option results in the correct procedure, but another 15 mins for the bar to disappear and the Windows start-up logo to kick in. Before all this began, the advanced options screen would appear within seconds. Does this indicate Windows boot routine or POST, and if so what does this indicate? If I placed a phony line in boot.ini what would the length of time tell me? Thank you very much for all your help with this. When the boot.ini file contains only one ARC path, (like most Windows installations), the boot loader (ntldr) simply parses the file and proceeds to boot the default Windows installation without presenting the user with a boot menu. When the boot.ini file contains more than one line ntldr reads the file then presents a boot menu for a certain length of time to allow the user to select which Windows installation to boot. For example: Most boot.ini files where only one Windows installation is present will look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect In the above example the file only contains one ARC path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Ntldr sees that there is only one Windows installation present so it doesn't present a boot menu and proceeds to load the default Windows installation. If we were to add a second "phony" installation ntldr would pause to allow the user to select which Windows installation to boot, the boot.ini file could look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect When seeing more than one ARC path lines ntldr will now pause when the computer is booted and it will present the user with a boot menu allowing the user to select one of the following: Microsoft Windows XP Professional Phony Windows If no selection is made after the timeout= time ntldr will load the default= operating system. With the above boot.ini file, if no selection is made, after 30 seconds ntldr will load the multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one labeled "Microsoft Windows XP Professional". The stuff between the quotation marks is for human eyes only, what you see on the boot menu, so the above "Phony Windows" line is valid, you will see Phony Windows as a boot option. This is simply an option that allows you to gauge how much time it takes for the BIOS to do it's stuff and load the MBR and then pass the boot process to the boot sector of the active partition which then in turns passes the boot process to the ntldr boot loader, only then (when the boot sector passes the boot process to the boot loader) is Windows involved, anything prior to that has nothing to do with Windows. So what does all of this do? It simply allows one to gauge the time at which Windows actually becomes involved in the boot process, it can sometimes be helpful if one is having difficulties determining where the boot process is at when it hangs after the POST test. Your comments that there is whirling and clicking noises doesn't sound too good, this can be a sign of a failing hard drive. A failing drive can often be difficult to boot and it can take a long time to do so. I would strongly suggest that you backup all your precious files and run disk diagnostic utility from the drive manufacturer on the disk. Another way to do a quick test is to open the box and touch the hard disk, a failing whirling and clicking drive will usually also become quite hot to the touch. John Found Boot.ini and added "phony" line. I got the phony choice after only 15 secs, so I now assume the BIOS is doing its stuff OK. There is then a wait of 2 mins till the progress bar appears (or 1min to the Advanced Options Screen if I had pressed F8, then 1 more min), then about 12 mins to the Windows XP logo, then about 4 mins till my startup programs have kicked in OK. So if it is Windows that is involved and not now the BIOS or the POST, what can suddenly be causing this huge delay of 14 mins?? Any more help greatly appreciated. Now it becomes a sleuthing exercise! How long does it take the machine to boot in Safe-Mode? John It takes the same time,with same progress bar. I have just tried going through msconfig and starting with *only* System Services and Original boot.ini, and all other services disabled, but that makes no differenve either!Is the progress bar a part of ntldr, in which case how can I access ntldr itself and run some sort of diagnostic? The problem is not with ntldr and the progress bar is just a graphic display while drivers are being loaded, it can be turned off with the /noguiboot switch in the boot.ini file (can be done via the boot.ini tab in msconfig). Windows loads the VGA driver to display this progress bar, there could be problems with the driver, enabling the /noguiboot switch will instruct Windows to not load the driver, it's a stretch but give it a try and see what happens, the VGA driver might be causing problems. If the same slow boot is also happening when you boot to safe mode then this is most likely a hardware problem or a problem with a boot device driver. Bootlog the Safe-Mode boot and see if you can get useful information from the bootlog. Safe-Mode loads fewer drivers so the bootlog will be smaller than the log from a normal boot, it will be easier to weed out the smaller safe mode log than that of the normal boot. The bootlog will be written to the Ntbtlog.txt file and it will be stored in the %SystemRoot% folder. How long has this problem been going on? Did you install any new hardware or update drivers before it started? Did you install any software or do any operating system updates before this started? Is the machine clean and free of any virus or other such pests? Do you have USB drives connected to the machine, or cards inserted into card readers when the machine is booting? Disconnect or power off all unnecessary external peripherals while you troubleshoot the problem. Did you change any settings in the BIOS? Resetting the BIOS to default or failsafe settings might make a difference. If you can't find any useful information from the boot log then I would suggest that you run hardware diagnostics on the machine, run a manufacturer diagnostic on the drive, chkdsk doesn't cut it when it comes to hardware problems with disks. John John - just to be clear - the white progress bar at issue is not the little blue bar that appears under the Windows XP logo when Windows finally kicks in; it is the one that appears when Windows "resumes" after re-starting from hibernation. In my case, this bar takes about 15mins to reach the halfway point, then disappears and the Windows logo appears and all is as before (OK). If I start from hibernation (I have just discovered),when the screen comes alive that progress bar is already half-filled and Windows starts normally to previous state.I will do a safe-mode bootlog, add noguiboot, disconnect all peripherals and see what happens. The problem has been with me about 2 months, but no, as far as I can remember, I hadn't just installed/updated anything, and yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the BIOS. I will continue to let you know how I get on, but thank you so much for all your efforts so far. Richard. To update - safe mode bootlog gave a huge list of drivers that did not start (as expected)but no better speed. Noguiboot prevented the white bar from appearing but did not speed anything up. One thing - the Alternative options screen appeared almost immediately after pressing F8, whereas last time it took about 90 secs. But after that, same old problem. I did a normal start with bootlogging and all drivers loaded apart from the following: NDProxy.sys, lbrtfdc.sys, fdc.sys, flpydisk.sys, sfloppy.sys (I don't have a floppy drive) i20mgmt.sys, Changer.sys, cdaudio.sys, processr.sys, PCIDump.sys, avg2k.sys, rdbss.sys, mrxsmbr.sys, Serial.sys and ipnat.sys. I don't know what any of these do but "processr.sys" sounds a bit dire!? While watching the safe-mode boot I noticed that all the drivers loading information appeared one after the other very slowly, rather than in a blur as I seem to remember from some time before. Could it be that my drivers are initialising one at a time rather than synchronously, and how would I rectify it if so?? Difficult to say, the load order of the drivers is determined by which service group they belong to and the group load order, I don't know of any way to change the the group load order. If all the drivers are loading very slowly I'm being lead to believe that there is a problem with the hard drive or with the controller drivers, it could be having difficulties reading the drive in the early stage of the booting process. Maybe check to make sure that the drive is not being placed in PIO mode. Other than that it could be a loose or bad cable or it could be that the drive is not properly identified in the BIOS. Take a look in the Device Manager to see if anything looks amiss. In the Device Manager verify the computer type to see if it is listed as an ACPI type PC. At this juncture I would need to have the machine at my hands to try to solve the problem, I don't have any solid advice to give, just general suggestions and guesswork! If you have a spare hard disk maybe you could try setting up a new Windows installation and see how well it runs. If the drive passes all manufacturer tests then I would probably do an in-place upgrade (reinstallation) of the operating system to force a reenumeration of the Plug and Play devices and the hardware abstraction layer (HAL). John You can install a free hard drive investigating software and see if it helps try http://www.hdsentinel.com/ Thanks for that link -HDS reports disk health at 5% and critical, so that sounds like it is the culprit. Thanks again. Richard |
Ads |
#32
|
|||
|
|||
Missing boot-start driver bthex.dll
On 27/06/2010 13:30, John John - MVP wrote:
Richard wrote: On 25/06/2010 13:45, Richard wrote: On 25/06/2010 12:59, John John - MVP wrote: Richard wrote: On 24/06/2010 22:37, John John - MVP wrote: Richard wrote: On 24/06/2010 18:31, John John - MVP wrote: Richard wrote: On 24/06/2010 17:22, John John - MVP wrote: Richard wrote: On 24/06/2010 15:09, John John - MVP wrote: John John - MVP wrote: Richard wrote: On 24/06/2010 14:13, John John - MVP wrote: Richard wrote: On 24/06/2010 13:20, John John - MVP wrote: Richard wrote: (This may be repeated....if so, sorry!)When I start my computer (with Win XP Home SP3 installed), just after the BIOS info screen and before Windows even kicks in, I get a white progress bar at the bottom of the screen that fills up over about 20 minutes before the usual Windows logo/start screen appears. Looking at the event viewer for the System I find that "boot-start or system-start driver "bthex" was not found. Looking in the Registry indicates that bthex is expected to be found in Win\System32\Drivers. It is not there, so something has suddenly deleted\renamed it or something. I have put my installation DVD in the drive and tried a repair but this driver cannot be located there, and I have googled for it but with no luck. Can anyone suggest where I might find this system file, or maybe even search for it on their own Syste32 folder and make it available to me?? Many thanks for any help in advance. If it's a driver it would be a .sys file (not a .dll). A search for this file yields no results, often an indication that the file is virus or malware related. I would suggest that you make sure that the machine is free of any pests. Where *exactly* in the registry did you find reference to this file? It could be that your Anti-Virus tools have removed an infection and that the entry is just a remnant. John Appears at HKLM/System/ControlSet001(and 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which I am not allowed to edit: also at ditto\controlset001 (and 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these references, could that help?? Is it in the CurrentControlSet? Look for phantom devices in the Device Manager and see if any make mention this BTHEX driver: Device Manager does not display devices that are not connected to the Windows XP-based computer http://support.microsoft.com/kb/315539 This little batch file will automatically set the Device Manager to show phantom devices and open it for you: ---------------------------------------------------- set devmgr_show_nonpresent_devices-1 start devmgmt.msc ---------------------------------------------------- You cannot delete the keys in the Enum section because you do not have permission to do so, grant yourself the necessary permissions and you will be able to remove the keys. Before you do that keep in mind that there is a good reason why only the System account has permission to delete keys in the in the \Enum branch! It would be best to remove the device in the Device Manager instead of removing it from the Enum keys. Before you change the permissions and delete keys please read the following: Enum http://technet.microsoft.com/en-ca/l.../cc976176.aspx System and Startup Settings http://technet.microsoft.com/en-us/l.../bb742541.aspx HKEY_LOCAL_MACHINE\SYSTEM\Select http://technet.microsoft.com/en-ca/l.../cc978528.aspx John Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. No mention in Device Manager, or after running your batch file. I won't try to meddle with Enum, but how do I grant myself permission if I did want to?? I will read the articles you mention, but since this is the file that is causing my 20 min startup delay, ex-infection or otherwise - how do I get rid of my system searching for it?? Thanks again. The registry permissions are just like regular NTFS file permissions, just right click on the offending key and select Permissions... If you are convinced that this is the culprit and if you cannot remove the device from the Device Manager then just grant yourself full control on the key and delete it. For the time being remove it in the CurrentControlSet only! If the Windows installation balks at its removal (when you reboot) just boot to the Last Known Good Configuration. PS. The problem is more likely to be caused by the status of the service in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es branch, I suggest that you remove or disable the service there. To disable the service set its Start value to 4. John Well, Having deleted it from the CurrentControlSet and rebooted, the problem is still there, but Event Viewer no longer reports a problem in looking for bthex. So I presume bthex, whatever it is, is *not* the reason for my slow progress bar in booting up. Any ideas as to what it might now be? Could it be something to do with Power On Self Testing, or if not is there any way of diagnosing why this has suddenly started occuring? Cheers. I think that what you are seeing is part of the Windows boot process rather than the POST routine, an easy way to tell would be to press/tap the F8 key when the computer is booting and see how long it takes for the advanced Windows boot options show up. Or put a second (phony) line in the boot.ini file and see how long it takes for ntldr to parse and present the boot menu. John When I tap the F8 key the (by now usual) slow clicks and whirrs continue for about 2 mins, then the white progress bar appears and continues another 2 or 3 mins, and then at last the advanced options menu appears. Choosing any option results in the correct procedure, but another 15 mins for the bar to disappear and the Windows start-up logo to kick in. Before all this began, the advanced options screen would appear within seconds. Does this indicate Windows boot routine or POST, and if so what does this indicate? If I placed a phony line in boot.ini what would the length of time tell me? Thank you very much for all your help with this. When the boot.ini file contains only one ARC path, (like most Windows installations), the boot loader (ntldr) simply parses the file and proceeds to boot the default Windows installation without presenting the user with a boot menu. When the boot.ini file contains more than one line ntldr reads the file then presents a boot menu for a certain length of time to allow the user to select which Windows installation to boot. For example: Most boot.ini files where only one Windows installation is present will look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect In the above example the file only contains one ARC path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Ntldr sees that there is only one Windows installation present so it doesn't present a boot menu and proceeds to load the default Windows installation. If we were to add a second "phony" installation ntldr would pause to allow the user to select which Windows installation to boot, the boot.ini file could look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect When seeing more than one ARC path lines ntldr will now pause when the computer is booted and it will present the user with a boot menu allowing the user to select one of the following: Microsoft Windows XP Professional Phony Windows If no selection is made after the timeout= time ntldr will load the default= operating system. With the above boot.ini file, if no selection is made, after 30 seconds ntldr will load the multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one labeled "Microsoft Windows XP Professional". The stuff between the quotation marks is for human eyes only, what you see on the boot menu, so the above "Phony Windows" line is valid, you will see Phony Windows as a boot option. This is simply an option that allows you to gauge how much time it takes for the BIOS to do it's stuff and load the MBR and then pass the boot process to the boot sector of the active partition which then in turns passes the boot process to the ntldr boot loader, only then (when the boot sector passes the boot process to the boot loader) is Windows involved, anything prior to that has nothing to do with Windows. So what does all of this do? It simply allows one to gauge the time at which Windows actually becomes involved in the boot process, it can sometimes be helpful if one is having difficulties determining where the boot process is at when it hangs after the POST test. Your comments that there is whirling and clicking noises doesn't sound too good, this can be a sign of a failing hard drive. A failing drive can often be difficult to boot and it can take a long time to do so. I would strongly suggest that you backup all your precious files and run disk diagnostic utility from the drive manufacturer on the disk. Another way to do a quick test is to open the box and touch the hard disk, a failing whirling and clicking drive will usually also become quite hot to the touch. John Found Boot.ini and added "phony" line. I got the phony choice after only 15 secs, so I now assume the BIOS is doing its stuff OK. There is then a wait of 2 mins till the progress bar appears (or 1min to the Advanced Options Screen if I had pressed F8, then 1 more min), then about 12 mins to the Windows XP logo, then about 4 mins till my startup programs have kicked in OK. So if it is Windows that is involved and not now the BIOS or the POST, what can suddenly be causing this huge delay of 14 mins?? Any more help greatly appreciated. Now it becomes a sleuthing exercise! How long does it take the machine to boot in Safe-Mode? John It takes the same time,with same progress bar. I have just tried going through msconfig and starting with *only* System Services and Original boot.ini, and all other services disabled, but that makes no differenve either!Is the progress bar a part of ntldr, in which case how can I access ntldr itself and run some sort of diagnostic? The problem is not with ntldr and the progress bar is just a graphic display while drivers are being loaded, it can be turned off with the /noguiboot switch in the boot.ini file (can be done via the boot.ini tab in msconfig). Windows loads the VGA driver to display this progress bar, there could be problems with the driver, enabling the /noguiboot switch will instruct Windows to not load the driver, it's a stretch but give it a try and see what happens, the VGA driver might be causing problems. If the same slow boot is also happening when you boot to safe mode then this is most likely a hardware problem or a problem with a boot device driver. Bootlog the Safe-Mode boot and see if you can get useful information from the bootlog. Safe-Mode loads fewer drivers so the bootlog will be smaller than the log from a normal boot, it will be easier to weed out the smaller safe mode log than that of the normal boot. The bootlog will be written to the Ntbtlog.txt file and it will be stored in the %SystemRoot% folder. How long has this problem been going on? Did you install any new hardware or update drivers before it started? Did you install any software or do any operating system updates before this started? Is the machine clean and free of any virus or other such pests? Do you have USB drives connected to the machine, or cards inserted into card readers when the machine is booting? Disconnect or power off all unnecessary external peripherals while you troubleshoot the problem. Did you change any settings in the BIOS? Resetting the BIOS to default or failsafe settings might make a difference. If you can't find any useful information from the boot log then I would suggest that you run hardware diagnostics on the machine, run a manufacturer diagnostic on the drive, chkdsk doesn't cut it when it comes to hardware problems with disks. John John - just to be clear - the white progress bar at issue is not the little blue bar that appears under the Windows XP logo when Windows finally kicks in; it is the one that appears when Windows "resumes" after re-starting from hibernation. In my case, this bar takes about 15mins to reach the halfway point, then disappears and the Windows logo appears and all is as before (OK). If I start from hibernation (I have just discovered),when the screen comes alive that progress bar is already half-filled and Windows starts normally to previous state.I will do a safe-mode bootlog, add noguiboot, disconnect all peripherals and see what happens. The problem has been with me about 2 months, but no, as far as I can remember, I hadn't just installed/updated anything, and yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the BIOS. I will continue to let you know how I get on, but thank you so much for all your efforts so far. Richard. To update - safe mode bootlog gave a huge list of drivers that did not start (as expected)but no better speed. Noguiboot prevented the white bar from appearing but did not speed anything up. One thing - the Alternative options screen appeared almost immediately after pressing F8, whereas last time it took about 90 secs. But after that, same old problem. I did a normal start with bootlogging and all drivers loaded apart from the following: NDProxy.sys, lbrtfdc.sys, fdc.sys, flpydisk.sys, sfloppy.sys (I don't have a floppy drive) i20mgmt.sys, Changer.sys, cdaudio.sys, processr.sys, PCIDump.sys, avg2k.sys, rdbss.sys, mrxsmbr.sys, Serial.sys and ipnat.sys. I don't know what any of these do but "processr.sys" sounds a bit dire!? While watching the safe-mode boot I noticed that all the drivers loading information appeared one after the other very slowly, rather than in a blur as I seem to remember from some time before. Could it be that my drivers are initialising one at a time rather than synchronously, and how would I rectify it if so?? Difficult to say, the load order of the drivers is determined by which service group they belong to and the group load order, I don't know of any way to change the the group load order. If all the drivers are loading very slowly I'm being lead to believe that there is a problem with the hard drive or with the controller drivers, it could be having difficulties reading the drive in the early stage of the booting process. Maybe check to make sure that the drive is not being placed in PIO mode. Other than that it could be a loose or bad cable or it could be that the drive is not properly identified in the BIOS. Take a look in the Device Manager to see if anything looks amiss. In the Device Manager verify the computer type to see if it is listed as an ACPI type PC. At this juncture I would need to have the machine at my hands to try to solve the problem, I don't have any solid advice to give, just general suggestions and guesswork! If you have a spare hard disk maybe you could try setting up a new Windows installation and see how well it runs. If the drive passes all manufacturer tests then I would probably do an in-place upgrade (reinstallation) of the operating system to force a reenumeration of the Plug and Play devices and the hardware abstraction layer (HAL). John In Device Manager my SM Bus Controller has a red cross against it, and apparently the driver is not installed, but this problem was there before this slow boot problem started up. It is listed as an ACPI type Uniprocessor PC. I think the problem is to do with the hard disk beginning to fail - unfortunately I have just tried to copy all my data etc to an external drive, but Windows is now refusing to see the drive at all! Thanks for all your help. Richard |
#33
|
|||
|
|||
Missing boot-start driver bthex.dll
Richard wrote:
On 27/06/2010 13:30, John John - MVP wrote: Richard wrote: On 25/06/2010 13:45, Richard wrote: On 25/06/2010 12:59, John John - MVP wrote: Richard wrote: On 24/06/2010 22:37, John John - MVP wrote: Richard wrote: On 24/06/2010 18:31, John John - MVP wrote: Richard wrote: On 24/06/2010 17:22, John John - MVP wrote: Richard wrote: On 24/06/2010 15:09, John John - MVP wrote: John John - MVP wrote: Richard wrote: On 24/06/2010 14:13, John John - MVP wrote: Richard wrote: On 24/06/2010 13:20, John John - MVP wrote: Richard wrote: (This may be repeated....if so, sorry!)When I start my computer (with Win XP Home SP3 installed), just after the BIOS info screen and before Windows even kicks in, I get a white progress bar at the bottom of the screen that fills up over about 20 minutes before the usual Windows logo/start screen appears. Looking at the event viewer for the System I find that "boot-start or system-start driver "bthex" was not found. Looking in the Registry indicates that bthex is expected to be found in Win\System32\Drivers. It is not there, so something has suddenly deleted\renamed it or something. I have put my installation DVD in the drive and tried a repair but this driver cannot be located there, and I have googled for it but with no luck. Can anyone suggest where I might find this system file, or maybe even search for it on their own Syste32 folder and make it available to me?? Many thanks for any help in advance. If it's a driver it would be a .sys file (not a .dll). A search for this file yields no results, often an indication that the file is virus or malware related. I would suggest that you make sure that the machine is free of any pests. Where *exactly* in the registry did you find reference to this file? It could be that your Anti-Virus tools have removed an infection and that the entry is just a remnant. John Appears at HKLM/System/ControlSet001(and 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which I am not allowed to edit: also at ditto\controlset001 (and 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these references, could that help?? Is it in the CurrentControlSet? Look for phantom devices in the Device Manager and see if any make mention this BTHEX driver: Device Manager does not display devices that are not connected to the Windows XP-based computer http://support.microsoft.com/kb/315539 This little batch file will automatically set the Device Manager to show phantom devices and open it for you: ---------------------------------------------------- set devmgr_show_nonpresent_devices-1 start devmgmt.msc ---------------------------------------------------- You cannot delete the keys in the Enum section because you do not have permission to do so, grant yourself the necessary permissions and you will be able to remove the keys. Before you do that keep in mind that there is a good reason why only the System account has permission to delete keys in the in the \Enum branch! It would be best to remove the device in the Device Manager instead of removing it from the Enum keys. Before you change the permissions and delete keys please read the following: Enum http://technet.microsoft.com/en-ca/l.../cc976176.aspx System and Startup Settings http://technet.microsoft.com/en-us/l.../bb742541.aspx HKEY_LOCAL_MACHINE\SYSTEM\Select http://technet.microsoft.com/en-ca/l.../cc978528.aspx John Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. No mention in Device Manager, or after running your batch file. I won't try to meddle with Enum, but how do I grant myself permission if I did want to?? I will read the articles you mention, but since this is the file that is causing my 20 min startup delay, ex-infection or otherwise - how do I get rid of my system searching for it?? Thanks again. The registry permissions are just like regular NTFS file permissions, just right click on the offending key and select Permissions... If you are convinced that this is the culprit and if you cannot remove the device from the Device Manager then just grant yourself full control on the key and delete it. For the time being remove it in the CurrentControlSet only! If the Windows installation balks at its removal (when you reboot) just boot to the Last Known Good Configuration. PS. The problem is more likely to be caused by the status of the service in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es branch, I suggest that you remove or disable the service there. To disable the service set its Start value to 4. John Well, Having deleted it from the CurrentControlSet and rebooted, the problem is still there, but Event Viewer no longer reports a problem in looking for bthex. So I presume bthex, whatever it is, is *not* the reason for my slow progress bar in booting up. Any ideas as to what it might now be? Could it be something to do with Power On Self Testing, or if not is there any way of diagnosing why this has suddenly started occuring? Cheers. I think that what you are seeing is part of the Windows boot process rather than the POST routine, an easy way to tell would be to press/tap the F8 key when the computer is booting and see how long it takes for the advanced Windows boot options show up. Or put a second (phony) line in the boot.ini file and see how long it takes for ntldr to parse and present the boot menu. John When I tap the F8 key the (by now usual) slow clicks and whirrs continue for about 2 mins, then the white progress bar appears and continues another 2 or 3 mins, and then at last the advanced options menu appears. Choosing any option results in the correct procedure, but another 15 mins for the bar to disappear and the Windows start-up logo to kick in. Before all this began, the advanced options screen would appear within seconds. Does this indicate Windows boot routine or POST, and if so what does this indicate? If I placed a phony line in boot.ini what would the length of time tell me? Thank you very much for all your help with this. When the boot.ini file contains only one ARC path, (like most Windows installations), the boot loader (ntldr) simply parses the file and proceeds to boot the default Windows installation without presenting the user with a boot menu. When the boot.ini file contains more than one line ntldr reads the file then presents a boot menu for a certain length of time to allow the user to select which Windows installation to boot. For example: Most boot.ini files where only one Windows installation is present will look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect In the above example the file only contains one ARC path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Ntldr sees that there is only one Windows installation present so it doesn't present a boot menu and proceeds to load the default Windows installation. If we were to add a second "phony" installation ntldr would pause to allow the user to select which Windows installation to boot, the boot.ini file could look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect When seeing more than one ARC path lines ntldr will now pause when the computer is booted and it will present the user with a boot menu allowing the user to select one of the following: Microsoft Windows XP Professional Phony Windows If no selection is made after the timeout= time ntldr will load the default= operating system. With the above boot.ini file, if no selection is made, after 30 seconds ntldr will load the multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one labeled "Microsoft Windows XP Professional". The stuff between the quotation marks is for human eyes only, what you see on the boot menu, so the above "Phony Windows" line is valid, you will see Phony Windows as a boot option. This is simply an option that allows you to gauge how much time it takes for the BIOS to do it's stuff and load the MBR and then pass the boot process to the boot sector of the active partition which then in turns passes the boot process to the ntldr boot loader, only then (when the boot sector passes the boot process to the boot loader) is Windows involved, anything prior to that has nothing to do with Windows. So what does all of this do? It simply allows one to gauge the time at which Windows actually becomes involved in the boot process, it can sometimes be helpful if one is having difficulties determining where the boot process is at when it hangs after the POST test. Your comments that there is whirling and clicking noises doesn't sound too good, this can be a sign of a failing hard drive. A failing drive can often be difficult to boot and it can take a long time to do so. I would strongly suggest that you backup all your precious files and run disk diagnostic utility from the drive manufacturer on the disk. Another way to do a quick test is to open the box and touch the hard disk, a failing whirling and clicking drive will usually also become quite hot to the touch. John Found Boot.ini and added "phony" line. I got the phony choice after only 15 secs, so I now assume the BIOS is doing its stuff OK. There is then a wait of 2 mins till the progress bar appears (or 1min to the Advanced Options Screen if I had pressed F8, then 1 more min), then about 12 mins to the Windows XP logo, then about 4 mins till my startup programs have kicked in OK. So if it is Windows that is involved and not now the BIOS or the POST, what can suddenly be causing this huge delay of 14 mins?? Any more help greatly appreciated. Now it becomes a sleuthing exercise! How long does it take the machine to boot in Safe-Mode? John It takes the same time,with same progress bar. I have just tried going through msconfig and starting with *only* System Services and Original boot.ini, and all other services disabled, but that makes no differenve either!Is the progress bar a part of ntldr, in which case how can I access ntldr itself and run some sort of diagnostic? The problem is not with ntldr and the progress bar is just a graphic display while drivers are being loaded, it can be turned off with the /noguiboot switch in the boot.ini file (can be done via the boot.ini tab in msconfig). Windows loads the VGA driver to display this progress bar, there could be problems with the driver, enabling the /noguiboot switch will instruct Windows to not load the driver, it's a stretch but give it a try and see what happens, the VGA driver might be causing problems. If the same slow boot is also happening when you boot to safe mode then this is most likely a hardware problem or a problem with a boot device driver. Bootlog the Safe-Mode boot and see if you can get useful information from the bootlog. Safe-Mode loads fewer drivers so the bootlog will be smaller than the log from a normal boot, it will be easier to weed out the smaller safe mode log than that of the normal boot. The bootlog will be written to the Ntbtlog.txt file and it will be stored in the %SystemRoot% folder. How long has this problem been going on? Did you install any new hardware or update drivers before it started? Did you install any software or do any operating system updates before this started? Is the machine clean and free of any virus or other such pests? Do you have USB drives connected to the machine, or cards inserted into card readers when the machine is booting? Disconnect or power off all unnecessary external peripherals while you troubleshoot the problem. Did you change any settings in the BIOS? Resetting the BIOS to default or failsafe settings might make a difference. If you can't find any useful information from the boot log then I would suggest that you run hardware diagnostics on the machine, run a manufacturer diagnostic on the drive, chkdsk doesn't cut it when it comes to hardware problems with disks. John John - just to be clear - the white progress bar at issue is not the little blue bar that appears under the Windows XP logo when Windows finally kicks in; it is the one that appears when Windows "resumes" after re-starting from hibernation. In my case, this bar takes about 15mins to reach the halfway point, then disappears and the Windows logo appears and all is as before (OK). If I start from hibernation (I have just discovered),when the screen comes alive that progress bar is already half-filled and Windows starts normally to previous state.I will do a safe-mode bootlog, add noguiboot, disconnect all peripherals and see what happens. The problem has been with me about 2 months, but no, as far as I can remember, I hadn't just installed/updated anything, and yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the BIOS. I will continue to let you know how I get on, but thank you so much for all your efforts so far. Richard. To update - safe mode bootlog gave a huge list of drivers that did not start (as expected)but no better speed. Noguiboot prevented the white bar from appearing but did not speed anything up. One thing - the Alternative options screen appeared almost immediately after pressing F8, whereas last time it took about 90 secs. But after that, same old problem. I did a normal start with bootlogging and all drivers loaded apart from the following: NDProxy.sys, lbrtfdc.sys, fdc.sys, flpydisk.sys, sfloppy.sys (I don't have a floppy drive) i20mgmt.sys, Changer.sys, cdaudio.sys, processr.sys, PCIDump.sys, avg2k.sys, rdbss.sys, mrxsmbr.sys, Serial.sys and ipnat.sys. I don't know what any of these do but "processr.sys" sounds a bit dire!? While watching the safe-mode boot I noticed that all the drivers loading information appeared one after the other very slowly, rather than in a blur as I seem to remember from some time before. Could it be that my drivers are initialising one at a time rather than synchronously, and how would I rectify it if so?? Difficult to say, the load order of the drivers is determined by which service group they belong to and the group load order, I don't know of any way to change the the group load order. If all the drivers are loading very slowly I'm being lead to believe that there is a problem with the hard drive or with the controller drivers, it could be having difficulties reading the drive in the early stage of the booting process. Maybe check to make sure that the drive is not being placed in PIO mode. Other than that it could be a loose or bad cable or it could be that the drive is not properly identified in the BIOS. Take a look in the Device Manager to see if anything looks amiss. In the Device Manager verify the computer type to see if it is listed as an ACPI type PC. At this juncture I would need to have the machine at my hands to try to solve the problem, I don't have any solid advice to give, just general suggestions and guesswork! If you have a spare hard disk maybe you could try setting up a new Windows installation and see how well it runs. If the drive passes all manufacturer tests then I would probably do an in-place upgrade (reinstallation) of the operating system to force a reenumeration of the Plug and Play devices and the hardware abstraction layer (HAL). John In Device Manager my SM Bus Controller has a red cross against it, and apparently the driver is not installed, but this problem was there before this slow boot problem started up. It is listed as an ACPI type Uniprocessor PC. I think the problem is to do with the hard disk beginning to fail - unfortunately I have just tried to copy all my data etc to an external drive, but Windows is now refusing to see the drive at all! Thanks for all your help. You're welcome. As for the SM Bus Controller the drivers are usually part of the chipset drivers. John |
#34
|
|||
|
|||
Missing boot-start driver bthex.dll
Richard wrote:
On 27/06/2010 14:58, Smiles wrote: John John - MVP wrote: Richard wrote: On 25/06/2010 13:45, Richard wrote: On 25/06/2010 12:59, John John - MVP wrote: Richard wrote: On 24/06/2010 22:37, John John - MVP wrote: Richard wrote: On 24/06/2010 18:31, John John - MVP wrote: Richard wrote: On 24/06/2010 17:22, John John - MVP wrote: Richard wrote: On 24/06/2010 15:09, John John - MVP wrote: John John - MVP wrote: Richard wrote: On 24/06/2010 14:13, John John - MVP wrote: Richard wrote: On 24/06/2010 13:20, John John - MVP wrote: Richard wrote: (This may be repeated....if so, sorry!)When I start my computer (with Win XP Home SP3 installed), just after the BIOS info screen and before Windows even kicks in, I get a white progress bar at the bottom of the screen that fills up over about 20 minutes before the usual Windows logo/start screen appears. Looking at the event viewer for the System I find that "boot-start or system-start driver "bthex" was not found. Looking in the Registry indicates that bthex is expected to be found in Win\System32\Drivers. It is not there, so something has suddenly deleted\renamed it or something. I have put my installation DVD in the drive and tried a repair but this driver cannot be located there, and I have googled for it but with no luck. Can anyone suggest where I might find this system file, or maybe even search for it on their own Syste32 folder and make it available to me?? Many thanks for any help in advance. If it's a driver it would be a .sys file (not a .dll). A search for this file yields no results, often an indication that the file is virus or malware related. I would suggest that you make sure that the machine is free of any pests. Where *exactly* in the registry did you find reference to this file? It could be that your Anti-Virus tools have removed an infection and that the entry is just a remnant. John Appears at HKLM/System/ControlSet001(and 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which I am not allowed to edit: also at ditto\controlset001 (and 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these references, could that help?? Is it in the CurrentControlSet? Look for phantom devices in the Device Manager and see if any make mention this BTHEX driver: Device Manager does not display devices that are not connected to the Windows XP-based computer http://support.microsoft.com/kb/315539 This little batch file will automatically set the Device Manager to show phantom devices and open it for you: ---------------------------------------------------- set devmgr_show_nonpresent_devices-1 start devmgmt.msc ---------------------------------------------------- You cannot delete the keys in the Enum section because you do not have permission to do so, grant yourself the necessary permissions and you will be able to remove the keys. Before you do that keep in mind that there is a good reason why only the System account has permission to delete keys in the in the \Enum branch! It would be best to remove the device in the Device Manager instead of removing it from the Enum keys. Before you change the permissions and delete keys please read the following: Enum http://technet.microsoft.com/en-ca/l.../cc976176.aspx System and Startup Settings http://technet.microsoft.com/en-us/l.../bb742541.aspx HKEY_LOCAL_MACHINE\SYSTEM\Select http://technet.microsoft.com/en-ca/l.../cc978528.aspx John Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. No mention in Device Manager, or after running your batch file. I won't try to meddle with Enum, but how do I grant myself permission if I did want to?? I will read the articles you mention, but since this is the file that is causing my 20 min startup delay, ex-infection or otherwise - how do I get rid of my system searching for it?? Thanks again. The registry permissions are just like regular NTFS file permissions, just right click on the offending key and select Permissions... If you are convinced that this is the culprit and if you cannot remove the device from the Device Manager then just grant yourself full control on the key and delete it. For the time being remove it in the CurrentControlSet only! If the Windows installation balks at its removal (when you reboot) just boot to the Last Known Good Configuration. PS. The problem is more likely to be caused by the status of the service in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es branch, I suggest that you remove or disable the service there. To disable the service set its Start value to 4. John Well, Having deleted it from the CurrentControlSet and rebooted, the problem is still there, but Event Viewer no longer reports a problem in looking for bthex. So I presume bthex, whatever it is, is *not* the reason for my slow progress bar in booting up. Any ideas as to what it might now be? Could it be something to do with Power On Self Testing, or if not is there any way of diagnosing why this has suddenly started occuring? Cheers. I think that what you are seeing is part of the Windows boot process rather than the POST routine, an easy way to tell would be to press/tap the F8 key when the computer is booting and see how long it takes for the advanced Windows boot options show up. Or put a second (phony) line in the boot.ini file and see how long it takes for ntldr to parse and present the boot menu. John When I tap the F8 key the (by now usual) slow clicks and whirrs continue for about 2 mins, then the white progress bar appears and continues another 2 or 3 mins, and then at last the advanced options menu appears. Choosing any option results in the correct procedure, but another 15 mins for the bar to disappear and the Windows start-up logo to kick in. Before all this began, the advanced options screen would appear within seconds. Does this indicate Windows boot routine or POST, and if so what does this indicate? If I placed a phony line in boot.ini what would the length of time tell me? Thank you very much for all your help with this. When the boot.ini file contains only one ARC path, (like most Windows installations), the boot loader (ntldr) simply parses the file and proceeds to boot the default Windows installation without presenting the user with a boot menu. When the boot.ini file contains more than one line ntldr reads the file then presents a boot menu for a certain length of time to allow the user to select which Windows installation to boot. For example: Most boot.ini files where only one Windows installation is present will look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect In the above example the file only contains one ARC path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Ntldr sees that there is only one Windows installation present so it doesn't present a boot menu and proceeds to load the default Windows installation. If we were to add a second "phony" installation ntldr would pause to allow the user to select which Windows installation to boot, the boot.ini file could look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect When seeing more than one ARC path lines ntldr will now pause when the computer is booted and it will present the user with a boot menu allowing the user to select one of the following: Microsoft Windows XP Professional Phony Windows If no selection is made after the timeout= time ntldr will load the default= operating system. With the above boot.ini file, if no selection is made, after 30 seconds ntldr will load the multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one labeled "Microsoft Windows XP Professional". The stuff between the quotation marks is for human eyes only, what you see on the boot menu, so the above "Phony Windows" line is valid, you will see Phony Windows as a boot option. This is simply an option that allows you to gauge how much time it takes for the BIOS to do it's stuff and load the MBR and then pass the boot process to the boot sector of the active partition which then in turns passes the boot process to the ntldr boot loader, only then (when the boot sector passes the boot process to the boot loader) is Windows involved, anything prior to that has nothing to do with Windows. So what does all of this do? It simply allows one to gauge the time at which Windows actually becomes involved in the boot process, it can sometimes be helpful if one is having difficulties determining where the boot process is at when it hangs after the POST test. Your comments that there is whirling and clicking noises doesn't sound too good, this can be a sign of a failing hard drive. A failing drive can often be difficult to boot and it can take a long time to do so. I would strongly suggest that you backup all your precious files and run disk diagnostic utility from the drive manufacturer on the disk. Another way to do a quick test is to open the box and touch the hard disk, a failing whirling and clicking drive will usually also become quite hot to the touch. John Found Boot.ini and added "phony" line. I got the phony choice after only 15 secs, so I now assume the BIOS is doing its stuff OK. There is then a wait of 2 mins till the progress bar appears (or 1min to the Advanced Options Screen if I had pressed F8, then 1 more min), then about 12 mins to the Windows XP logo, then about 4 mins till my startup programs have kicked in OK. So if it is Windows that is involved and not now the BIOS or the POST, what can suddenly be causing this huge delay of 14 mins?? Any more help greatly appreciated. Now it becomes a sleuthing exercise! How long does it take the machine to boot in Safe-Mode? John It takes the same time,with same progress bar. I have just tried going through msconfig and starting with *only* System Services and Original boot.ini, and all other services disabled, but that makes no differenve either!Is the progress bar a part of ntldr, in which case how can I access ntldr itself and run some sort of diagnostic? The problem is not with ntldr and the progress bar is just a graphic display while drivers are being loaded, it can be turned off with the /noguiboot switch in the boot.ini file (can be done via the boot.ini tab in msconfig). Windows loads the VGA driver to display this progress bar, there could be problems with the driver, enabling the /noguiboot switch will instruct Windows to not load the driver, it's a stretch but give it a try and see what happens, the VGA driver might be causing problems. If the same slow boot is also happening when you boot to safe mode then this is most likely a hardware problem or a problem with a boot device driver. Bootlog the Safe-Mode boot and see if you can get useful information from the bootlog. Safe-Mode loads fewer drivers so the bootlog will be smaller than the log from a normal boot, it will be easier to weed out the smaller safe mode log than that of the normal boot. The bootlog will be written to the Ntbtlog.txt file and it will be stored in the %SystemRoot% folder. How long has this problem been going on? Did you install any new hardware or update drivers before it started? Did you install any software or do any operating system updates before this started? Is the machine clean and free of any virus or other such pests? Do you have USB drives connected to the machine, or cards inserted into card readers when the machine is booting? Disconnect or power off all unnecessary external peripherals while you troubleshoot the problem. Did you change any settings in the BIOS? Resetting the BIOS to default or failsafe settings might make a difference. If you can't find any useful information from the boot log then I would suggest that you run hardware diagnostics on the machine, run a manufacturer diagnostic on the drive, chkdsk doesn't cut it when it comes to hardware problems with disks. John John - just to be clear - the white progress bar at issue is not the little blue bar that appears under the Windows XP logo when Windows finally kicks in; it is the one that appears when Windows "resumes" after re-starting from hibernation. In my case, this bar takes about 15mins to reach the halfway point, then disappears and the Windows logo appears and all is as before (OK). If I start from hibernation (I have just discovered),when the screen comes alive that progress bar is already half-filled and Windows starts normally to previous state.I will do a safe-mode bootlog, add noguiboot, disconnect all peripherals and see what happens. The problem has been with me about 2 months, but no, as far as I can remember, I hadn't just installed/updated anything, and yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the BIOS. I will continue to let you know how I get on, but thank you so much for all your efforts so far. Richard. To update - safe mode bootlog gave a huge list of drivers that did not start (as expected)but no better speed. Noguiboot prevented the white bar from appearing but did not speed anything up. One thing - the Alternative options screen appeared almost immediately after pressing F8, whereas last time it took about 90 secs. But after that, same old problem. I did a normal start with bootlogging and all drivers loaded apart from the following: NDProxy.sys, lbrtfdc.sys, fdc.sys, flpydisk.sys, sfloppy.sys (I don't have a floppy drive) i20mgmt.sys, Changer.sys, cdaudio.sys, processr.sys, PCIDump.sys, avg2k.sys, rdbss.sys, mrxsmbr.sys, Serial.sys and ipnat.sys. I don't know what any of these do but "processr.sys" sounds a bit dire!? While watching the safe-mode boot I noticed that all the drivers loading information appeared one after the other very slowly, rather than in a blur as I seem to remember from some time before. Could it be that my drivers are initialising one at a time rather than synchronously, and how would I rectify it if so?? Difficult to say, the load order of the drivers is determined by which service group they belong to and the group load order, I don't know of any way to change the the group load order. If all the drivers are loading very slowly I'm being lead to believe that there is a problem with the hard drive or with the controller drivers, it could be having difficulties reading the drive in the early stage of the booting process. Maybe check to make sure that the drive is not being placed in PIO mode. Other than that it could be a loose or bad cable or it could be that the drive is not properly identified in the BIOS. Take a look in the Device Manager to see if anything looks amiss. In the Device Manager verify the computer type to see if it is listed as an ACPI type PC. At this juncture I would need to have the machine at my hands to try to solve the problem, I don't have any solid advice to give, just general suggestions and guesswork! If you have a spare hard disk maybe you could try setting up a new Windows installation and see how well it runs. If the drive passes all manufacturer tests then I would probably do an in-place upgrade (reinstallation) of the operating system to force a reenumeration of the Plug and Play devices and the hardware abstraction layer (HAL). John You can install a free hard drive investigating software and see if it helps try http://www.hdsentinel.com/ Thanks for that link -HDS reports disk health at 5% and critical, so that sounds like it is the culprit. Thanks again. Richard glad it worked this is a handy tool I do not have it start on boot but on my Sunday maintenance run I do run it |
#35
|
|||
|
|||
Missing boot-start driver bthex.dll
Richard wrote:
On 27/06/2010 13:30, John John - MVP wrote: Richard wrote: On 25/06/2010 13:45, Richard wrote: On 25/06/2010 12:59, John John - MVP wrote: Richard wrote: On 24/06/2010 22:37, John John - MVP wrote: Richard wrote: On 24/06/2010 18:31, John John - MVP wrote: Richard wrote: On 24/06/2010 17:22, John John - MVP wrote: Richard wrote: On 24/06/2010 15:09, John John - MVP wrote: John John - MVP wrote: Richard wrote: On 24/06/2010 14:13, John John - MVP wrote: Richard wrote: On 24/06/2010 13:20, John John - MVP wrote: Richard wrote: (This may be repeated....if so, sorry!)When I start my computer (with Win XP Home SP3 installed), just after the BIOS info screen and before Windows even kicks in, I get a white progress bar at the bottom of the screen that fills up over about 20 minutes before the usual Windows logo/start screen appears. Looking at the event viewer for the System I find that "boot-start or system-start driver "bthex" was not found. Looking in the Registry indicates that bthex is expected to be found in Win\System32\Drivers. It is not there, so something has suddenly deleted\renamed it or something. I have put my installation DVD in the drive and tried a repair but this driver cannot be located there, and I have googled for it but with no luck. Can anyone suggest where I might find this system file, or maybe even search for it on their own Syste32 folder and make it available to me?? Many thanks for any help in advance. If it's a driver it would be a .sys file (not a .dll). A search for this file yields no results, often an indication that the file is virus or malware related. I would suggest that you make sure that the machine is free of any pests. Where *exactly* in the registry did you find reference to this file? It could be that your Anti-Virus tools have removed an infection and that the entry is just a remnant. John Appears at HKLM/System/ControlSet001(and 003)/Enum/Root/LEGACY_BTHEX/NextInstance (REG_DWORD set to "1") which I am not allowed to edit: also at ditto\controlset001 (and 3)/services/bthex/ (and services/enum/explorerbars/{C4EE31})ImagePath REG_DWORD set to "system32/drivers/bthex.sys." If I delete all these references, could that help?? Is it in the CurrentControlSet? Look for phantom devices in the Device Manager and see if any make mention this BTHEX driver: Device Manager does not display devices that are not connected to the Windows XP-based computer http://support.microsoft.com/kb/315539 This little batch file will automatically set the Device Manager to show phantom devices and open it for you: ---------------------------------------------------- set devmgr_show_nonpresent_devices-1 start devmgmt.msc ---------------------------------------------------- You cannot delete the keys in the Enum section because you do not have permission to do so, grant yourself the necessary permissions and you will be able to remove the keys. Before you do that keep in mind that there is a good reason why only the System account has permission to delete keys in the in the \Enum branch! It would be best to remove the device in the Device Manager instead of removing it from the Enum keys. Before you change the permissions and delete keys please read the following: Enum http://technet.microsoft.com/en-ca/l.../cc976176.aspx System and Startup Settings http://technet.microsoft.com/en-us/l.../bb742541.aspx HKEY_LOCAL_MACHINE\SYSTEM\Select http://technet.microsoft.com/en-ca/l.../cc978528.aspx John Yes - it is in CurrentControlSet under /Enum/Root/LEGACY_BTHEX/0000. No mention in Device Manager, or after running your batch file. I won't try to meddle with Enum, but how do I grant myself permission if I did want to?? I will read the articles you mention, but since this is the file that is causing my 20 min startup delay, ex-infection or otherwise - how do I get rid of my system searching for it?? Thanks again. The registry permissions are just like regular NTFS file permissions, just right click on the offending key and select Permissions... If you are convinced that this is the culprit and if you cannot remove the device from the Device Manager then just grant yourself full control on the key and delete it. For the time being remove it in the CurrentControlSet only! If the Windows installation balks at its removal (when you reboot) just boot to the Last Known Good Configuration. PS. The problem is more likely to be caused by the status of the service in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es branch, I suggest that you remove or disable the service there. To disable the service set its Start value to 4. John Well, Having deleted it from the CurrentControlSet and rebooted, the problem is still there, but Event Viewer no longer reports a problem in looking for bthex. So I presume bthex, whatever it is, is *not* the reason for my slow progress bar in booting up. Any ideas as to what it might now be? Could it be something to do with Power On Self Testing, or if not is there any way of diagnosing why this has suddenly started occuring? Cheers. I think that what you are seeing is part of the Windows boot process rather than the POST routine, an easy way to tell would be to press/tap the F8 key when the computer is booting and see how long it takes for the advanced Windows boot options show up. Or put a second (phony) line in the boot.ini file and see how long it takes for ntldr to parse and present the boot menu. John When I tap the F8 key the (by now usual) slow clicks and whirrs continue for about 2 mins, then the white progress bar appears and continues another 2 or 3 mins, and then at last the advanced options menu appears. Choosing any option results in the correct procedure, but another 15 mins for the bar to disappear and the Windows start-up logo to kick in. Before all this began, the advanced options screen would appear within seconds. Does this indicate Windows boot routine or POST, and if so what does this indicate? If I placed a phony line in boot.ini what would the length of time tell me? Thank you very much for all your help with this. When the boot.ini file contains only one ARC path, (like most Windows installations), the boot loader (ntldr) simply parses the file and proceeds to boot the default Windows installation without presenting the user with a boot menu. When the boot.ini file contains more than one line ntldr reads the file then presents a boot menu for a certain length of time to allow the user to select which Windows installation to boot. For example: Most boot.ini files where only one Windows installation is present will look something like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect In the above example the file only contains one ARC path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Ntldr sees that there is only one Windows installation present so it doesn't present a boot menu and proceeds to load the default Windows installation. If we were to add a second "phony" installation ntldr would pause to allow the user to select which Windows installation to boot, the boot.ini file could look like this: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Phony Windows" /fastdetect When seeing more than one ARC path lines ntldr will now pause when the computer is booted and it will present the user with a boot menu allowing the user to select one of the following: Microsoft Windows XP Professional Phony Windows If no selection is made after the timeout= time ntldr will load the default= operating system. With the above boot.ini file, if no selection is made, after 30 seconds ntldr will load the multi(0)disk(0)rdisk(0)partition(1)\WINDOWS operating system, the one labeled "Microsoft Windows XP Professional". The stuff between the quotation marks is for human eyes only, what you see on the boot menu, so the above "Phony Windows" line is valid, you will see Phony Windows as a boot option. This is simply an option that allows you to gauge how much time it takes for the BIOS to do it's stuff and load the MBR and then pass the boot process to the boot sector of the active partition which then in turns passes the boot process to the ntldr boot loader, only then (when the boot sector passes the boot process to the boot loader) is Windows involved, anything prior to that has nothing to do with Windows. So what does all of this do? It simply allows one to gauge the time at which Windows actually becomes involved in the boot process, it can sometimes be helpful if one is having difficulties determining where the boot process is at when it hangs after the POST test. Your comments that there is whirling and clicking noises doesn't sound too good, this can be a sign of a failing hard drive. A failing drive can often be difficult to boot and it can take a long time to do so. I would strongly suggest that you backup all your precious files and run disk diagnostic utility from the drive manufacturer on the disk. Another way to do a quick test is to open the box and touch the hard disk, a failing whirling and clicking drive will usually also become quite hot to the touch. John Found Boot.ini and added "phony" line. I got the phony choice after only 15 secs, so I now assume the BIOS is doing its stuff OK. There is then a wait of 2 mins till the progress bar appears (or 1min to the Advanced Options Screen if I had pressed F8, then 1 more min), then about 12 mins to the Windows XP logo, then about 4 mins till my startup programs have kicked in OK. So if it is Windows that is involved and not now the BIOS or the POST, what can suddenly be causing this huge delay of 14 mins?? Any more help greatly appreciated. Now it becomes a sleuthing exercise! How long does it take the machine to boot in Safe-Mode? John It takes the same time,with same progress bar. I have just tried going through msconfig and starting with *only* System Services and Original boot.ini, and all other services disabled, but that makes no differenve either!Is the progress bar a part of ntldr, in which case how can I access ntldr itself and run some sort of diagnostic? The problem is not with ntldr and the progress bar is just a graphic display while drivers are being loaded, it can be turned off with the /noguiboot switch in the boot.ini file (can be done via the boot.ini tab in msconfig). Windows loads the VGA driver to display this progress bar, there could be problems with the driver, enabling the /noguiboot switch will instruct Windows to not load the driver, it's a stretch but give it a try and see what happens, the VGA driver might be causing problems. If the same slow boot is also happening when you boot to safe mode then this is most likely a hardware problem or a problem with a boot device driver. Bootlog the Safe-Mode boot and see if you can get useful information from the bootlog. Safe-Mode loads fewer drivers so the bootlog will be smaller than the log from a normal boot, it will be easier to weed out the smaller safe mode log than that of the normal boot. The bootlog will be written to the Ntbtlog.txt file and it will be stored in the %SystemRoot% folder. How long has this problem been going on? Did you install any new hardware or update drivers before it started? Did you install any software or do any operating system updates before this started? Is the machine clean and free of any virus or other such pests? Do you have USB drives connected to the machine, or cards inserted into card readers when the machine is booting? Disconnect or power off all unnecessary external peripherals while you troubleshoot the problem. Did you change any settings in the BIOS? Resetting the BIOS to default or failsafe settings might make a difference. If you can't find any useful information from the boot log then I would suggest that you run hardware diagnostics on the machine, run a manufacturer diagnostic on the drive, chkdsk doesn't cut it when it comes to hardware problems with disks. John John - just to be clear - the white progress bar at issue is not the little blue bar that appears under the Windows XP logo when Windows finally kicks in; it is the one that appears when Windows "resumes" after re-starting from hibernation. In my case, this bar takes about 15mins to reach the halfway point, then disappears and the Windows logo appears and all is as before (OK). If I start from hibernation (I have just discovered),when the screen comes alive that progress bar is already half-filled and Windows starts normally to previous state.I will do a safe-mode bootlog, add noguiboot, disconnect all peripherals and see what happens. The problem has been with me about 2 months, but no, as far as I can remember, I hadn't just installed/updated anything, and yes, the m/c has been examined by SuperAntiSpyware, malwarebytes and the deepest (25hour)scan by Kaspersky Anti-virus tool. I had not touched the BIOS. I will continue to let you know how I get on, but thank you so much for all your efforts so far. Richard. To update - safe mode bootlog gave a huge list of drivers that did not start (as expected)but no better speed. Noguiboot prevented the white bar from appearing but did not speed anything up. One thing - the Alternative options screen appeared almost immediately after pressing F8, whereas last time it took about 90 secs. But after that, same old problem. I did a normal start with bootlogging and all drivers loaded apart from the following: NDProxy.sys, lbrtfdc.sys, fdc.sys, flpydisk.sys, sfloppy.sys (I don't have a floppy drive) i20mgmt.sys, Changer.sys, cdaudio.sys, processr.sys, PCIDump.sys, avg2k.sys, rdbss.sys, mrxsmbr.sys, Serial.sys and ipnat.sys. I don't know what any of these do but "processr.sys" sounds a bit dire!? While watching the safe-mode boot I noticed that all the drivers loading information appeared one after the other very slowly, rather than in a blur as I seem to remember from some time before. Could it be that my drivers are initialising one at a time rather than synchronously, and how would I rectify it if so?? Difficult to say, the load order of the drivers is determined by which service group they belong to and the group load order, I don't know of any way to change the the group load order. If all the drivers are loading very slowly I'm being lead to believe that there is a problem with the hard drive or with the controller drivers, it could be having difficulties reading the drive in the early stage of the booting process. Maybe check to make sure that the drive is not being placed in PIO mode. Other than that it could be a loose or bad cable or it could be that the drive is not properly identified in the BIOS. Take a look in the Device Manager to see if anything looks amiss. In the Device Manager verify the computer type to see if it is listed as an ACPI type PC. At this juncture I would need to have the machine at my hands to try to solve the problem, I don't have any solid advice to give, just general suggestions and guesswork! If you have a spare hard disk maybe you could try setting up a new Windows installation and see how well it runs. If the drive passes all manufacturer tests then I would probably do an in-place upgrade (reinstallation) of the operating system to force a reenumeration of the Plug and Play devices and the hardware abstraction layer (HAL). John In Device Manager my SM Bus Controller has a red cross against it, and apparently the driver is not installed, but this problem was there before this slow boot problem started up. It is listed as an ACPI type Uniprocessor PC. I think the problem is to do with the hard disk beginning to fail - unfortunately I have just tried to copy all my data etc to an external drive, but Windows is now refusing to see the drive at all! Thanks for all your help. Richard why not save the drive remove it put in a replacement drive than put old drive in your external box and use it to copy data back any controller issues are bypassed I find this is best for these drives |
#36
|
|||
|
|||
Thanks for this informative discussion.It is very help full for all.Thanks
|
Thread Tools | |
Display Modes | |
|
|