Solved XP SP3 Boot Issue

[Resolved] XP SP3 Boot Issue

Hi - for the last 2 weeks, I've been experiencing a slow boot problem. XP brings up my desktop in the normal time (about 1.5 min), but then nothing will respond for as long as 15 min. I ran Bootvis, and had one instance of fltmgr.exe running on for several minutes, but nothing else. Further iterations looked normal. I am also seeing numerous errors in the System section of event viewer indicating services that failed to start due to timeout. Here's a chkdsk log I just ran:

Checking file system on C:
The type of the file system is NTFS.
Cleaning up 30 unused index entries from index $SII of file 0x9.
Cleaning up 30 unused index entries from index $SDH of file 0x9.
Cleaning up 30 unused security descriptors.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

73184107 KB total disk space.
57667692 KB in 82945 files.
60004 KB in 8131 indexes.
0 KB in bad sectors.
215047 KB in use by the system.
65536 KB occupied by the log file.
15241364 KB available on disk.

4096 bytes in each allocation unit.

I run BitDefender, but uninstalled it to run a dds log (below), then reinstalled:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Bruce at 10:17:44.37 on Sat 02/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.642 [GMT -5:00]

FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bruce\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141256049578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
TCP: {06E66957-57A9-45B2-9C07-97EAE9ABB59F} = 208.67.222.222,208.67.220.220
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bruce\applic~1\mozilla\firefox\profiles\q62si4j5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-2-11 353680]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-30 206096]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-2-7 57344]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-10-5 13592]

=============== Created Last 30 ================

2009-01-31 20:39 <DIR> --d----- C:\560878c86d024a85bce451ec7f9e11
2009-01-31 20:38 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-31 16:16 713,426,382 a------- c:\documents and settings\bruce\TRACE_BOOT+DRIVERS_1_1.BIN
2009-01-31 13:31 142,096 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-31 10:44 5,760 -------- c:\windows\system32\1.tmp
2009-01-31 10:44 <DIR> --d----- c:\program files\Sophos
2009-01-30 18:34 <DIR> --d----- c:\program files\ACW

==================== Find3M ====================

2009-02-07 10:09 81,984 a------- c:\windows\system32\bdod.bin
2008-12-21 08:38 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-04 18:37 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-11-13 15:18 1,221,008 a------- c:\windows\system32\zpeng25.dll
2006-03-19 17:39 251 a------- c:\program files\wt3d.ini
2006-02-12 11:20 368 a------- c:\program files\Shortcut to DREAMQUEST on MAIN (Ci761155-a).lnk
2002-11-18 06:26 61,440 a------- c:\windows\inf\i386\onetUSD.dll
2002-10-24 08:29 36,864 a------- c:\windows\inf\i386\Vizmicro.dll
2002-10-24 08:28 172,032 a------- c:\windows\inf\i386\viceo.dll
2002-10-24 08:02 225,280 a------- c:\windows\inf\i386\rtscan.dll
2001-08-03 18:29 13,824 a------- c:\windows\inf\i386\Usbscan.sys
2006-02-14 11:57 104 a--shr-- c:\windows\system32\6AA71A957D.sys
2008-05-17 16:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051720080518\index.dat

============= FINISH: 10:18:43.81 ===============

Probably plenty of other options, but it's now time for some expert advice. Any thoughts?

THX

 

Thanks for the quick reply.
Here's what I've done on your suggestions:

1) I had already cleaned out all "garbage" programs (I'm kind of particular that way).
2) I removed Indexing Service, MSN Explorer, and Windows Messenger when I got this machine a few years ago, so no action needed there.
3) Almost all the services listed are either disabled or set to manual
4) I run CCleaner fairly regularly - last time was when I noticed the boot time issue a few weeks ago, but I ran it again just to be sure. Not much to clean up... just about 65mb. of temporary internet files.
5) I ran Disc Cleanup right before I ran CCleaner a few weeks ago, but ran it again just now. CCleaner had already taken care of business.
6) I ran the Windows disc defrag tool - only moderate defragmentation needed.
7) Ran the Auslogics Registry defrag - only 2.7% savings.
8) I changed the virtual memory setting to "system managed ".
9) Updates are all current, and latest IE7, Media Player 11 are installed.

This is a home computer. I'm running a Netgear WPN824 v2 wireless router along with a Dell Inspiron laptop.

Bottom line: When I rebooted, the desktop came up in the usual 1.5 minutes or so, but I got no response from anything for 18 minutes. Previously, I'd get normal responses from everything about 30 seconds after the desktop appeared. I'm stumped. I've scanned for rootkits with BitDefender (both from my desktop copy and the online version), and have also run Panda and Sophos online tools - both come up empty, so I'm moderately confident I don't have an infection. Just in case, here's a current HijackThis log from yesterday:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:12 AM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Down\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141256049578
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06E66957-57A9-45B2-9C07-97EAE9ABB59F}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{06E66957-57A9-45B2-9C07-97EAE9ABB59F}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8756 bytes

 

Hi Boomer53,

I'd like to eliminate the most suspect of causes first. See if this causes a normal logon for you. Open the Zone Alarm security center and on the Overview>Preferences tab deselect 'Load ZA when windows starts'. Reboot.

Note: This will change the True Vector Internet Monitor service startup type to manual as well as prevent the zlclient from running at startup. Start True Vector via services console (click Start>Run and type services.msc then hit enter), then zlclient via All Programs>Zone Labs

 

Hi Noahdfear:

Jackpot - As before, my desktop came up in less than 1.5 min, but this time I was able to open applications quickly only 1 minute later. Looks like the True Vector service is the culprit. Any thoughts on how to get around this and still load Zone Alarm at boot? Maybe change the order in which it loads?

Thanks very much for the suggestion - Zone Alarm would never have gotten onto my suspect list.

 

Glad we hit a jackpot on the first attempt rather than the 20th

There may well be a workaround to the problem, as I've dealt with it before. First I'd like you to refer to the links below for a bit of insight into the problem and possible cure. DO NOT act on anything just yet!

http://www.windowsbbs.com/windows-xp/69658-long-pause-boot-8.html#post378161

http://www.windowsbbs.com/windows-xp/69658-long-pause-boot-8.html#post378243

Since that topic, I've written a tool that will gather the required information as opposed to getting registry exports. Download driver_service_info and run it.
Press S then Enter for a Services report.
Press B then Enter for both Active and Inactive Services.
When prompted, press Y then Enter to gather ServiceGroup and LoadOrderGroup info.
Copy the contents of the log that opens and paste it in a reply here.


The log may be too large to fit in one post, requiring you to split it into 2.

Questions - are you comfortable with editing the registry?
What version of ZA do you have installed?

 

Noahdfear:

Here's the output from your tool...
~~~ Service Information report ~~~

Microsoft Windows XP Professional
Service Pack 3
5.1.2600

2/11/2009 6:22:12 PM


~~~Running Processes~~~

System Idle Process
PID: 0
Path:
Parent PID: 0

System
PID: 4
Path:
Parent PID: 0

smss.exe
PID: 656
Path: C:\WINDOWS\System32\smss.exe
Parent PID: 4

csrss.exe
PID: 704
Path:
Parent PID: 656

winlogon.exe
PID: 732
Path: C:\WINDOWS\system32\winlogon.exe
Parent PID: 656

services.exe
PID: 776
Path: C:\WINDOWS\system32\services.exe
Parent PID: 732

lsass.exe
PID: 788
Path: C:\WINDOWS\system32\lsass.exe
Parent PID: 732

svchost.exe
PID: 956
Path: C:\WINDOWS\system32\svchost.exe
Parent PID: 776

svchost.exe
PID: 1032
Path:
Parent PID: 776

livesrv.exe
PID: 1120
Path: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
Parent PID: 776

vsserv.exe
PID: 1152
Path: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Parent PID: 776

svchost.exe
PID: 1252
Path: C:\WINDOWS\System32\svchost.exe
Parent PID: 776

svchost.exe
PID: 1348
Path:
Parent PID: 776

svchost.exe
PID: 1448
Path:
Parent PID: 776

spoolsv.exe
PID: 1620
Path: C:\WINDOWS\system32\spoolsv.exe
Parent PID: 776

explorer.exe
PID: 1940
Path: C:\WINDOWS\Explorer.EXE
Parent PID: 1912

PRISMSVR.exe
PID: 1948
Path: C:\WINDOWS\system32\PRISMSVR.EXE
Parent PID: 1912

AppleMobileDeviceService.exe
PID: 1972
Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Parent PID: 776

mDNSResponder.exe
PID: 2012
Path: C:\Program Files\Bonjour\mDNSResponder.exe
Parent PID: 776

IAANTMon.exe
PID: 160
Path: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
Parent PID: 776

jqs.exe
PID: 320
Path: C:\Program Files\Java\jre6\bin\jqs.exe
Parent PID: 776

McSACore.exe
PID: 424
Path: C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
Parent PID: 776

tcpsvcs.exe
PID: 576
Path: C:\WINDOWS\system32\tcpsvcs.exe
Parent PID: 776

svchost.exe
PID: 592
Path: C:\WINDOWS\system32\svchost.exe
Parent PID: 776

uphclean.exe
PID: 400
Path: C:\Program Files\UPHClean\uphclean.exe
Parent PID: 776

stsystra.exe
PID: 1856
Path: C:\WINDOWS\stsystra.exe
Parent PID: 1940

IAAnotif.exe
PID: 1872
Path: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
Parent PID: 1940

IntelMEM.exe
PID: 1892
Path: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
Parent PID: 1940

bdagent.exe
PID: 2020
Path: C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
Parent PID: 1940

ctfmon.exe
PID: 2096
Path: C:\WINDOWS\system32\ctfmon.exe
Parent PID: 1940

wmpnscfg.exe
PID: 2104
Path: C:\Program Files\Windows Media Player\WMPNSCFG.exe
Parent PID: 1940

seccenter.exe
PID: 2464
Path: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Parent PID: 2020

svchost.exe
PID: 2740
Path:
Parent PID: 776

svchost.exe
PID: 2992
Path: C:\WINDOWS\System32\svchost.exe
Parent PID: 776

alg.exe
PID: 3396
Path:
Parent PID: 776

zlclient.exe
PID: 848
Path: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Parent PID: 1940

svchost.exe
PID: 2952
Path: C:\WINDOWS\System32\svchost.exe
Parent PID: 776

svchost.exe
PID: 2976
Path: C:\WINDOWS\System32\svchost.exe
Parent PID: 776

vsmon.exe
PID: 3064
Path: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Parent PID: 776

iPodService.exe
PID: 672
Path: C:\Program Files\iPod\bin\iPodService.exe
Parent PID: 776

firefox.exe
PID: 1376
Path: C:\Program Files\Mozilla Firefox\firefox.exe
Parent PID: 1940

OUTLOOK.EXE
PID: 2260
Path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Parent PID: 1940

driver_service_info.exe
PID: 2480
Path: C:\Down\driver_service_info.exe
Parent PID: 1940

cmd.exe
PID: 3228
Path: C:\WINDOWS\system32\cmd.exe
Parent PID: 2480

wmiprvse.exe
PID: 3896
Path:
Parent PID: 956

cscript.exe
PID: 3904
Path: C:\WINDOWS\system32\cscript.exe
Parent PID: 3228

findstr.exe
PID: 3760
Path: C:\WINDOWS\system32\findstr.exe
Parent PID: 3228


~~~Running Services by PID~~~

PID: 3396
Application Layer Gateway Service
PID: 1972
Apple Mobile Device
PID: 1252
Windows Audio
Computer Browser
Cryptographic Services
DHCP Client
Logical Disk Manager
COM+ Event System
Help and Support
HID Input Service
Server
Workstation
Network Connections
Network Location Awareness (NLA)
Removable Storage
Task Scheduler
Secondary Logon
System Event Notification
Windows Firewall/Internet Connection Sharing (ICS)
Shell Hardware Detection
System Restore Service
Themes
Distributed Link Tracking Client
Windows Time
Windows Management Instrumentation
Security Center
Automatic Updates
Wireless Zero Configuration
PID: 2012
Bonjour Service
PID: 956
DCOM Server Process Launcher
Terminal Services
PID: 1348
DNS Client
PID: 2976
Wired AutoConfig
PID: 2952
Extensible Authentication Protocol Service
PID: 776
Event Log
Plug and Play
PID: 2992
HTTP SSL
PID: 160
Intel(R) Matrix Storage Event Monitor
PID: 672
iPod Service
PID: 320
Java Quick Starter
PID: 1120
BitDefender Desktop Update Service
PID: 1448
TCP/IP NetBIOS Helper
Universal Plug and Play Device Host
PID: 424
McAfee SiteAdvisor Service
PID: 788
IPSEC Services
Protected Storage
Security Accounts Manager
PID: 1032
Remote Procedure Call (RPC)
PID: 576
Simple TCP/IP Services
PID: 1620
Print Spooler
PID: 2740
SSDP Discovery Service
PID: 592
Windows Image Acquisition (WIA)
PID: 400
User Profile Hive Cleanup
PID: 3064
TrueVector Internet Monitor
PID: 1152
BitDefender Virus Shield


~~~Running Services Configuration~~~

PID: 3396
Service: ALG
Displayed: Application Layer Gateway Service
Image: C:\WINDOWS\System32\alg.exe
Start Mode: Manual

PID: 1972
Service: Apple Mobile Device
Displayed: Apple Mobile Device
Image: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "
Start Mode: Auto

PID: 1252
Service: AudioSrv
Displayed: Windows Audio
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 2012
Service: Bonjour Service
Displayed: Bonjour Service
Image: "C:\Program Files\Bonjour\mDNSResponder.exe "
Start Mode: Auto

PID: 1252
Service: Browser
Displayed: Computer Browser
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: CryptSvc
Displayed: Cryptographic Services
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 956
Service: DcomLaunch
Displayed: DCOM Server Process Launcher
Image: C:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto

PID: 1252
Service: Dhcp
Displayed: DHCP Client
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: dmserver
Displayed: Logical Disk Manager
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1348
Service: Dnscache
Displayed: DNS Client
Image: C:\WINDOWS\system32\svchost.exe -k NetworkService
Start Mode: Auto

PID: 2976
Service: Dot3svc
Displayed: Wired AutoConfig
Image: C:\WINDOWS\System32\svchost.exe -k dot3svc
Start Mode: Manual

PID: 2952
Service: EapHost
Displayed: Extensible Authentication Protocol Service
Image: C:\WINDOWS\System32\svchost.exe -k eapsvcs
Start Mode: Manual

PID: 776
Service: Eventlog
Displayed: Event Log
Image: C:\WINDOWS\system32\services.exe
Start Mode: Auto

PID: 1252
Service: EventSystem
Displayed: COM+ Event System
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

PID: 1252
Service: helpsvc
Displayed: Help and Support
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: HidServ
Displayed: HID Input Service
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 2992
Service: HTTPFilter
Displayed: HTTP SSL
Image: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual

PID: 160
Service: IAANTMon
Displayed: Intel(R) Matrix Storage Event Monitor
Image: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
Start Mode: Auto

PID: 672
Service: iPod Service
Displayed: iPod Service
Image: "C:\Program Files\iPod\bin\iPodService.exe "
Start Mode: Manual

PID: 320
Service: JavaQuickStarterService
Displayed: Java Quick Starter
Image: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf "
Start Mode: Auto

PID: 1252
Service: lanmanserver
Displayed: Server
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: lanmanworkstation
Displayed: Workstation
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1120
Service: LIVESRV
Displayed: BitDefender Desktop Update Service
Image: "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service
Start Mode: Auto

PID: 1448
Service: LmHosts
Displayed: TCP/IP NetBIOS Helper
Image: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto

PID: 424
Service: McAfee SiteAdvisor Service
Displayed: McAfee SiteAdvisor Service
Image: "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe "
Start Mode: Auto

PID: 1252
Service: Netman
Displayed: Network Connections
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

PID: 1252
Service: Nla
Displayed: Network Location Awareness (NLA)
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

PID: 1252
Service: NtmsSvc
Displayed: Removable Storage
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 776
Service: PlugPlay
Displayed: Plug and Play
Image: C:\WINDOWS\system32\services.exe
Start Mode: Auto

PID: 788
Service: PolicyAgent
Displayed: IPSEC Services
Image: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto

PID: 788
Service: ProtectedStorage
Displayed: Protected Storage
Image: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto

PID: 1032
Service: RpcSs
Displayed: Remote Procedure Call (RPC)
Image: C:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto

PID: 788
Service: SamSs
Displayed: Security Accounts Manager
Image: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto

PID: 1252
Service: Schedule
Displayed: Task Scheduler
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: seclogon
Displayed: Secondary Logon
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: SENS
Displayed: System Event Notification
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: SharedAccess
Displayed: Windows Firewall/Internet Connection Sharing (ICS)
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: ShellHWDetection
Displayed: Shell Hardware Detection
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 576
Service: SimpTcp
Displayed: Simple TCP/IP Services
Image: C:\WINDOWS\system32\tcpsvcs.exe
Start Mode: Auto

PID: 1620
Service: Spooler
Displayed: Print Spooler
Image: C:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto

PID: 1252
Service: srservice
Displayed: System Restore Service
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 2740
Service: SSDPSRV
Displayed: SSDP Discovery Service
Image: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual

PID: 592
Service: stisvc
Displayed: Windows Image Acquisition (WIA)
Image: C:\WINDOWS\system32\svchost.exe -k imgsvc
Start Mode: Auto

PID: 956
Service: TermService
Displayed: Terminal Services
Image: C:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual

PID: 1252
Service: Themes
Displayed: Themes
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: TrkWks
Displayed: Distributed Link Tracking Client
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 400
Service: UPHClean
Displayed: User Profile Hive Cleanup
Image: C:\Program Files\UPHClean\uphclean.exe
Start Mode: Auto

PID: 1448
Service: upnphost
Displayed: Universal Plug and Play Device Host
Image: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual

PID: 3064
Service: vsmon
Displayed: TrueVector Internet Monitor
Image: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
Start Mode: Manual

PID: 1152
Service: VSSERV
Displayed: BitDefender Virus Shield
Image: "C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service
Start Mode: Auto

PID: 1252
Service: w32time
Displayed: Windows Time
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: winmgmt
Displayed: Windows Management Instrumentation
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: wscsvc
Displayed: Security Center
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: wuauserv
Displayed: Automatic Updates
Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto

PID: 1252
Service: WZCSVC
Displayed: Wireless Zero Configuration
Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto


~~~Inactive Services Configuration~~~

Service: Alerter
Displayed: Alerter
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled

Service: AppMgmt
Displayed: Application Management
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: Arrakis3
Displayed: BitDefender Arrakis Server
Path: "C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe "
Start Mode: Manual

Service: aspnet_state
Displayed: ASP.NET State Service
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Start Mode: Manual

Service: Ati HotKey Poller
Displayed: Ati HotKey Poller
Path: C:\WINDOWS\system32\Ati2evxx.exe
Start Mode: Disabled

Service: BITS
Displayed: Background Intelligent Transfer Service
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: CiSvc
Displayed: Indexing Service
Path: C:\WINDOWS\system32\cisvc.exe
Start Mode: Manual

Service: ClipSrv
Displayed: ClipBook
Path: C:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled

Service: clr_optimization_v2.0.50727_32
Displayed: .NET Runtime Optimization Service v2.0.50727_X86
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Start Mode: Manual

Service: COMSysApp
Displayed: COM+ System Application
Path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual

Service: dmadmin
Displayed: Logical Disk Manager Administrative Service
Path: C:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual

Service: DSBrokerService
Displayed: DSBrokerService
Path: "C:\Program Files\DellSupport\brkrsvc.exe "
Start Mode: Manual

Service: ELService
Displayed: Intelr Quick Resume Technology Drivers
Path: "C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe "
Start Mode: Auto

Service: ERSvc
Displayed: Error Reporting Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: FastUserSwitchingCompatibility
Displayed: Fast User Switching Compatibility
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: FontCache3.0.0.0
Displayed: Windows Presentation Foundation Font Cache 3.0.0.0
Path: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Start Mode: Manual

Service: gusvc
Displayed: Google Updater Service
Path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "
Start Mode: Manual

Service: hkmsvc
Displayed: Health Key and Certificate Management Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: idsvc
Displayed: Windows CardSpace
Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "
Start Mode: Manual

Service: ImapiService
Displayed: IMAPI CD-Burning COM Service
Path: C:\WINDOWS\system32\imapi.exe
Start Mode: Manual

Service: McrdSvc
Displayed: Media Center Extender Service
Path: C:\WINDOWS\ehome\mcrdsvc.exe
Start Mode: Disabled

Service: Messenger
Displayed: Messenger
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: MHN
Displayed: MHN
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: Microsoft Office Groove Audit Service
Displayed: Microsoft Office Groove Audit Service
Path: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "
Start Mode: Disabled

Service: mnmsrvc
Displayed: NetMeeting Remote Desktop Sharing
Path: C:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Disabled

Service: MSDTC
Displayed: Distributed Transaction Coordinator
Path: C:\WINDOWS\system32\msdtc.exe
Start Mode: Manual

Service: MSIServer
Displayed: Windows Installer
Path: C:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual

Service: napagent
Displayed: Network Access Protection Agent
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: NetDDE
Displayed: Network DDE
Path: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled

Service: NetDDEdsdm
Displayed: Network DDE DSDM
Path: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled

Service: Netlogon
Displayed: Net Logon
Path: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual

Service: NetSvc
Displayed: Intel NCS NetService
Path: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Start Mode: Manual

Service: NetTcpPortSharing
Displayed: Net.Tcp Port Sharing Service
Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe "
Start Mode: Disabled

Service: NtLmSsp
Displayed: NT LM Security Support Provider
Path: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual

Service: odserv
Displayed: Microsoft Office Diagnostics Service
Path: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "
Start Mode: Manual

Service: ose
Displayed: Office Source Engine
Path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "
Start Mode: Manual

Service: Pml Driver HPZ12
Displayed: Pml Driver HPZ12
Path: C:\WINDOWS\system32\HPZipm12.exe
Start Mode: Manual

Service: PRISMSVC
Displayed: PRISMSVC
Path: C:\WINDOWS\system32\PRISMSVC.EXE
Start Mode: Disabled

Service: RasAuto
Displayed: Remote Access Auto Connection Manager
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual

Service: RasMan
Displayed: Remote Access Connection Manager
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: RDSessMgr
Displayed: Remote Desktop Help Session Manager
Path: C:\WINDOWS\system32\sessmgr.exe
Start Mode: Disabled

Service: RemoteAccess
Displayed: Routing and Remote Access
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled

Service: RemoteRegistry
Displayed: Remote Registry
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled

Service: RpcLocator
Displayed: Remote Procedure Call (RPC) Locator
Path: C:\WINDOWS\system32\locator.exe
Start Mode: Manual

Service: RSVP
Displayed: QoS RSVP
Path: C:\WINDOWS\system32\rsvp.exe
Start Mode: Manual

Service: scan
Displayed: BitDefender Threat Scanner
Path: C:\WINDOWS\System32\svchost.exe -kbdx
Start Mode: Manual

Service: SCardSvr
Displayed: Smart Card
Path: C:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual

Service: SwPrv
Displayed: MS Software Shadow Copy Provider
Path: C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979}
Start Mode: Manual

Service: SysmonLog
Displayed: Performance Logs and Alerts
Path: C:\WINDOWS\system32\smlogsvc.exe
Start Mode: Manual

Service: TapiSrv
Displayed: Telephony
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: TlntSvr
Displayed: Telnet
Path: C:\WINDOWS\system32\tlntsvr.exe
Start Mode: Disabled

Service: UPS
Displayed: Uninterruptible Power Supply
Path: C:\WINDOWS\System32\ups.exe
Start Mode: Manual

Service: VSS
Displayed: Volume Shadow Copy
Path: C:\WINDOWS\System32\vssvc.exe
Start Mode: Manual

Service: WebClient
Displayed: WebClient
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled

Service: WinDefend
Displayed: Windows Defender
Path: "C:\Program Files\Windows Defender\MsMpEng.exe "
Start Mode: Disabled

Service: WmdmPmSN
Displayed: Portable Media Serial Number Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: Wmi
Displayed: Windows Management Instrumentation Driver Extensions
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual

Service: WmiApSrv
Displayed: WMI Performance Adapter
Path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual

Service: WMPNetworkSvc
Displayed: Windows Media Player Network Sharing Service
Path: "C:\Program Files\Windows Media Player\WMPNetwk.exe "
Start Mode: Manual

Service: WudfSvc
Displayed: Windows Driver Foundation - User-mode Driver Framework
Path: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Start Mode: Manual

Service: xmlprov
Displayed: Network Provisioning Service
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual


~~~ svchost Export ~~~

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HTTPFilter REG_MULTI_SZ
HTTPFilter
LocalService REG_MULTI_SZ
Alerter
WebClient
LmHosts
RemoteRegistry
upnphost
SSDPSRV
NetworkService REG_MULTI_SZ
DnsCache
netsvcs REG_MULTI_SZ
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
MHN
BITS
wuauserv
ShellHWDetection
WmdmPmSN
helpsvc
napagent
hkmsvc
DcomLaunch REG_MULTI_SZ
DcomLaunch
TermService
rpcss REG_MULTI_SZ
RpcSs
imgsvc REG_MULTI_SZ
StiSvc
termsvcs REG_MULTI_SZ
TermService
WudfServiceGroup REG_MULTI_SZ
WUDFSvc
eapsvcs REG_MULTI_SZ
eaphost
dot3svc REG_MULTI_SZ
dot3svc
bdx REG_MULTI_SZ
scan
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\bdx
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8


~~~ ServiceGroupOrder ~~~

System Reserved
Boot Bus Extender
System Bus Extender
SCSI miniport
Port
Primary Disk
SCSI Class
SCSI CDROM Class
FSFilter Infrastructure
FSFilter System
FSFilter Bottom
FSFilter Copy Protection
FSFilter Security Enhancer
FSFilter Open File
FSFilter Physical Quota Management
FSFilter Encryption
FSFilter Compression
FSFilter HSM
FSFilter Cluster File System
FSFilter System Recovery
FSFilter Quota Management
FSFilter Content Screener
FSFilter Continuous Backup
FSFilter Replication
FSFilter Anti-Virus
FSFilter Undelete
FSFilter Activity Monitor
FSFilter Top
Filter
Boot File System
Base
Pointer Port
Keyboard Port
Pointer Class
Keyboard Class
Video Init
Video
Video Save
File System
Event Log
Streams Drivers
NDIS Wrapper
COM Infrastructure
BitDefender
UIGroup
LocalValidation
PlugPlay
PNP_TDI
NDIS
TDI
NetBIOSGroup
ShellSvcGroup
SchedulerGroup
SpoolerGroup
AudioGroup
SmartCardGroup
NetworkProvider
RemoteValidation
NetDDEGroup
Parallel arbitrator
Extended Base
PCI Configuration
MS Transactions
PnP Filter
ASCTRM
Network
Extended base'
TrueVector Group

~~~ LoadOrderGroup Members ~~~

Service: Ati HotKey Poller
LoadOrderGroup: Event log

Service: AudioSrv
LoadOrderGroup: AudioGroup

Service: DcomLaunch
LoadOrderGroup: Event Log

Service: Dhcp
LoadOrderGroup: TDI

Service: Dnscache
LoadOrderGroup: TDI

Service: Dot3svc
LoadOrderGroup: TDI

Service: Eventlog
LoadOrderGroup: Event log

Service: EventSystem
LoadOrderGroup: Network

Service: lanmanworkstation
LoadOrderGroup: NetworkProvider

Service: LIVESRV
LoadOrderGroup: BitDefender

Service: LmHosts
LoadOrderGroup: TDI

Service: MSDTC
LoadOrderGroup: MS Transactions

Service: NetDDE
LoadOrderGroup: NetDDEGroup

Service: Netlogon
LoadOrderGroup: RemoteValidation

Service: PlugPlay
LoadOrderGroup: PlugPlay

Service: RpcSs
LoadOrderGroup: COM Infrastructure

Service: SamSs
LoadOrderGroup: LocalValidation

Service: SCardSvr
LoadOrderGroup: SmartCardGroup

Service: Schedule
LoadOrderGroup: SchedulerGroup

Service: SENS
LoadOrderGroup: Network

Service: ShellHWDetection
LoadOrderGroup: ShellSvcGroup

Service: Spooler
LoadOrderGroup: SpoolerGroup

Service: Themes
LoadOrderGroup: UIGroup

Service: vsmon
LoadOrderGroup: TrueVector Group

Service: VSSERV
LoadOrderGroup: BitDefender

Service: WebClient
LoadOrderGroup: NetworkProvider

Service: WinDefend
LoadOrderGroup: COM Infrastructure

Service: WudfSvc
LoadOrderGroup: PlugPlay

Service: WZCSVC
LoadOrderGroup: TDI


~~~End of Report~~~

>>> I'm comfortable editing the registry (yes - I'll back it up first!). My version of Zone Alarm is 8.0.065.000.

 

Unfortunately, I don't see that we'll be able to tweak ZA's loading ......... it's already set to be the last group to start, well after the things it would normally interfere with. Best I can suggest is to uninstall, reboot and re-install to see if the problem persists. If so, time to look for another firewall solution or seek assistance with Zone Alarm via their forums.

 

I'm happy just to have discovered the cause of the problem - As i said, this would have been the last thing I might have considered. I'll re-install & see how that goes.

Thanks again!

 

Happy to help.

 

Follow up- Re-installation (unfortunately) didn't help. The Zone Alarm boards seem to have plenty of users with similar issues, dating back some years. ZA's recommendation is to step back to a previous release. Instead, I unchecked "load Zone Alarm at startup ", and dropped a shortcut in the Startup menu. I don't remember if I saw that suggestion here or on the ZA boards - but it worked perfectly. ZA still starts automatically when I boot, but I'm back to the quick boot times I had weeks ago.

Thanks again.

 

Thanks for the update. Glad to hear it's working for you.