Startup delay NOD32 v3.0.621

Discussion in 'ESET NOD32 Antivirus' started by loekverhees, Jan 14, 2008.

  1. loekverhees

    loekverhees

    I followed the instructions, but imapi.exe, alg.exe and wscntfy.exe still load after 2~3 minutes. I tried the Microsoft Bootvis program, but that isn't working neither. Internet Explorer still loads the page (I can run the program itself right in the beginning, but then he can't load the homepage until suddenly after 2~3 minutes loads. In this case where I disabled all network-connections, google wasn't loading at all of course). So it wasn't NOD32 that delayed IE.

    @ De Hollander: When I disable imapi.exe or wuauclt.exe, unfortunately the problem keeps existing.
  2. freesurfer

    freesurfer

    I don't want to "leave you hanging", but I'm really at a loss right now :(. Again, I was expecting a third-party software to be the culprit but now it seems highly unlikely (though I still won't rule it out since we just skimmed on what is loaded during startup). I'll return after a few hours (can't tell for how long, maybe 6 or even >24 hrs) but here are some things to be considered culprit:

    - malware (rootkit) that is stealth and is loaded as service or driver (ill-designed/-implemented as to actually cause noticable effect).
    - malware (non-rootkit) that is loaded much earlier during bootup (usually, but not limited to, thru WINLOGON.exe, replacing system exes, image hijacking, etc; again, ill-designed/-implemented as to actually cause noticable effect).
    - driver/hardware issues (might have worked properly at first, but maybe thru an update, undelying issues surfaced).
    - un-updated Windows (just in case you aren't into updating your Windows, even after weeks/months of update release ;)).

    As for mentioned Windows services (imapi.exe, wuauclt.exe, etc), it's highly unlikely that they are the cause so I suggest leaving them for the moment if there are other things to try/consider.

    Should you be the "adventurous" type of persone :D and decide to format your system, kindly post first so we can give some recommendations and detect early on this problem should it re-occur.

  3. loekverhees

    loekverhees

    I think I'll format my system (last format was last week, so it's not that terrible ;) ). I'll intall NOD32 in the first place and check if it's delayed. Then I install the remaining applications (step by step) such as Office and drivers etc. Hope this way I can determine what program is causing this problem (if it occurs after the format too :doubt:).
  4. freesurfer

    freesurfer

    Good thing I checked-back for one last time.

    Not afraid of a format, are we :D. I suggest you do this:

    - Download all updates for your drivers before you reformat your system.
    - After a reinstall, restart your system (after Windows has finished it's own requests/requirements for a restart) one or two more time to make sure that as-is, it's working fine.
    - Install the drivers. After installing all of them, restart your system one or two more times, again to make sure that it's working as-is.
    - Then install NOD32 (EAV/ESS) and restart (this besides the restart NOD32 could request) one or two more times (again same reason).
    - Unless you're in a hurry, update your Windows first and restart it one or two more times.
    - Only then do you install the rest of your software.

    Good luck :)

  5. De Hollander

    De Hollander

  6. loekverhees

    loekverhees

    I just formatted my system :D . The first time after Windows Setup (when I saw the desktop for the first time), I opened Task Manager and: alg.exe was in the list, from the beginning! But then I rebooted the system, and when I saw the desktop again, I opened Task Manager again and: NO alg.exe :doubt: . After 2~3 minutes, alg.exe suddenly loaded (together with wuauclt.exe and the wscntf.exe). Seems like the problem is back :( .
  7. freesurfer

    freesurfer

    Just to confirm, when you rebooted your system and the problem reared it's ugly head :blink:, you haven't yet installed your drivers (much less updated Windows and installed the rest of your applications)?

    Since your last post up to now, how many times have you tried rebooting? Have you tried temporarily disabling Automatic Update? Also rebooting w/ all unecessary peripherals (except VGA/keyboard/mouse) and all ethernet disconnected (plus remove and CD/DVD from the reader, just incase ;))?

    Last edited: Jan 17, 2008
  8. loekverhees

    loekverhees

    When I faced the problem again, it was the first (real) manual reboot of the system. No drivers or windows-updates were installed yet. I rebooted 2 more times, but again with delay. Then I installed two drivers (for my on-board audio and for my videocard). Then I rebooted 2 times. After this, I installed EAV and rebooted 2x. Then I run the Windows Update and installed all available updates (and rebooted 2x). (Still delay at this moment)

    Since my last post up to this post, I booted 3 times. Then I disabled AU and System Restore (via Control Panel and via services.msc) and disabled all ethernet-connections. Then I shutted down the PC, removed the DVD-Writer (both IDE-cable and Molex-connector), all usb-devices and all network-cables and booted the PC. Still the problem :doubt:. Booted two times more, but without luck.

    PS: I'm maybe a little late with saying this, but all problems started when I installed Windows on a new HDD (formatted) and a new DVD-Writer.
    Last edited: Jan 17, 2008
  9. freesurfer

    freesurfer

    When you installed Windows, did you choose to format it? If so, what filesystem did you choose? FAT32 or NTFS? Also, did you choose Quick Format or not?

  10. loekverhees

    loekverhees

    Yes, I did format: Quick Format and NTFS. Should have been Full Format I guess :doubt: ?
  11. freesurfer

    freesurfer

    If you still have the time (and patience) why not :D.

    I would've also had you checked if your HD (and also maybe your DVD drive) is operating in DMA mode, but since you didn't mention of any slow bootup/response I guess that's not needed (unless ofcourse you thought that it's normal for your CPU to jump everytime your HD is being accessed). Also it won't be an issue if all your drives are using SATA.
  12. Bubba

    Bubba

    Just making sure but at this moment in time Nod32 is not installed ?
  13. loekverhees

    loekverhees

    @ freesurfer: I know my HDD is operating in DMA-Ultra (5) Mode, but I don't know about the DVD-Writer, how can I check this? Both HDD and DVD-Writer are IDE, not SATA. I'll reformat my system, but I think I'll do that in a few days, as I'm busy with University now.

    @ Bubba: As I write this, EAV IS installed :doubt:
  14. De Hollander

    De Hollander

    Question, what's the jumper settings of the devices and how are they connected.(IDE-cable)
  15. loekverhees

    loekverhees

    Both devices are set as master. The HDD is connected to IDE-0 on the motherboard and the DVD-Writer to IDE-1 (so both devices are attached to different IDE-cables).
  16. De Hollander

    De Hollander

    You say that you have two HDD and one DVD-writer.

    On your IDE-0 -> 2 HDD, and both with the jumper setting "master" ?
    On your IDE-1 -> 1 DVD-writer with the jumper setting master.
  17. loekverhees

    loekverhees

    No, one HDD at IDE-0 set as master, and one DVD at IDE-1, set as master too
  18. De Hollander

    De Hollander

    ok, just a misunderstanding :)

    Right click on “My Computer”.
    Choose “Properties”.
    Click the “Hardware” tab
    Hit the “Device Manager” button
    Find your HD and DVD-Writer. These are normally under “IDE ATA/ATAPI Controllers”.

    Primary IDE Channel (HD):
    Secondary IDE Channel (DVD)

    Hit the advanced settings tab, and there's your info. ;)
  19. freesurfer

    freesurfer

    yup, what he said :D.

    And if isn't UDMA even though you set it to DMA, just reset the CRC in the registry and reboot (again o_O, :D).
  20. loekverhees

    loekverhees

    I checked the HDD and DVD-writer again, via De Hollanders's way: The HDD is operating in UDMA Mode 2 and the DVD-writer in UDMA Mode 2 too. I looked in the Microsoft Logs, and this is what I got (if I scroll down further, it's from yesterday):

    Look at the timings! The details of the first error (in time) are:

    "The WebClient-service has reported an invalid status 87."

    The second error:

    "The WebClient-server has crashed at startup"

    I thought maybe this information is useful.
  21. De Hollander

    De Hollander

    Disable the WebClient Service, reboot and see how it's go.
    This might speed up network browsing, but it will prevent access to web-resident network places, such as free disk storage from your ISP.
  22. loekverhees

    loekverhees

    Yeah, disabling WebClient-service did the trick :D ! But is this a temporary solution, or can I leave it disabled forever?
  23. De Hollander

    De Hollander

    I'm still puzzled about the delay. But for the time been, it's a workaround. Normaly there suite not be any problems with webclient.

    Quote from:

  24. loekverhees

    loekverhees

    About a week has passed now, and I'm not discovering any problems till now. So I think I leave the WebClient disabled. ;)
  25. leogoldseed

    leogoldseed

    Hey!! loekverhees, De Hollander and everyone else! I've got it! it was the simplest thing ever. This has nothing to do with all those processes and thigns you've all tried. THis is simply the time period in which IE and Windoes check for AUTOMATICALLY DETECTING SETTINGS on your Internet /Lan Connection.

    ALL YOU HAVE TO DO is simply go to Internet EXPLORER tOOLS (OR ON THE CONTROL PANEL go to Internet options, and from connections, click on LAN, and UNCHECK the option that says "automatically detect settings". Restart your computer,. and that will definitely do the trick.

    THis was happening to me forever, but because I have like 5 PCs at hoime, at compared with the others (which didn't have the problem and I realized that little setting made all the difference. Once you do this, go back and enabloe the alg.exe again, since you don't want to lose th eFIrewall protection I believe it isd associated with.

    ALl the best!!

