[pagi4]

Hello!
I've got the upgrade from Windows 7 to Windows 8, everything is great, system works faster and UI is nice (for me ). But I've faced the problem with blank black screen before the system shows me logon ui. The blank screen holds for a quite time and the boot time has increased at least twice (comparing to Win7 boot time before) with this lag. It's really annoying for me, so I've made boot trace with xbootmgr.

This is what I've got:
http://puu.sh/1mp7w
Winlogon phase lasts ~25 seconds.

I've tried to do "xbootmgr -trace boot -prepSystem -verboseReadyBoot" but after second boot xbootmgr hangs on "Preparing system..." stage and nearly 40-50 minutes later finishes off with error message: http://puu.sh/1mrKR
Also I've reinstalled all drivers to match Windows 8 support - no effect anyway.

I am not able to understand the reason of this lag, so I'm asking for your help.

Here is Windows Performance Analyzer trace file's download link:
https://dl.dropbox.c.../boot_trace.rar

Thanks.

UPD:
I was able to perform -prepSystem successfully with fixing registry values for defrag service. I achieved greatly increased perfomance for postboot stage. However, winlogon lag is still here and continues to annoy me.

This post has been edited by pagi4: 17 November 2012 - 03:49 AM

[Tripredacus]

Are you using your pre-existing Windows 7 account when booting into Windows 8? Have you tried testing with a new user account?

[MagicAndre1981]

Waiting for Local Session Manager causes an 18s and entering the password a 5s delay:

 WinLogOnInit.png (42.5K)
Number of downloads: 8

Quote

User Logons hang for an extended time. Citrix logons hang while displaying “please wait for local session manager.” Microsoft-Windows-User Profiles Service event 1521 indicates that Windows cannot locate a profile due to error “access is denied.”

Root cause: Folders and subfolders were manually copied into the users profile tree instead of following the steps in KB 973289

http://social.techne...ogons-sbsl.aspx

[pagi4]

I've tried to boot PC with network router switched off. Boot time took only ~5 seconds without any blank screen lags. Incredible! However, it all turns back with active network connection.

Tripredacus, on 05 November 2012 - 08:22 AM, said:

Are you using your pre-existing Windows 7 account when booting into Windows 8? Have you tried testing with a new user account?

Using pre-existing Windows 7 profile upgraded to Live account. But I think it doesn't matter because boot process lags at pre-logonui stage.

MagicAndre1981, on 05 November 2012 - 10:12 AM, said:

Waiting for Local Session Manager causes an 18s and entering the password a 5s delay:

I'm sorry, but I don't understand what I have to do with Local Session Manager delay. I tried to read the article you provided, but I didn't get anything. Can you give me some advice please?

This post has been edited by pagi4: 06 November 2012 - 03:02 PM

[MagicAndre1981]

pagi4, on 06 November 2012 - 03:00 PM, said:

Using pre-existing Windows 7 profile upgraded to Live account.

I think this is the issue. I've also seen slow Logontimes with a LiveAccount.

[pagi4]

Switched back to local account - no changes

[MagicAndre1981]

can you make a bootlog with ProcessMonitor? Do you see more details?

[pagi4]

MagicAndre1981, on 07 November 2012 - 04:35 PM, said:

can you make a bootlog with ProcessMonitor? Do you see more details?

Yes, here it is:
https://dl.dropbox.c...mon_bootlog.rar

This post has been edited by pagi4: 08 November 2012 - 05:35 PM

[MagicAndre1981]

Querying the patch \\;Csc\.\.\ takes 13s. This is offline files. Do you use offline files? Are they ok. Check this.

[pagi4]

No, I have never used this functionality of Windows. I tried to switch off offline files option in sync center but there was still lagging after the reboot.
And there is still something (explorer shows folder sized 0 bytes) in C:\Windows\CSC, which I am not able to remove due to permissions restrictions - http://puu.sh/1ok6e

[MagicAndre1981]

disable offline files in the control panel->sync center

[pagi4]

Disabled. But the folder "2.0.6" and boot lag are still there

[pagi4]

Deleted "2.0.6" folder using Ubuntu. But boot process still lags

This post has been edited by pagi4: 10 November 2012 - 03:18 PM

[MagicAndre1981]

make a new ProcMon Bootlog

[pagi4]

Here it is:
https://dl.dropbox.c...og_20121111.rar

[cluberti]

The odd part is that once LogonUI starts, it takes upwards of 30 seconds for it to move on to loading drivers, parsing WMI providers and event logs, etc. Procmon can't really tell us what happened at the winlogon screen, but that's slightly north of 30 seconds where it appears it's spending the VAST majority of it's time talking to the audio driver for some reason (that isn't normal). Assuming you updated drivers, something is indeed wrong, but procmon probably isn't going to be verbose enough for us to figure it out given what it's showing us. Can you run the following commands to get another set of ETL trace data?

md C:\boot_trace

reg add "hklm\software\microsoft\windows\currentversion\policies\system" /t REG_DWORD /v verbosestatus /d 1 /f

xbootmgr -trace boot -verboseReadyBoot -traceFlags LATENCY+DISPATCHER+DISK_IO_INIT+NETWORKTRACE+MEMINFO+POWER+PERF_COUNTER+PRIORITY+REGISTRY+FILE_IO+FILE_IO_INIT -postBootDelay 180 -stackwalk Profile+ProcessCreate+CSwitch+ReadyThread+mark+ThreadCreate+DiskReadInit+DiskWriteInit+DiskFlushInit+RegSetValue+RegCreateKey+RegSetInformation -resultPath C:\boot_trace

After you run those commands, your box should reboot and create a working trace after logon without any errors (located in C:\boot_trace). Compress that .ETL file up and let us know when it's available and where.

[MagicAndre1981]

it's now your turn, cluberti. I have no idea.

The only thing you can try is to create a new empty account and see if it happens there, too.

[cluberti]

Well, it looks audio driver related, but looks can be deceiving. I guess we wait for an ETL file.

[pagi4]

cluberti, on 11 November 2012 - 10:36 PM, said:

After you run those commands, your box should reboot and create a working trace after logon without any errors (located in C:\boot_trace). Compress that .ETL file up and let us know when it's available and where.

Hello. Sorry for the delay.
Here is the trace:
https://dl.dropbox.c...ce_20121116.rar
Thanks!

[cluberti]

So, you have a few things happening here:

1. You have a 4 second delay loading your hard disk drive - no clue why, as this is a BIOS setting.

2. You have a WD Green drive, and those are notoriously poor for random disk I/O during the boot process. Nothing you can do about physics, as these drives are designed for lower power footprint at the cost of seek and load speed. There are utilities out there that can disable the head parking feature, but it won't help you during boot time (and it removes the "green" features of the drive when in use, so I wouldn't recommend it if you chose this drive for those reasons as well). Not much you can do when you use a 5900RPM drive to boot from .

3. Booting the base system (kernel, smss, csrss, and lsass binaries) takes approximately 20 seconds. This should normally take between 10-12 seconds, 15 at the outside, but is taking 5-7 seconds longer on your machine. This is being caused by a few things - there's a large number of volume shapshots being read after the disk is mounted (start > cleanmgr > <drive> > "clean up system files" > More Options tab). Also, there's another section of time spent loading and hashing drivers as there's a driver on the system that is a signed binary rather than containing a signed catalog - this is fine, but can cause boot delays in this phase due to causing signature verification as it cannot be found in a catalog (this is guard64.dll, by the way).

4. Comodo is blocking LSASS communication and functionality between services.exe and the security subsystem for approximately 17 seconds after winlogon starts via Comodo's guard64.dll binary. No services or programs of any kind are allowed to start until it finishes loading, which blocks LSASS being able to access the SAM, causes problems with it's ability to read the registry (which also delays SAM load), which blocks other services from starting, which all causes 17 seconds of delay in the trace you uploaded. As soon as services.exe is started and guard64.dll is loaded at 21 seconds in, everything stops until it's finished, at approximately 38 seconds into the trace. You may actually see a warning by Microsoft-Windows-Winint (event 11) being logged on your machine in the event viewer stating that the system is being hooked in all processes by a non-Microsoft .dll file - this would be that file.

5. Malwarebytes' Antimalware client is causing approximately a 30 second delay in loading Explorer.exe, even after winlogon takes an additional 19 seconds to log you in after you've provided credentials (which was after the 38 second delay in providing you a credential prompt, and the 20 seconds in just loading the bare, base system).

6. Getting your machine completely booted and idle takes another ~40 seconds due to all of the things starting with the explorer shell, like LastFM, DropBox, Comodo's apps, and a few shell extensions. Not bad, but it may still behoove you to look into trimming that perhaps, otherwise you'll have to live with that.


All in all, Comodo is a big drain on system resources and a big part of your problem, but there's also the Malwarebytes portion of the delay, and the fact that your boot drive isn't very fast. I suppose you already knew about that last part, but I'd remove MWB and Comodo from the system completely, retest, and only re-add either if you have no other options for security products.