Mark said:
I have a Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, SuperAntiSpyware, Malwarebytes,
Avast, and Windows firewall.
(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system
I have several 'problems'
* There's a sound, like speakers turning on/off that
occurs when the computer connects to the Internet
which wasn't there before. It started after I was
infected with malware/ adware which I successfully
removed (see posts) but this sound remains.
* The other 'problem' is that it 'seems' to take the
computer a long time to load the programs and respond
when booting up. After everything is loaded it's fine
but it does seem to take a long time. I do have allot
of images but my usage of the HD is small 83.2 GB used
out of 906 GB with 823 GB free.
Also, I've noticed the system tray has had the yellow triangle
the last few times recently. However when I click to troubleshoot
it, I get connected and it goes away.
Thoughts/suggestions?
Thanks,
Robert
I haven't a clue, as to how to debug your "click sound".
I don't know what tool would allow me to track that.
*******
In Windows 7, if you want to track what is happening at boot
time, there is xbootmgr (capture) and xperfview (viewing)
in the Performance Toolkit. I tried this out yesterday.
If the following picture doesn't interest you in the
slightest, then stop right here. The boot here, finished around
32 seconds or so. And then you can see the search indexer start
up after that. So this draws a graph, of some of the system
services starting. I think BootVis that was available for
WinXP might be a slight bit better, but that would not work
in Windows 7.
http://i58.tinypic.com/2vc7zuw.gif
You can see the following is a fairly lengthy procedure,
and I may not have provided enough detail. For example, I forgot
to mention the WindowsPerformanceToolkit.chm help file. By
running the help file, that's how I learned what command
to use, to do my first trace.
*******
OK, here's a brief log of the steps to set up boot analysis.
1) Download .NET 4.0 if you don't already have it. This is a
"gatekeeper install", so you can't install the SDK on the
"wrong" OS. I doubt the tools really really needed this.
But we have to humor Microsoft and pay our .NET tax.
.net 4.0
http://www.microsoft.com/en-us/download/details.aspx?id=17718
dotNetFx40_Full_x86_x64.exe 2/21/2011 48.1 MB
Later OSes, when they want to enforce the OS version, they
use an even later .NET which Windows 7 SP1 can't use.
The time taken for the install, is not to install the files.
The time is consumed by an NGEN run, to recompile the .NET
assemblies on the computer. This can take five to ten minutes.
2) Now get the Win7 SDK stub loader. This probably isn't the
only way to get the Performance Tools package, but it's the
way I did it. I think I was hoping "symchk.exe" would be in
here, which might account for why I was suckered into doing this.
Win7 SDK
http://msdn.microsoft.com/en-us/windows/hardware/hh852365
http://www.microsoft.com/en-us/download/confirmation.aspx?id=8279
509,264 bytes
http://download.microsoft.com/download/A/6/A/A6AC035D-DA3F-4F0C-ADA4-37C8E5D34E3D/winsdk_web.exe
3) Run winsdk_web.exe
Select a subset of all files. Don't bother with Visual Studio stuff
for example. Note that, I took this picture much later, and the
size estimates are now screwed up. This will take a while. Maybe
several hundred megabytes (because I've selected the redistributables,
and that turned out to be a happy accident). Anything not in view
here, is turned off.
http://i61.tinypic.com/2u91hja.gif
4) The installer pretends to do a good job. When you review
one of the program folders, it's virtually empty. Now, you need
to find the Windows Performance Toolkit redistributable file,
right-click it and select Install. It will say Repair as an option
as well (as if it was an Office installer), but just install it.
This gives me copies of xbootmgr.exe (capture) and xperfview.exe (view).
5) Now you can set up your symbols. My Windows 7 SP1 is x64. If you
had a 32 bit OS, you'd want the x86 retail one instead.
(symbols)
http://msdn.microsoft.com/en-us/windows/hardware/gg463028.aspx
301,812,736 bytes
http://download.microsoft.com/downl...1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
The received file is a .MSI. It's effectively a ZIP file of sorts,
with an auto-expander. Right-click it and select "install".
It will ask you for a destination for symbols.
On my machine, it selected D:\symbols and I selected C:\symbols instead.
That keeps the symbol files (4000+ of them) on the C: drive.
You could also profit from setting a system environment variable.
http://i58.tinypic.com/28r2u7b.gif
I set _NT_SYMBOL_PATH system variable to
SRV*C:\symbols*
http://msdl.microsoft.com/download/symbols
The second field, is where you dumped your 4000+ symbol files.
The third field, is a link to the Microsoft server, in case some
tool needs to locate files which are not present in the cache.
For example, after Security Updates, some of those 4000+ files
will be invalidated, and more will need to be automatically
downloaded.
6) Now, I created a folder to hold the .etl trace files. Open a
Command Prompt window, cd to that folder, then run the
command.
cd C:\my_result_folder
xbootmgr -trace rebootCycle -noPrepReboot
The computer immediately does a reboot at this point, so put
all your files and tools away, before the xbootmgr command.
A couple of .etl files will be put in your results folder,
and one of them will be 100MB+ in size.
7) After the reboot, you can use xperfview to open the
C:\my_result_folder stuff. The tool will complain about
"no loggers" or the like, but this is because the tool (xperfview)
is designed to also work with remote computers. And this
run was a totally local run (same machine views results, as
collected the results).
8) You get the picture of how your system booted.
http://i58.tinypic.com/2vc7zuw.gif
Mine appears to be "mostly booted" at 32 seconds.
At 35 seconds, the SearchIndexer seems to be starting up,
because we all know how important it is to add new files
to the search index.
If you're running an AV, there might be a long bar for the
AV in that picture, somewhere.
It's not BootVis, but it's the best I got so far, for Windows 7.
And not once, did I get any evidence it was using
the contents of C:\symbols. So the entire symbols exercise
might have been a red herring. It'll still come in handy
for a WinDbg session some day.
Paul