16 Aug 2011   #1
Microsoft MVP

Windows 7 Ultimate X64 SP1
Slower Reboots

For Carl: here is the boot trace .etl generated from running the
xbootmgr -trace boot command with +DRIVER removed.
It'd be interesting to know what it means.

16 Aug 2011   #2

Windows 10 Pro x64

Well, you have basically three phases here, all affected in different ways.

It takes almost 10 seconds to get from kernel bootstrap to starting the very first process (smss.exe), which must happen before any other processes can be initialized. This delay is pretty long, and can be attributed almost entirely to Symantec's scanning engine driver.

It only takes an additional 45 or so seconds to get to and through the "post-boot" phase, which is considered complete after all automatic services have started, the user has logged on, the shell is visible and loaded, and all start/run/runonce/etc. items have finished starting. This phase shows two issues - one, the Symantec product appears to be doing an on-access scan, which causes random writes during random reads (which as we all know is one of the slowest things a mechanical drive can do); and two, there's a decent amount of head movement which indicates a small amount of disk fragmentation (and it appears that neither Superfetch or Readyboot are optimized well, which could be due to defragmenting with a non-Microsoft defragmenter or other antivirus scan artifacts, for instance).

One interesting bit of the trace shows a large amount of USB polls by the nusb3mon process and driver, which I believe is installed when you attach certain Western Digital external USB hard disks (and potentially others, of course). This driver causes heavy I/O delays throughout the trace (and I've seen it many times before, so this is not anything new), especially bad when an external USB device is attached. Unless you need the Western Digital (or whichever vendor branded) USB software, you'd be wise to remove it.

The last bit seems to be a rather large search index cache, which doesn't really hit the machine until a time after PostBoot has completed. I cannot easily explain why this seems to take so long, other than you have two very inefficient (I/O-wise) applications with filter drivers installed (WD's nusb3mon and Symantec's I/O filter driver) which would be invoked on every read and write to the search index db cache. I can't say this is even an issue, per se, because I don't have +DRIVERS - however, from experience, I would say I can visualize what these *usually* look like, and if that is the case here, you might want to consider four things:
  1. Increase the frequency that your system runs defrag.exe, and clear the prefetch cache to force a rebuild
  2. Consider a lighter antivirus product, which will have the side-effect of increasing I/O performance
  3. Remove any USB software installed by external devices if not needed for day-to-day usage of the device(s)
  4. Consider the size and amount of folders in your search index, and consider paring down if possible to reduce the size of the search cache database files
As to #2, that's more a personal choice - I have heard that newer versions of the Norton Internet Security consumer products were more efficient, but as I don't use them myself I cannot corroborate any such statement (and with years of experience with their corporate products, I can't say I believe such proclamations much either). I can only tell you what it appears is happening from the data, no more, no less.
16 Aug 2011   #3
Microsoft MVP

Windows 7 Ult. x64

+1 for effort cluberti. 10/10.
16 Aug 2011   #4
Microsoft MVP

Windows 7 Ultimate X64 SP1

You caught me Carl, I have used DeFraggler from Piriform several times along with Windows' built-in defragger. I now have the Windows defrag set to daily since it has no option for every two or three days.

I did have good reboot times even with Norton in the past but I disabled its boot-time scan. That does a quick scan of the system before it comes up and starts it quickly after the system starts.

I had indexing on the whole C:\ drive and I really thinned out what is indexed. I rebuilt the index, it did have 157,000+ items indexed, now it is 16,067.

On the USB driver, I thought it was needed for my USB 3.0 ports. I have no WD drives but do use an external drive in an enclosure which is USB 2.0. The only USB software I've installed is Renesas USB 3.0 drivers, that used to be NEC.
16 Aug 2011   #5

Windows 7 Home Premium x64 SP1

Think we can say cluberti was spot on then

16 Aug 2011   #6

Windows 10 Pro x64

Good to know. Unfortunately, I think you're right about the drivers - digging in now it seems they're branded NEC, which means you simply have poor USB3 drivers, which could explain the additional delays when booting with a USB drive or device attached, as you had mentioned to me previously.
16 Aug 2011   #7
Microsoft MVP

Windows 7 Ultimate X64 SP1

No I don't boot with any USB 3.0 devices attached. I do have my keyboard, scanner, mouse, a UPS data line, and printer attached via USB2.0 however.

The external drive is plugged in only to make a back up image or update my user files, which I store on it too.

I don't think the nusb3mon is needed for USB3 operation, but I could be wrong, it does some sort of monitoring. Also in the Renesas program file/USB 3.0 Host Controller Driver I disabled the power management functions. Are the standard USB drivers causing the extra I/O delays too?

So far with the indexing, Norton, and USB 3.0 changes reboot is down to 156 seconds from 188.

Carl you are good on what is going on within windows at boot, I've always wondered exactly what it did.

EDIT: USB Drivers list
Slower Reboots-usb.jpg

16 Aug 2011   #8

Windows 10 Pro x64

Well, *I'm* not good, I just read the data from good tools .
 Slower Reboots

