A very dear friend of mine asked me to help him solve a problem with his laptop. About a month ago it started hanging up for about 6-12 minutes between when the background appears and when his icons came in.

I noticed he was getting an error message that the boot.ini file was missing. I created a generic boot.ini file. The error went away but the delay seemed to get slightly worse.

I went into msconfig and deselected everything in the start menu. I got an error message saying I needed admin privileges to make the changes. The menu still showed all items deselected after a reboot. That menu had several unnamed entries.

I ran spybot from the bootable dvd. It found and resolved issues, but the delay remained.

I ran combofix. It found more errors, but the delay remained.

Here are the log files:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17117
Run by Dan Kamin at 22:04:15 on 2013-02-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.981 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\18.7.2.3\ips\ipsbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
StartupFolder: c:\docume~1\dankam~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vnc.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673} : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739} : DHCPNameServer = 192.168.1.1 71.252.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dan kamin\application data\mozilla\firefox\profiles\3xyzcfc0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\dan kamin\application data\mozilla\firefox\profiles\3xyzcfc0.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\dan kamin\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - ExtSQL: !HIDDEN! 2010-12-29 12:00; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2
FF - ExtSQL: !HIDDEN! 2011-02-02 14:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-11 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20130208.001\BHDrvx86.sys [2013-2-12 997464]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-11 136312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-10-4 99896]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-2-20 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20130220.002\IDSXpx86.sys [2013-2-21 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20130220.023\NAVENG.SYS [2013-2-21 93296]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20130220.023\NAVEX15.SYS [2013-2-21 1603824]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [2011-2-17 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [2011-2-17 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [2011-2-17 52309]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-02-21 02:55:32 -------- d-----w- c:\documents and settings\dan kamin\application data\Malwarebytes
2013-02-21 02:55:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-02-21 02:55:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-21 02:55:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-09 17:05:18 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-02-09 17:05:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 17:05:24 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-26 20:43:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-12-26 20:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 22:10:20.89 ===============


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-24 22:35:31
-----------------------------
22:35:31.671 OS Version: Windows 5.1.2600 Service Pack 3
22:35:31.671 Number of processors: 2 586 0xF0D
22:35:31.671 ComputerName: DAN UserName:
22:35:34.312 Initialize success
22:38:04.312 AVAST engine defs: 13022401
22:38:32.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:38:32.671 Disk 0 Vendor: ST9160314AS D005DEM1 Size: 152627MB BusType: 3
22:38:32.687 Disk 0 MBR read successfully
22:38:32.687 Disk 0 MBR scan
22:38:32.734 Disk 0 Windows XP default MBR code
22:38:32.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:38:32.750 Disk 0 scanning sectors +312576705
22:38:32.843 Disk 0 scanning C:\WINDOWS\system32\drivers
22:38:54.125 Service scanning
22:39:26.406 Modules scanning
22:39:34.906 Disk 0 trace - called modules:
22:39:34.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:39:34.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a678030]
22:39:34.937 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a709d98]
22:39:37.687 AVAST engine scan C:\WINDOWS
22:40:10.296 AVAST engine scan C:\WINDOWS\system32
22:44:06.609 AVAST engine scan C:\WINDOWS\system32\drivers
22:44:35.359 AVAST engine scan C:\Documents and Settings\Dan Kamin
23:36:36.750 AVAST engine scan C:\Documents and Settings\All Users
23:41:21.187 Scan finished successfully
23:44:20.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat"
23:44:20.109 The log file has been saved successfully to "C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.txt"

Thanks,

specba