Vista takes 30 minutes to boot up- no malware

  1. hardware

    hardware New Member Bronze Member

    Joined:
    Apr 20, 2009
    Posts:
    15
    Likes Received:
    0
    Local time:
    18:54
    My System
    Loading...

    My client has a tablet PC running Vista Business. It is a Lenovo X61 with an Intel Core 2 Duo 1.6 Ghz processor with 2GB Ram. It suddenly takes about 30 minutes to boot once the Welcome screen comes up. He is running the hog Norton Internet Security version 16.5. I have run a virus scan and found nothing. I have checked the startup in msconfig and I don't see anything suspicious. I have run Hijack this and I have attached the log that it created. Again, I don't see anything too suspicious, but it is long and I may have missed something.

    Any thoughts?
  2. driver_ian

    driver_ian Security Team

    Joined:
    Apr 15, 2007
    Posts:
    1,018
    Likes Received:
    381
    Location:
    Plymouth, England
    Local time:
    00:54
    My System
    Loading...

    Hello and welcome to the forum
    Your HJT log hasn't attached if you could paste the log into your next post i'l then move you to the HJT forum where the secutity team can check it for you.
  3. hardware

    hardware New Member Bronze Member

    Joined:
    Apr 20, 2009
    Posts:
    15
    Likes Received:
    0
    Local time:
    18:54
    My System
    Loading...

    Thanks!

    Here is the HIJackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:36:48 AM, on 4/20/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal
    Running processes:
    C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\rdpclip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O13 - Gopher Prefix:
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AAREHAB.MI.local
    O17 - HKLM\Software\..\Telephony: DomainName = AAREHAB.MI.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AAREHAB.MI.local
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program Files\Citrix\GoToAssist Express Customer\152\g2ax_winlogon.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: GoToAssist Express Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist Express Customer\152\g2ax_service.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
    O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 10784 bytes
  4. driver_ian

    driver_ian Security Team

    Joined:
    Apr 15, 2007
    Posts:
    1,018
    Likes Received:
    381
    Location:
    Plymouth, England
    Local time:
    00:54
    My System
    Loading...

    I'll leave you in the capable hands of the security team
  5. hardware

    hardware New Member Bronze Member

    Joined:
    Apr 20, 2009
    Posts:
    15
    Likes Received:
    0
    Local time:
    18:54
    My System
    Loading...

    will they contact me? I don't know what the hijack forum website is
  6. DCiAdmin

    DCiAdmin Here to Help!

    Joined:
    Sep 30, 2008
    Posts:
    16,759
    Likes Received:
    1,707
    Location:
    Heart of the US Midwest
    Local time:
    18:54
    My System
    Loading...

    Hello Hardware,

    Welcome to the Security area of PCHF. Please review the PreWork document found in my Signature line and review the steps outlined there. Post requested logs back into this thread for review and recommendation.

    Thanks!
  7. hardware

    hardware New Member Bronze Member

    Joined:
    Apr 20, 2009
    Posts:
    15
    Likes Received:
    0
    Local time:
    18:54
    My System
    Loading...

    what is the link to get to the HijackThis Forum?
  8. DCiAdmin

    DCiAdmin Here to Help!

    Joined:
    Sep 30, 2008
    Posts:
    16,759
    Likes Received:
    1,707
    Location:
    Heart of the US Midwest
    Local time:
    18:54
    My System
    Loading...

    You're there now. This is the NEW HJT area of the PCHF forum.
  9. hardware

    hardware New Member Bronze Member

    Joined:
    Apr 20, 2009
    Posts:
    15
    Likes Received:
    0
    Local time:
    18:54
    My System
    Loading...

    I am stuck. Unfortunately, I am working on this client computer remotely. Right now, when I try to login it gets stuck at the Welcome screen and never gets past to a full login. I have already submitted the hijack this log. Is there anything you can see in the log?. Any suggestions how I can get back to a full login so I can then run the malwarebytes scan?
  10. DCiAdmin

    DCiAdmin Here to Help!

    Joined:
    Sep 30, 2008
    Posts:
    16,759
    Likes Received:
    1,707
    Location:
    Heart of the US Midwest
    Local time:
    18:54
    My System
    Loading...

    Have you tried a Safe Boot with Networking access to this computer? That will load only minimal drivers and often permit accesses previously denied. Although, please keep in mind that Safe Boot with Networking also does NOT load any Windows Firewall protection and leaves the system very vulnerable to access while connected in this manner.
  11. hardware

    hardware New Member Bronze Member

    Joined:
    Apr 20, 2009
    Posts:
    15
    Likes Received:
    0
    Local time:
    18:54
    My System
    Loading...

    I can't do it remotely. I could try and ask my client to do it
  12. DCiAdmin

    DCiAdmin Here to Help!

    Joined:
    Sep 30, 2008
    Posts:
    16,759
    Likes Received:
    1,707
    Location:
    Heart of the US Midwest
    Local time:
    18:54
    My System
    Loading...

    That would be your best access in if remote is all you've got. A quick running of Malwarebytes might be enough to at least get you the full access required.

    I'm sorry but I'm about to log off for the night. I'll check back tomorrow.
  13. hardware

    hardware New Member Bronze Member

    Joined:
    Apr 20, 2009
    Posts:
    15
    Likes Received:
    0
    Local time:
    18:54
    My System
    Loading...

    I have finally booted into safe mode and run malwarebytes. It found nothing. I am still waiting for someone to get back to me about what they found in the HijackThis log
  14. DCiAdmin

    DCiAdmin Here to Help!

    Joined:
    Sep 30, 2008
    Posts:
    16,759
    Likes Received:
    1,707
    Location:
    Heart of the US Midwest
    Local time:
    18:54
    My System
    Loading...

    I look at the logs of Malwarebytes and HJT together. I was waiting to review your HJT until the MBAM log was posted.

    Please post for my review.
  15. hardware

    hardware New Member Bronze Member

    Joined:
    Apr 20, 2009
    Posts:
    15
    Likes Received:
    0
    Local time:
    18:54
    My System
    Loading...

    Although I did not post the log, It said there were no malicious threats. I am waiting patiently for it to reboot in order to get the log you requested
Similar Threads
Forum Title Date
Windows 7 and Vista help me Vista takes 10 mins to boot May 10, 2011
Windows 7 and Vista HELP My Vista Pc takes 20 mins to boot Nov 1, 2010
Windows 7 and Vista Vista takes ages to load Oct 3, 2009
Windows 7 and Vista Upgrading Vista to Windows 7 36 minutes ago