Boot problems - aswrvrt.sys

[essexboy]

Let me know if the startup improves after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - [2013/05/16 10:11:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV - [2013/07/01 09:55:40 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/05/02 11:21:44 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013/03/21 10:24:12 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
SRV - [2011/10/21 10:46:49 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/09/09 16:57:05 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
DRV:64bit: - [2013/06/07 20:04:53 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/02 11:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 11:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F2C4EF8F-E81C-11E2-9A50-B8AC6FCD7617}
IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {C4327731-20D2-4ED9-BDFD-E20B323C0A39}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm261YYUS&ptnrS=ZLxdm261YYUS&si=1579M&ptb=vySWsnVBtorv2lC7SuxGpg&ind=2011102114&n=77defba2&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={F2C4EF8F-E81C-11E2-9A50-B8AC6FCD7617}
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/07/08 14:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\2.bin [2013/12/15 08:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/07/08 14:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files (x86)\BetterSurf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@bettersurfplus.com: C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha676.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha676\ff [2013/12/20 08:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta940.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff [2014/01/09 13:26:05 | 000,000,000 | ---D | M]
O2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
[2014/04/10 21:44:52 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\LogMeIn Rescue
[2014/04/10 21:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\DealPlyLive
[2014/04/10 21:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\CRE
[2014/04/10 21:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\ContentWatch
[2014/04/10 21:42:36 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\Conduit
[2014/04/10 21:42:33 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\Amazon Browser Bar
[2014/04/09 08:11:59 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\LogMeIn
[2014/04/09 08:11:58 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\LogMeIn Hamachi
[2014/04/11 23:25:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/07/08 13:54:25 | 000,000,352 | ---- | C] () -- C:\Windows\Tasks\AmiUpdXp.job
[2013/10/04 07:35:53 | 000,000,286 | ---- | C] () -- C:\Windows\Tasks\Dealply.job

:Files
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\Wajam
C:\Program Files (x86)\Amazon Browser Bar
C:\Program Files (x86)\MyWebSearch
C:\Users\Joey and Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncbchahdjphahkafgcoepjngkooealnl

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[Joeymott]

Ok, I ran both programs and have attached the log files.

The shutdown and startup speed has increased some, but is still slower than before we had the problem.

I'm also running malwarebytes right now to see if that turns anything else up.

[essexboy]

Once MBAM has finished we will try a clean boot to see if we can determine what is causing the delay

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.

5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.

Is the start faster now

[Joeymott]

I tried to run Malwarebytes twice, both times the scan seemed to get hung up on the following file: ativpsrm.bin

The second time I ran the scan I let it run for 5 hours and it never got past that file, which seemed to be about 1/8 of the way through the scan.


I next tried the clean boot as you described, but shutdown and startup still took a long time.

[essexboy]

OK the ATI file is one of your video drivers.  Could you update your drivers

Download Slimdrivers  to your desktop   
Install the programme and on completion run   
On the first page select Start Scan 
 
 
Once it has completed click the download link on the right hand side (you can only download one driver at a time)   
 
 
Allow the creation of a restore point prior to downloading and installing. 
The driver will now be downloaded and backed up for safety.  A reboot will be required on completion   
 
Do this initially just for the video drivers

[Joeymott]

Updated the video driver using the program you suggested, then tried to run malwarebytes again.  MBAM got stuck again, so I cancelled the scan, restarted in safe mode and ran MBAM again successfully.  It prompted me to restart to complete cleaning process and it is now taking perhaps the longest time ever to restart.

[essexboy]

What did MBAM state that it located, could you post the log

[Joeymott]

Here is the MBAM Log.

[essexboy]

I wonder where they came from as those are bread and butter to adwcleaner

As a clean boot fails to resolve the speed issue my recommendation would be to reinstall windows

[Joeymott]

I thought that might be coming and frankly was leaning that way anyway. 

Thanks for your continued help.

[essexboy]

It is the only solution I feel, as a clean boot only loads windows drivers and services, no others are loaded.  This would indicate a windows file system problem rather than anything else