Computer running very slow on startup,

R

roguebrick

New Member
Hey,
So i recently just bought a medium range custom made pc from a shop, and I've noticed during start-up the computer is incredibly slow.
Im new at this I was just wondering for my spec (see below) if this was normal for a gaming pc to run slow at startup, although during gaming it runs fine.

SPECS:
Windows 7 Home premium,
64 Bit Operating System
AMD FX-8320E Eight-core Processor, 3200 MHZ, 4 core(s) 8 Logical Processor
16GB Total Installed RAM
2GB dedicated graphics
 
Is there a lot of programs starting at bootup? Do you have a bunch of icons down in the system tray? How long does it take from pressing the power button to booting to desktop to being able to do anything?
 
johnb35 said:
Is there a lot of programs starting at bootup? Do you have a bunch of icons down in the system tray? How long does it take from pressing the power button to booting to desktop to being able to do anything?
Click to expand...
Currently have 5 programs at startup-
Realtek HD semiconductor, (as i understand it this is my soundcard)
Microsoft windows,
Razor Synapse (this does take a long time to sync)
VIPRE (antispyware)

There are a about 10 icons down in the system tray,
And from the start of pressing the button to be able to use the computer properly id hazard a guess at around the 5 minute mark at the moment. :/
 
You are probably infected. Has it always been like this or did it just start recently?

Do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

tdssstartscan_zps32a151cd.jpg


TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

2663-2-eng.png


To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

2663_3_en.png


Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.


Then do the following in order.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
Computer startup running slow.

"So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL[/QUOTE]"

-----
Here are the logs from the previously mentioned programs.

Adwcleaner:

# AdwCleaner v4.105 - Report created 20/12/2014 at 21:57:03
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user - POSION
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\users\user\AppData\Local\CrashRpt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1025 octets] - [20/12/2014 21:55:37]
AdwCleaner[S0].txt - [946 octets] - [20/12/2014 21:57:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1005 octets] ##########

----------
Junkware Removal tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by user on Sat 20/12/2014 at 22:03:09.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\suqug7zs.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 20/12/2014 at 22:05:20.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------
Malewarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/12/2014
Scan Time: 10:07:15 PM
Logfile: Mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.20.01
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317621
Time Elapsed: 6 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

-------------------
and finally OTL:

OTL logfile created on: 20/12/2014 10:14:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

15.98 Gb Total Physical Memory | 13.85 Gb Available Physical Memory | 86.65% Memory free
31.97 Gb Paging File | 29.73 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1190.92 Gb Free Space | 63.93% Space Free | Partition Type: NTFS
Drive I: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: POSION | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/20 21:50:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2014/11/21 06:22:06 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:22:04 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:21:56 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/20 19:23:10 | 000,289,792 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
PRC - [2014/11/20 10:14:56 | 000,177,040 | ---- | M] (ThreatTrack Security Inc.) -- C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
PRC - [2014/11/18 08:42:19 | 000,217,304 | ---- | M] (Razer, Inc.) -- C:\Users\user\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
PRC - [2014/11/18 08:42:15 | 000,214,232 | ---- | M] (Razer, Inc.) -- C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
PRC - [2014/11/03 15:47:52 | 000,585,536 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/11/23 09:55:40 | 000,133,496 | ---- | M] (GFI Software Development Ltd.) -- C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe


========== Modules (No Company Name) ==========

MOD - [2014/12/03 19:19:22 | 000,931,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Ionic.Zip\ae6bd70730551d3b4b54555d20cf4f7d\Ionic.Zip.ni.dll
MOD - [2014/11/20 19:23:10 | 000,289,792 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
MOD - [2014/11/20 17:02:46 | 000,193,024 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
MOD - [2014/11/02 07:31:20 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/11/02 07:31:18 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/11/02 07:30:50 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/11/02 07:30:34 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/11/02 07:29:51 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/11/02 07:29:46 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014/11/02 07:29:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\9370714a38ae2805434296b26a9f5b14\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/11/01 23:42:14 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/11/01 23:42:04 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/11/01 23:42:04 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/11/01 23:42:02 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/11/01 23:41:59 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/11/01 23:41:58 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/11/01 23:41:57 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/11/01 23:41:56 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/11/01 23:41:56 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c90a4b709b46b64c89fce02585d55370\System.Management.ni.dll
MOD - [2014/11/01 23:41:56 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll
MOD - [2014/11/01 23:41:55 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/11/01 23:41:55 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014/11/01 23:41:54 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/11/01 23:41:49 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/04 11:20:46 | 034,755,072 | ---- | M] () -- C:\Users\user\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
MOD - [2014/01/04 11:20:46 | 000,970,240 | ---- | M] () -- C:\Users\user\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/11/22 13:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/12 12:46:52 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/09/11 21:57:02 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/05/27 16:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/11/21 06:22:06 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:22:04 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/20 10:14:56 | 000,177,040 | ---- | M] (ThreatTrack Security Inc.) [Auto | Running] -- C:\Program Files (x86)\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2014/11/20 10:14:54 | 003,963,240 | ---- | M] (ThreatTrack Security Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2014/11/19 07:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/11/15 09:29:16 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/14 16:15:41 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014/11/01 09:27:38 | 000,183,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2014/06/09 20:49:00 | 004,250,624 | ---- | M] (A-Volute) [Auto | Running] -- C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe -- (RzMaelstromVADStreamingService)
SRV - [2014/03/21 09:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/23 09:55:40 | 000,133,496 | ---- | M] (GFI Software Development Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe -- (gfi_lanss11_attservice)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/20 22:07:10 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:23:34 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:23:20 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/11/20 10:15:10 | 000,095,608 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2014/11/20 10:15:08 | 000,345,392 | ---- | M] (ThreatTrack Security) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\sbwfw.sys -- (sbwfw)
DRV:64bit: - [2014/11/20 10:15:02 | 000,063,696 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2014/11/20 10:14:40 | 000,088,928 | ---- | M] (ThreatTrack Security, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2014/11/18 08:37:21 | 000,129,600 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:64bit: - [2014/11/01 09:27:07 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:64bit: - [2014/09/05 14:27:52 | 000,160,424 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2014/09/05 14:27:52 | 000,039,592 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2014/06/09 20:49:00 | 000,032,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
DRV:64bit: - [2013/09/25 01:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/09/12 13:39:56 | 012,760,576 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/09/12 12:13:58 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/04 13:57:42 | 000,031,264 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiutil.sys -- (gfiutil)
DRV:64bit: - [2013/07/31 13:26:24 | 000,042,240 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV:64bit: - [2013/05/23 07:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 17:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/12 17:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/09/21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/09/11 17:41:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/09/11 17:41:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/08/24 00:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 14:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 14:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 14:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/11/18 10:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 03:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 F1 CC 0E EC F3 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/11/01 20:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2014/12/11 13:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\suqug7zs.default\extensions
[2014/11/15 08:57:26 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\suqug7zs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/11/15 09:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/15 09:29:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (VIPRE Search Guard Helper) - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (VIPRE Search Guard Helper) - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
O3:64bit: - HKLM\..\Toolbar: (VIPRE Search Guard Toolbar) - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll ()
O3 - HKLM\..\Toolbar: (VIPRE Search Guard Toolbar) - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\VIPRE\SBAMTray.exe (ThreatTrack Security Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\Program Files (x86)\InstallShield Installation Information\{9C049509-055C-4CFF-A116-1D12312225EB}\setup.exe (Acresso Software Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D7BFF26-E1EF-4944-8B68-B4D667BEE44F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F402A2CE-B191-4562-A34B-CFC5AAF755DC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\vipresg {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll ()
O18 - Protocol\Handler\vipresg {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/20 22:06:27 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/20 22:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/20 22:06:11 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/20 22:06:11 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/20 22:06:11 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/20 22:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/12/20 22:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/12/20 22:03:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/20 21:55:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/20 21:53:45 | 020,447,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup.exe
[2014/12/20 21:51:01 | 004,187,592 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2014/12/20 21:51:01 | 001,707,646 | ---- | C] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
[2014/12/20 21:51:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/12/11 13:56:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\LogMeIn
[2014/12/11 13:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/12/11 13:31:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/06 11:23:27 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\4A Games
[2014/12/06 11:21:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\4A Games
[2014/12/06 11:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/12/06 11:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/12/04 19:45:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\RzStats
[2014/12/04 17:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/12/03 19:37:35 | 000,129,600 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpnk.sys
[2014/12/03 19:37:21 | 000,037,184 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpmgrk.sys
[2014/12/03 19:29:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\IsolatedStorage
[2014/12/03 19:26:50 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiark.sys
[2014/12/03 19:26:50 | 000,031,264 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiutil.sys
[2014/12/03 19:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIPRE
[2014/12/03 19:19:01 | 000,063,696 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\sbhips.sys
[2014/12/03 19:19:00 | 000,048,016 | ---- | C] (ThreatTrack Security Inc.) -- C:\Windows\SysNative\sbbd.exe
[2014/12/03 19:18:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32
[2014/12/03 19:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI
[2014/12/03 19:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI
[2014/12/03 19:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\VIPRE
[2014/12/03 19:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2014/12/03 19:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIPRE
[2014/12/03 19:10:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\VIPRE
[2014/12/03 19:10:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\VIPRE
[2014/12/03 18:56:56 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014/11/29 15:28:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\FalloutNV
[2014/11/26 16:56:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\dxhr
[2014/11/26 16:55:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\28050
[2014/11/23 00:00:20 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Square Enix
[2014/11/22 17:42:59 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieBrowserModeList
[2014/11/22 17:26:13 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Stronghold Crusader 2
[2014/11/22 13:27:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\PAYDAY 2

========== Files - Modified Within 30 Days ==========

[2014/12/20 22:07:10 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/20 22:06:42 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/20 22:06:42 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/20 22:05:01 | 000,781,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/20 22:05:01 | 000,666,140 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/20 22:05:01 | 000,125,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/20 21:58:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/20 21:58:09 | 4281,782,270 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/20 21:54:06 | 020,447,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup.exe
[2014/12/20 21:50:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/12/20 21:50:42 | 004,187,592 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2014/12/20 21:50:38 | 001,707,646 | ---- | M] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
[2014/12/20 21:50:28 | 002,166,272 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2014/12/07 09:24:36 | 000,022,802 | ---- | M] () -- C:\Windows\SysWow64\FirewallConfig.xml
[2014/12/03 20:03:29 | 000,001,738 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2014/12/03 20:03:29 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2014/12/03 19:40:19 | 000,274,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/03 19:28:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2014/11/22 19:51:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2014/11/21 06:23:34 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:23:24 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:23:20 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2014/12/20 21:51:01 | 002,166,272 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2014/12/07 09:24:35 | 000,022,802 | ---- | C] () -- C:\Windows\SysWow64\FirewallConfig.xml
[2014/12/03 20:03:29 | 000,001,738 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2014/12/03 20:03:29 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2014/12/03 19:28:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2014/11/22 19:51:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2014/10/30 13:42:28 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014/10/27 12:53:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/10/27 12:45:51 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014/10/27 12:45:51 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014/10/27 12:45:51 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/10/27 12:45:51 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014/10/27 12:45:51 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2014/10/27 12:43:17 | 000,765,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/11 22:32:06 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 13:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 12:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 14:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/12/11 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2014/10/31 06:19:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\java
[2014/11/22 12:28:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2014/12/03 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VIPRE

========== Purity Check ==========



< End of report >
 
Did you run the Tdsskiller program? Did it find anything? Is it possible that the Vipre antivirus progam is causing the slowdown?
 
johnb35 said:
Did you run the Tdsskiller program? Did it find anything? Is it possible that the Vipre antivirus progam is causing the slowdown?
Click to expand...

Yes i did run the Tdsskiller program, and the results where negative in the finding anything department...
My computer was slow before i got VIPRE, (i thought getting it would fix the problem but to no avail)
 
Autoruns can tell you if there is a lot of crap starting up. Check that out if this isn't malware. Actually, Autoruns can pinpoint malware too that starts up like scripts, etc. But it's not a malware scanner. http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Just be careful using Autoruns. I would save the ARN file and upload to here. That way we can see what you have running on your computer.

If your computer was taken in to get it to boot faster and they didn't do anything I would have got my money back as it clearly isn't fixed.
 
Last edited:
johnb35 said:
The issue you are having goes along the lines of having an mbr rootkit infection. Lets try another program.

Download and run aswmbr and post the logfile from it. Open the program, click on scan and let it run. After its done, click on save log and then copy and paste that log back here.

http://www.bleepingcomputer.com/download/aswmbr/dl/1/
Click to expand...

----------------------
aswmbr log:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-22 16:34:22
-----------------------------
16:34:22.502 OS Version: Windows x64 6.1.7601 Service Pack 1
16:34:22.502 Number of processors: 8 586 0x200
16:34:22.503 ComputerName: POSION UserName: user
16:34:24.741 Initialize success
16:34:24.770 VM: initialized successfully
16:34:24.771 VM: Amd CPU supported
16:34:43.529 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
16:34:43.532 Disk 0 Vendor: ST2000DM CC29 Size: 1907729MB BusType: 11
16:34:43.656 Disk 0 MBR read successfully
16:34:43.658 Disk 0 MBR scan
16:34:43.660 Disk 0 Windows 7 default MBR code
16:34:43.662 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:34:43.666 Disk 0 default boot code
16:34:43.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848
16:34:43.690 Disk 0 scanning C:\Windows\system32\drivers
16:34:50.094 Service scanning
16:35:00.750 Modules scanning
16:35:00.755 Disk 0 trace - called modules:
16:35:00.768 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
16:35:00.771 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cb77790]
16:35:00.774 3 CLASSPNP.SYS[fffff8800190043f] -> nt!IofCallDriver -> [0xfffffa800d19fac0]
16:35:00.777 5 amd_xata.sys[fffff8800110fd00] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa800d19a9c0]
16:35:00.781 Disk 0 statistics 93933/0/0 @ 11.90 MB/s
16:35:00.784 Scan finished successfully
16:36:14.219 Disk 0 MBR has been saved successfully to "I:\MBR.dat"
16:36:14.227 The log file has been saved successfully to "I:\aswMBR.txt"
 
Agent Smith said:
Autoruns can tell you if there is a lot of crap starting up. Check that out if this isn't malware. Actually, Autoruns can pinpoint malware too that starts up like scripts, etc. But it's not a malware scanner. http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Just be careful using Autoruns. I would save the ARN file and upload to here. That way we can see what you have running on your computer.

If your computer was taken in to get it to boot faster and they didn't do anything I would have got my money back as it clearly isn't fixed.
Click to expand...

------------------
My computer was brand new, so i didn't think to take it to get it to boot faster. (would this be a good idea? to get it looked at?)
The ARN file wouldn't upload any other way to get it to you?
 
Rerun autoruns and uncheck anything in yellow and reboot. See if the issue is still there.
 
roguebrick said:
Here is the link:
https://www.dropbox.com/s/rmhp60do7lkycl8/AutoRuns.arn?dl=0
Click to expand...


What version of Windows are you running? You have rdpclip disabled and depending on your OS you may need to repair it by doing a system restore. http://www.sevenforums.com/general-discussion/97418-missing-win7-file-rdpclip-exe.html

This probably isn't your slow boot up problem though.

Is there an update to your AMD graphics card driver? Try that, or there may be something in the driver causing a slow down. What version of driver do you have now?

A great alternative to winrar is 7zip. It's free.

You said you tried uninstalling vipre and see if that makes your PC boot quicker?

It looks like you ran aswMBR from Avast hosted on Bleepingcomputer. That didn't find anything?

Try disabling razor under the Logon tab and rebooting.

Is there a firewall activated on your computer and is it blocking Steam or razor, etc? On start up it could be trying to connect. Consequently, your anti-virus could be playing havoc with Steam and Razor.

Lets start with the GPU. See if there is an update and post what driver you have now or updated to.
 
Last edited:
Agent Smith said:
What version of Windows are you running? You have rdpclip disabled and depending on your OS you may need to repair it by doing a system restore. http://www.sevenforums.com/general-discussion/97418-missing-win7-file-rdpclip-exe.html

This probably isn't your slow boot up problem though.

Is there an update to your AMD graphics card driver? Try that, or there may be something in the driver causing a slow down. What version of driver do you have now?

A great alternative to winrar is 7zip. It's free.

You said you tried uninstalling vipre and see if that makes your PC boot quicker?

It looks like you ran aswMBR from Avast hosted on Bleepingcomputer. That didn't find anything?

Try disabling razor under the Logon tab and rebooting.

Is there a firewall activated on your computer and is it blocking Steam or razor, etc? On start up it could be trying to connect. Consequently, your anti-virus could be playing havoc with Steam and Razor.

Lets start with the GPU. See if there is an update and post what driver you have now or updated to.
Click to expand...

GPU:
there was an update to my drivers, once updated this is the version:
14.501.1003-141120a-177998C
14.12 AMD Catalyst Omega Software

My computer was slow before I installed VIPRE, (i thought this would fix the slowness)

aswMBR came up with nothing,

My firewall as far as i can tell is blocking neither steam nor razor

winrar is free also
 
Are you using drivers from the motherboard's website or just what came on the CD? If you are using the ones on the CD try the ones from the motherboard's website.

Follow this guide and tell me what performance information and tools says. http://windows.microsoft.com/en-us/windows/computer-wont-turn-on-off-quickly#1TC=windows-7

Finally, at the bottom of performance information and tools generate a health report and click on each device to see if there are problems.

CRAP! I forgot to tell you how to clear the last GPU driver properly before installing a new one. Try this again. Go into safe mode and uninstall the driver, than run driver sweeper. Now reinstall the GPU driver. http://www.guru3d.com/content-page/guru3d-driver-sweeper.html

Did you try disabling Razor?

This is very hard to diagnose without being physically at the computer. It could be a BIOS setting or even RAM for all I know.

Do you also have a on board GPU on the motherboard? If so is it disabled in BIOS?
 
Last edited:
You must log in or register to reply here.
Back
Top