Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% disk usage on restart


  • This topic is locked This topic is locked
111 replies to this topic

#1 water101

water101

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 16 March 2015 - 03:07 PM

I have been working with Aura in the windows 8 section. We have tried several things but haven't gotten full results. There was some malware found so I was sent here. I have done the scan and will post the results. The main issue is that on restart my computer goes to 100% disk usage for no reason but only on restart. IE takes more then 15 seconds to open now which is much better then it used to be but once it has been opened once each time after that is less then 1 second until the next restart.

 

Here is a link to my original post.

 

http://www.bleepingcomputer.com/forums/t/569672/slow-computer-with-100-disk-usage/page-1

 

Attached File  FRST.txt   477.34KB   16 downloadsAttached File  Addition.txt   31.98KB   9 downloads



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 AM

Posted 21 March 2015 - 03:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/570329 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 21 March 2015 - 04:04 PM

I do not have my windows disk. When I try and upload the scan results it tells me the file is to large.

 

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 22 March 2015 - 09:07 AM

Greetings water101 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Unfortunately there is evidence of illlegal software on your computer. Before we are able to continue I am going to request you uninstall Turbotax and also address the software present on your system used to avoid the required activation of Microsoft Office. If you are willing to do this let me know and we can begin our steps.

Edited by Oh My!, 22 March 2015 - 09:08 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 March 2015 - 09:27 AM

I can uninstall turbotax but I am not sure which program you are referring to about Microsoft office



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 22 March 2015 - 04:54 PM

Thank you. It is Microsoft Office Professional Plus 2010.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 March 2015 - 05:12 PM

I can delete that as well. What is the next step



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 22 March 2015 - 05:16 PM

While you delete that let me take a look at your logs again. They are quite long.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 March 2015 - 05:18 PM

OK the new ones were not able to be posted as they were too long



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 22 March 2015 - 05:48 PM

Thank you for your patience. Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Run: [LManager] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3179201832-3334313956-1106975183-1001 -> {F8DF1EFD-A4CA-483E-9016-8EC79977077E} URL =
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
2015-03-11 18:04 - 2015-03-16 15:24 - 00003244 _____ () C:\WINDOWS\System32\Tasks\IORRT
CustomCLSID: HKU\S-1-5-21-3179201832-3334313956-1106975183-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
Task: {1FCF2630-1021-4737-A9F5-C70297BEEA44} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2013-04-17] ()
C:\IORRT
Task: {8A94B716-EF3A-499C-87ED-19997C9A6920} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2013-04-17] ()
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 March 2015 - 05:51 PM

Will do that now



#12 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 March 2015 - 06:16 PM

Fixlog report

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Joe at 2015-03-22 18:55:33 Run:1
Running from C:\Users\Joe\Desktop
Loaded Profiles: Joe (Available profiles: Joe)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [LManager] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3179201832-3334313956-1106975183-1001 -> {F8DF1EFD-A4CA-483E-9016-8EC79977077E} URL =
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
2015-03-11 18:04 - 2015-03-16 15:24 - 00003244 _____ () C:\WINDOWS\System32\Tasks\IORRT
CustomCLSID: HKU\S-1-5-21-3179201832-3334313956-1106975183-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
Task: {1FCF2630-1021-4737-A9F5-C70297BEEA44} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2013-04-17] ()
C:\IORRT
Task: {8A94B716-EF3A-499C-87ED-19997C9A6920} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2013-04-17] ()
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3179201832-3334313956-1106975183-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8DF1EFD-A4CA-483E-9016-8EC79977077E}" => Key deleted successfully.
HKCR\CLSID\{F8DF1EFD-A4CA-483E-9016-8EC79977077E} => Key not found.
DIRECTIO => Service deleted successfully.
Lavasoft Kernexplorer => Service deleted successfully.
C:\WINDOWS\System32\Tasks\IORRT => Moved successfully.
"HKU\S-1-5-21-3179201832-3334313956-1106975183-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FCF2630-1021-4737-A9F5-C70297BEEA44} => Key not found.
C:\Windows\System32\Tasks\IORRT not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IORRT" => Key deleted successfully.
C:\IORRT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8A94B716-EF3A-499C-87ED-19997C9A6920}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A94B716-EF3A-499C-87ED-19997C9A6920}" => Key deleted successfully.
C:\Windows\System32\Tasks\Hybrid => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hybrid" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog 18:55:34 ====

 

Rogue killer report

 

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Joe [Administrator]
Started from : C:\Users\Joe\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/22/2015  19:12:16

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | DelaypluginInstall : C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E4F0EBA0-1D65-4152-B142-F39B44D1A5E8} | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EADF78D9-D163-499B-932B-43C41FF38ED8} | DhcpNameServer : 192.52.104.29 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E4F0EBA0-1D65-4152-B142-F39B44D1A5E8} | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EADF78D9-D163-499B-932B-43C41FF38ED8} | DhcpNameServer : 192.52.104.29 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] 0215avUpdateInfo.job -- C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=0215av /INFORETRY=3) -> Found
[Suspicious.Path] 0814avUpdateInfo.job -- C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=0814av /INFORETRY=3) -> Found
[Suspicious.Path] 1114avUpdateInfo.job -- C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=1114av /INFORETRY=3) -> Found
[Suspicious.Path] 1214avUpdateInfo.job -- C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=1214av /INFORETRY=3) -> Found

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] TurboTax 2014 CANADA! Torrent - KickassTorrents.lnk -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboTax 2014 CANADA! Torrent - KickassTorrents.lnk [LNK@] C:\ProgramData\{386c400c-b287-f57f-386c-c400cb280032}\TurboTax 2014 CANADA! Torrent - KickassTorrents.exe --startup=1 -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-22HXZT3 +++++
--- User ---
[MBR] 3efe3f431a23cc2914d60df7b95e03a9
[BSP] f28b08cfad730a2aa448b19fd1726acf : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 700924 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1437190144 | Size: 350 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1437906944 | Size: 13301 MB
User = LL1 ... OK
User = LL2 ... OK

 

 

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 22 March 2015 - 06:32 PM

Thank you for the information.

I know you were reluctant earlier to boot into a Clean Boot state but we need to do that for troubleshooting purposes. The steps are reversible. Please do this.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items

2440069.png

  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 water101

water101
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 March 2015 - 06:50 PM

No better at all I am posting images of disk usage without opening anything it is about 3 minute or so after a reboot. It ran much better in safe mode. Could this be a hardware issue or  a video software issue.

 

http://imgur.com/a/bRLq2



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:37 AM

Posted 22 March 2015 - 08:18 PM

Greetings,

You can reverse the Clean Boot steps.

I don't think it is Video related but we can test that. In addition I want to gather some additional information. Please do these things.

===================================================

Using VGA Driver in Normal Mode

--------------------
  • Click the Windows key + R at the same time
  • Type msconfig and hit Enter
  • Click the Boot tab (for XP click BOOT.INI)
  • Place a check mark in Base video, then click OK
  • Restart your computer
  • Your screen resolution will look different as if it was in Safe Mode, that is normal
  • Check your disk usage
  • If the problem persists reverse the steps and complete the next instructions
===================================================

Event Viewer Critical/Warning Information Windows 8/7/Vista

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • Click on the arrow to the left of Windows Logs to expand the category
  • Left click on System
  • On the right hand side of the screen click Filter Current Log...
  • Select Critical and Warning, then click OK
  • Select Save Filtered Log File As...
  • Under File Name: please type System then save it to your desktop
  • Left click on Application and repeat the above steps saving the file as Application
  • Zip the files and upload them here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Video?
  • Uploaded Event Viewer files

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users