Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Notebook runs very slow, then fast, then slow again [Closed]


  • This topic is locked This topic is locked

#1
Tyreal2015

Tyreal2015

    New Member

  • Member
  • Pip
  • 2 posts
Hi! About a month ago my Acer notebook (running Windows 7 Ultimate) began to run slow with CPU usage at always 20%, then I tried to reformat using the OEM partition, no change. So then I tried to reformat using a Windows 7 disc (I downloaded all of the drivers through Acer's site), and things seem to run fine for a while, but weeks later it would run horribly slow (much worse than before) for about 10 minutes, then it would run normal, only to run super slow again 10 minutes later. It began to run so slowly that I was forced to press the off button, but when I turned it on again, it would no longer boot into Windows and would get stuck on an infinite "disc check" loop... so I formatted again, and I now have the same problem as before (runs normal, then super slow).

I couldn't do a clean format, by the way (the Windows.old folder was here), so I fear the virus infection may have continued. If it isn't an infection, the only other thing I can think of is a failing HDD...

Could anyone please help me out? Thanks in advance! :) Here's the OTL log:

OTL logfile created on: 14/06/2013 16:56:51 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joel\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,86 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 45,75% Memory free
5,71 Gb Paging File | 4,13 Gb Available in Paging File | 72,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,07 Gb Total Space | 520,57 Gb Free Space | 89,59% Space Free | Partition Type: NTFS

Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/14 16:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Downloads\OTL.exe
PRC - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 08:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/12 15:57:07 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\7f9744a4da7c23ea1efb24d7e8a9f4d6\IAStorCommon.ni.dll
MOD - [2013/06/12 15:57:06 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0ec408f66b97c086f9fd83037d41cb07\IAStorUtil.ni.dll
MOD - [2009/07/29 13:06:50 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/07/29 13:06:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009/07/14 01:56:03 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009/07/14 01:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009/07/14 01:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 01:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 01:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009/07/14 01:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 01:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 01:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 01:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/09 20:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/03/26 09:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/18 08:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/20 18:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 18:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/19 20:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/01/13 18:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/11/02 19:00:32 | 002,380,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/15 16:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 13:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 13:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 57 CA 9D 32 69 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA45BEE8-60CD-4719-AF8A-027EEA9A8323}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/12 16:24:11 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Intel Corporation
[2013/06/12 16:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/06/12 16:21:32 | 002,380,448 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013/06/12 16:21:31 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2013/06/12 16:21:31 | 000,063,648 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll
[2013/06/12 16:21:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2013/06/12 16:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2013/06/12 16:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2013/06/12 16:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/06/12 16:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/06/12 16:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2013/06/12 16:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013/06/12 16:03:08 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/06/12 16:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013/06/12 16:01:05 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/06/12 16:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
[2013/06/12 16:00:29 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/06/12 16:00:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/06/12 16:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/06/12 16:00:02 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013/06/12 16:00:02 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/06/12 16:00:02 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2013/06/12 16:00:02 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013/06/12 16:00:02 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013/06/12 16:00:02 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/06/12 16:00:02 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2013/06/12 16:00:02 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2013/06/12 16:00:02 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013/06/12 16:00:01 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013/06/12 16:00:01 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013/06/12 16:00:01 | 001,868,944 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013/06/12 16:00:01 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013/06/12 16:00:01 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/06/12 16:00:01 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013/06/12 16:00:01 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013/06/12 16:00:01 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/06/12 16:00:01 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/06/12 16:00:01 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/06/12 16:00:01 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/06/12 16:00:01 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013/06/12 16:00:01 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013/06/12 16:00:01 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/06/12 16:00:01 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/06/12 16:00:01 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013/06/12 16:00:00 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/06/12 16:00:00 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013/06/12 16:00:00 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013/06/12 16:00:00 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013/06/12 16:00:00 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013/06/12 16:00:00 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013/06/12 16:00:00 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013/06/12 16:00:00 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013/06/12 16:00:00 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013/06/12 16:00:00 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013/06/12 16:00:00 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013/06/12 16:00:00 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013/06/12 16:00:00 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013/06/12 16:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/06/12 15:59:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/06/12 15:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/06/12 15:57:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013/06/12 15:56:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/06/12 15:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/06/12 15:56:21 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\InstallShield
[2013/06/11 00:40:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/06/10 20:19:45 | 000,000,000 | R--D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/06/10 20:19:45 | 000,000,000 | R--D | C] -- C:\Users\Joel\Searches
[2013/06/10 20:19:45 | 000,000,000 | R--D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/06/10 20:19:23 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Identities
[2013/06/10 20:19:12 | 000,000,000 | R--D | C] -- C:\Users\Joel\Contacts
[2013/06/10 20:19:08 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\VirtualStore
[2013/06/10 20:18:31 | 000,000,000 | --SD | C] -- C:\Users\Joel\AppData\Roaming\Microsoft
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\Videos
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\Saved Games
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\Pictures
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\Music
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\Links
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\Favorites
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\Downloads
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\Documents
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\Desktop
[2013/06/10 20:18:31 | 000,000,000 | R--D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\AppData\Local\Temporary Internet Files
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\SendTo
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Recent
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Modelos
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Documents\Minhas músicas
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Documents\Minhas imagens
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Documents\Meus vídeos
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Meus documentos
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Menu Iniciar
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\AppData\Local\Histórico
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Dados de aplicativos
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\AppData\Local\Dados de aplicativos
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Cookies
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Configurações locais
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Ambiente de rede
[2013/06/10 20:18:31 | 000,000,000 | -HSD | C] -- C:\Users\Joel\Ambiente de impressão
[2013/06/10 20:18:31 | 000,000,000 | -H-D | C] -- C:\Users\Joel\AppData
[2013/06/10 20:18:31 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Temp
[2013/06/10 20:18:31 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Microsoft
[2013/06/10 20:18:31 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Media Center Programs
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\Program Files\Common Files\Sistema
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas músicas
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas imagens
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Meus vídeos
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dados de aplicativos
[2013/06/10 20:18:09 | 000,000,000 | -HSD | C] -- C:\Program Files\Arquivos Comuns
[2013/06/10 19:55:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/06/10 19:52:54 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/06/08 20:02:33 | 000,000,000 | -HSD | C] -- C:\found.001
[2013/06/07 19:18:17 | 000,000,000 | -HSD | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2013/06/14 16:35:34 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/14 16:35:34 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/14 16:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/14 16:06:18 | 001,491,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/14 16:06:18 | 000,654,470 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/06/14 16:06:18 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/14 16:06:18 | 000,124,922 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/06/14 16:06:18 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/12 17:44:10 | 2299,416,576 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/12 16:23:39 | 000,015,790 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/06/12 16:02:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_b57xdbd_01009.Wdf
[2013/06/10 20:13:40 | 000,274,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/10 19:57:46 | 000,051,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/06/10 19:57:46 | 000,051,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/06/12 16:23:39 | 000,015,790 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/06/12 16:02:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_b57xdbd_01009.Wdf
[2013/06/12 16:00:03 | 000,247,560 | ---- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2013/06/12 16:00:03 | 000,039,672 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT
[2013/06/12 16:00:03 | 000,003,206 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE4.DAT
[2013/06/12 16:00:03 | 000,001,448 | ---- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2013/06/12 16:00:03 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat
[2013/06/12 16:00:03 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat
[2013/06/12 16:00:03 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2013/06/12 16:00:03 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2013/06/12 16:00:03 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ1.dat
[2013/06/12 16:00:03 | 000,000,024 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2013/06/10 20:20:21 | 000,001,423 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/06/10 20:20:21 | 000,001,389 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/06/10 19:57:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/06/10 19:57:18 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/13 22:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >


Edited by Tyreal2015, 14 June 2013 - 02:10 PM.

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi and welcome to Geeks to Go. :)

I do not think malware is the problem here unless say you had some backups and re-applied and they were compromised to start with for example. Anyway lets proceed as follows and it in the long run it may just turn out to be a hardware related issue for example.

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate downloads are here or here.

  • Quit all running programs.
  • Right-click on on RogueKiller.exe and select Run as Administrator to start the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
Please post the contents of the RKreport.txt in your next reply.

Re-scan with OTL:

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan/Fixes box cut & paste this in:-
netsvcs
baseservices
%systemdrive%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CreateRestorePoint
dir "%systemdrive%\*" /S /A:L /C


  • Now click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • RogueKiller Log.
  • Both OTL Logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP