Solved Intermittent Startup Times 1.5min to 3min & suspect virus

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
No, still slow startup and loading programs.
Am trying fixlist.txt in safe mode. Will post when done.
Now 0730 in Michigan.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hiya Boonski910,

There is no need to run FRST again. I want you to try with your system in Clean Boot, see if that makes any difference..

Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135

When system is in clean boot reboot and see if the start time improves..

Thanks,

Kevin...

I`m in the UK, local time for me is 13:40...
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Any advice about using Autoruns. Very confusing.
For example: I found \ccleanerskipuac right click on it but it won't delete
also hometechsupportsvc.exe would not delete.
Not showing up in control panel apps list.
Clicking on showeverything tab the list is short I have to click on each tab separately.
Apparently Autoruns is showing up with some problems.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Can you not follow the instructions for clean boot, that is best option in this situation. All that is happening is non MS start up entries are being temporarily disabled..
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Clean boot start up took 2min 30 sec to Desktop. Checking TM CPU activity did not settle down until 8 minutes later.
Still waiting for fixlist.txt to finish scanning. Will send log contents asap.
If you recommend it I would use installation media to reinstall Windows 10, selecting keep personal files and apps.
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Here is the Fixlog.txt contents from a Clean Boot.
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by Ellen (20-09-2021 09:47:09) Run:4
Running from C:\Users\Ellen\Desktop
Loaded Profiles: Ellen
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scannow
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.

========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== "C:\WINDOWS\system32\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\system32\*.tmp" ========


=========== "C:\WINDOWS\syswow64\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\syswow64\*.tmp" ========


=========== EmptyTemp: ==========

BITS transfer queue => 14442496 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9502477 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 42054626 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 4906 B
Ellen => 34527 B

RecycleBin => 7004 B
EmptyTemp: => 63 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:39:42 ====
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Put your system back into normal mode, instructions in same link used for clean boot... Continue:

Scan with Autoruns

Please download Sysinternals Autoruns from the following link: https://live.sysinternals.com/autoruns.exe save it to your desktop.

Note: If using Windows Vista, Windows 7, Windows 8/8.1 or Windows 10 then you also need to do the following:

  • Right-click on Autoruns.exe and select Properties
  • Click on the Compatibility tab
  • Under Settings check the box next to Run this program as an administrator
  • Click on Apply then click OK

  • Double-click Autoruns.exe to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them:


    Hide empty locations
    Hide Windows entries


  • Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options:


    Verify code signatures
    Check VirusTotal.com


  • Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish.
  • When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns.
  • Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the ZIP folder you just created to your next reply
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Will scan w/autoruns next.
But, I discovered something very interesting.
No matter how long the computer has been on when I restart it takes 1min 19sec to view the Welcome screen and 2min 44 sec to view the Desktop with WinDef displayed in green.
However when I shut down completely and then Start the computer the Welcome screen appears in 18sec and the Desktop 1min 25sec.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Is fast startup active..? Fast startup helps your PC start up faster after shutdown. Unfortunately it does not help after restart.... That maybe the reason for time differences you mention...
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Downloaded Autoruns from above site, installed on Desktop but got an error 2X and the program aborted. See attached jpg error image.AutorunError.jpg
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Tried 3rd time to run Autoruns as outlined but before continuing with the scan I waited 10 minutes. This time the error did not pop up, the program just ended.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Did you check to see if fast startup is active...? that needs to be done to see what is causing the the start up time differences....

Regarding Autoruns, what you see happening is current information written to RAM is not being read or is no longer stored in RAM as the software progresses. That is basically the error you see unfolding as autoruns progresses.
Those errors are not uncommon, usually they clear after clicking ok and restarting the software. As this is clearly not happening I would totally shutdown your PC, then reboot, do not use restart option. That should clear ram and autoruns should then run.
Personally I see no reason to run Autoruns until "Fast Start Up" setting is checked...
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Shut down & restarted. Fast startup still enabled. Options set as described. Wait for about 10 min, hit Rescan and it starts for about 8 seconds then simply shuts off the program. Never get to a Ready status.
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top