Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Slow computer freezing a lot

4K views 48 replies 2 participants last post by  DR.M 
#1 ·
I have a Dell Laptop with Windows 10 Home. No matter what program I'm using, even if it's the only program I have running, like MS Word. It has become very slow and freezes for a good 2-3 minutes about every 5 minutes. Restarting the computer seems to help, but only for about 20 minutes. I saw a similar post and ran the scans that person said to ( https://forums.techguy.org/threads/desktop-computer-slow.1249509/), hopefully that will get the ball rolling. Malwarebytes, AdwCleaner, and farbar recovery scan tool. Can you help me? Do you need me to run anything else?

Only thing I noticed while doing these scans is that the post said AdwCleaner would ask me to restart the computer, and when I do a log should appear. That didn't happen, but I copied the logs myself and restarted the computer anyway. (If that makes a difference).

I do not use my computer for any kind of gaming, and do not use cortana. I had a McAfee subscription when I first got the computer, but it has been years since I've had an active subscription, but even using McAfee's remover tool, I cannot get rid of the McAfee files, even when I try as an administrator, it says access is denied. Only mention this because I can see in task manager it's always running, and it does not allow me to end the process, so not sure if that's contributing to the slowness or not.

Any help you can give would be appreciated!
 

Attachments

See less See more
#2 · (Edited)
Hi, Valeriedoeremi.

Let me guess... Are you a musician? Doremi, Finale, Audacity etc... Just a guess. :unsure::)
(No, I am not an inspector, just ... a musician! )

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

=========================

Unfortunately, I see signs in the logs that your hard disk is failing.

Certainly, there are several things to do, regarding McAfee, uninstalling programs and tidying up the computer, but the priority now is the disk. I recommend you to backup your personal files and data if you haven't already done this. We can't know when disk will completely fail, in a day, in a week, in a month or more, but the problems you are experiencing have to do with this.

After backup, please do the following:

1. Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    Code:
     chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

2. Check disk with CrystalDiskInfo
  • Download CrystalDiskInfo from here and save it to your Desktop.
  • Run the installer to install the program.
  • When finished, open the installed program by double clicking on it.
  • If everything is working properly, you should see the status "Good" displayed. Other statuses you might see include "Bad" (which usually indicates a drive that's dead or near death), "Caution" (which indicates a drive that you should most likely be thinking about backing up and replacing), and "Unknown" (which just means that information could not be obtained).
  • Take a screenshot of the result and attach it in your next reply. Here it is a useful article about taking screenshots, in case you need it (use method 2).

In your next reply please post:
  1. The result of the Chkdsk
  2. The screenshot of the CrystalDiskInfo result
 
#3 ·
Yes, I'm a music teacher, in fact! Is a failing disk something that can be fixed if caught before the failure, or is it a death sentence? I only bought this thing 4 or 5 years ago, and didn't even use it much until this past year because it was when Windows 10 was still fairly new and forced a lot of things to be running even if you didn't want them, so not being the highest quality processor, my computer ran like they did back when you had to use dial-up modems for the internet. So I mostly used my school issued computers. Updates finally fixed that, which is good because I went to a smaller district where I didn't have a school laptop, and have been using this one. Sad that it's dying with only about 1-2 years of use! :( Thanks for trying to help!

Just FYI, I keep getting a notification asking if I want Google to be able to make changes to my computer, I assume that's an update. Since your instructions said not to change anything during this process, I have clicked Do Not Allow for now.

Below are the things you asked for. The Crystal Disk had the option under file to save it as an image, so I just did that, hope it's ok. I did 2, because there was a scroll bar, so wanted to include the whole list for you.
Rectangle Font Screenshot Parallel Number
Rectangle Font Screenshot Parallel Number


ListChkdskresult:

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 4/15/2021 2:51:03 PM >------
Category: 0
Computer Name: DESKTOP-3704DLB
Event Code: 26228
Record Number: 7126
Source Name: Chkdsk
Time Written: 03-10-2021 @ 14:09:26
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.

Checking file system on \Device\HarddiskVolume3
Volume label is OS.

Examining 1 corruption record ...

Record 1 of 1: Corruption in index "$I30" of directory "\Users\Administrator\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64 <0xb,0x4d3f8>" ... The multi-sector header signature for VCN 0x6 of index $I30
in file 0x4d3f8 is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ?? ÿÿÿÿÿÿÿÿ........
The first index entry offset, 0xffffffff, for index $I30 in file 0x4d3f8
points beyond the length, 0xfe8, of the index. VCN is unknown.
corruption found.

1 corruption record processed in 4.2 seconds.

Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.

-----------------------------------------------------------------------
Category: 0
Computer Name: DESKTOP-3704DLB
Event Code: 26228
Record Number: 7125
Source Name: Chkdsk
Time Written: 03-10-2021 @ 14:08:53
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.

Checking file system on \Device\HarddiskVolume3
Volume label is OS.

Examining 1 corruption record ...

Record 1 of 1: Bad index "$I30" in directory "\Users\Valerie Burns\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a93ee23d22f7d2b41c4d922f566446f904d0156d\d2f5075e-c322-47e7-af0c-49ecbb3d70bf <0x10,0x5ef5d>" ... The multi-sector header signature for VCN 0x0 of index $I30
in file 0x5ef5d is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ?? ÿÿÿÿÿÿÿÿ........
corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.

-----------------------------------------------------------------------
Category: 0
Computer Name: DESKTOP-3704DLB
Event Code: 26226
Record Number: 6990
Source Name: Chkdsk
Time Written: 03-09-2021 @ 07:57:19
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.

Checking file system on \Device\HarddiskVolume3
Volume label is OS.

Stage 1: Examining basic file system structure ...
685824 file records processed.

File verification completed.
Phase duration (File record verification): 46.13 seconds.
11201 large file records processed.

Phase duration (Orphan file record recovery): 0.00 milliseconds.
0 bad file records processed.

Phase duration (Bad file record checking): 0.04 milliseconds.

Stage 2: Examining file name linkage ...
4783 reparse records processed.

Read failure with status 0xc000009c at offset 0x23a712000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x23a712000 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0x23a712000 for 0x1000 bytes.
Found 0x1 bad clusters in file "\Windows\WinSxS\amd64_microsoft-windows-s..nt-sku-core-license_31bf3856ad364e35_10.0.19041.662_none_7b6005d563dfe9a2\f <0x36,0x33af7>" starting at file offset 0
was not able to send command for self-healing due to lack of memory.
Found a bad index "$I30" in directory "\Windows\WinSxS\amd64_microsoft-windows-s..nt-sku-core-license_31bf3856ad364e35_10.0.19041.662_none_7b6005d563dfe9a2\f <0x36,0x33af7>"
... queued for offline repair.
The down pointer of current index entry with length 0x98 is invalid.
b0 c6 08 00 00 00 03 00 98 00 80 00 01 00 00 00 ..............
f7 3a 03 00 00 00 36 00 9e 94 22 10 ff ac d6 01 .:....6..".ÿ¬..
9e 94 22 10 ff ac d6 01 3d af df a8 58 f0 d6 01 .".ÿ¬..=¯.¨X...
a2 87 ef d4 d1 ad d6 01 00 10 00 00 00 00 00 00 ¢.............
1d 03 00 00 00 00 00 00 20 00 00 00 00 00 00 00 ........ .......
1f 00 43 00 6f 00 72 00 65 00 2d 00 4f 00 45 00 ..C.o.r.e.-.O.E.
4d 00 2d 00 44 00 4d 00 2d 00 34 00 2d 00 75 00 M.-.D.M.-.4.-.u.
6c 00 2d 00 6f 00 6f 00 62 00 2d 00 72 00 74 00 l.-.o.o.b.-.r.t.
6d 00 2e 00 78 00 72 00 6d 00 2d 00 6d 00 73 00 m...x.r.m.-.m.s.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ?? ÿÿÿÿÿÿÿÿ........
Found a mis-ordered index "$I30" from directory "\Windows\WinSxS\amd64_microsoft-windows-s..nt-sku-core-license_31bf3856ad364e35_10.0.19041.662_none_7b6005d563dfe9a2\f <0x36,0x33af7>"
... queued for offline repair.
Read failure with status 0xc000009c at offset 0x223d1c000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x223d16000 for 0x7000 bytes.
Read failure with status 0xc000009c at offset 0x223d1c000 for 0x1000 bytes.
Found 0x1 bad clusters in file "\Users\Administrator\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64 <0xb,0x4d3f8>" starting at file offset 0x6
... queued for offline repair.
The USA check value, 0x65, at block 0x1 is incorrect.
The expected value is 0x3.
Found corruption in index "$I30" of directory "\Users\Administrator\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64 <0xb,0x4d3f8>"
... queued for offline repair.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 ................
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ?? ÿÿÿÿÿÿÿÿ........
Found a mis-ordered index "$I30" from directory "\Users\Administrator\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64 <0xb,0x4d3f8>"
... queued for offline repair.
Found corruption in index "$I30" of directory "\Users\Valerie Burns\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a93ee23d22f7d2b41c4d922f566446f904d0156d\d2f5075e-c322-47e7-af0c-49ecbb3d70bf <0x10,0x5ef5d>"
... queued for offline repair.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 ................
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ?? ÿÿÿÿÿÿÿÿ........
Found a mis-ordered index "$I30" from directory "\Users\Valerie Burns\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a93ee23d22f7d2b41c4d922f566446f904d0156d\d2f5075e-c322-47e7-af0c-49ecbb3d70bf <0x10,0x5ef5d>"
... queued for offline repair.
935404 index entries processed.

Index verification completed.
Phase duration (Index verification): 11.59 minutes.

Phase duration (Orphan reconnection): 0.00 milliseconds.
Found 22 missing entries (\Users\Administrator\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Applications.Telemetry.Windows.dll <0xc,0x4daac>, ...) in index "$I30" of directory "\Users\Administrator\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64 <0xb,0x4d3f8>"
... queued for offline repair.
Found 4 missing entries (\Users\Valerie Burns\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a93ee23d22f7d2b41c4d922f566446f904d0156d\d2f5075e-c322-47e7-af0c-49ecbb3d70bf\index <0xf,0x5ef60>, ...) in index "$I30" of directory "\Users\Valerie Burns\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a93ee23d22f7d2b41c4d922f566446f904d0156d\d2f5075e-c322-47e7-af0c-49ecbb3d70bf <0x10,0x5ef5d>"
... queued for offline repair.
Found 13 missing entries (\Windows\WinSxS\amd64_microsoft-windows-s..nt-sku-core-license_31bf3856ad364e35_10.0.19041.662_none_7b6005d563dfe9a2\f\Core-OEM-DM-1-pl-rtm.xrm-ms <0x3,0x8c696>, ...) in index "$I30" of directory "\Windows\WinSxS\amd64_microsoft-windows-s..nt-sku-core-license_31bf3856ad364e35_10.0.19041.662_none_7b6005d563dfe9a2\f <0x36,0x33af7>"
... queued for offline repair.

Phase duration (Orphan recovery to lost and found): 3.17 milliseconds.
4783 reparse records processed.

Phase duration (Reparse point and Object ID verification): 56.25 milliseconds.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Phase duration (Security descriptor verification): 3.79 seconds.
124791 data files processed.

Phase duration (Data attribute verification): 0.05 milliseconds.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has found problems that must be fixed offline.
Please run "chkdsk /spotfix" to fix the issues.

474771238 KB total disk space.
162443640 KB in 434160 files.
282808 KB in 124792 indexes.
1000414 KB in use by the system.
65536 KB occupied by the log file.
311044364 KB available on disk.

4096 bytes in each allocation unit.
118692809 total allocation units on disk.
77761091 allocation units available on disk.
Total duration: 12.55 minutes (753357 ms).

----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...
"chkdsk /scan" is aborting due to self-healing command failure: 0xc0000102
"chkdsk /f" will be required to repair the volume.
The index buffer at VCN 0x0 of index $I30 in file 0x33af7
cannot be read.
Correcting error in index $I30 for file 33AF7.
The index bitmap $I30 in file 0x33af7 is incorrect.
CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 33AF7.
Sorting index $I30 in file 33AF7.
The multi-sector header signature for VCN 0x6 of index $I30
in file 0x4d3f8 is incorrect.
42 41 41 44 28 00 09 00 ?? ?? ?? ?? ?? ?? ?? ?? BAAD(. .........
Correcting error in index $I30 for file 4D3F8.
The index bitmap $I30 in file 0x4d3f8 is incorrect.
CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 4D3F8.
Sorting index $I30 in file 4D3F8.
The multi-sector header signature for VCN 0x0 of index $I30
in file 0x5ef5d is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ?? ÿÿÿÿÿÿÿÿ........
Correcting error in index $I30 for file 5EF5D.
The index bitmap $I30 in file 0x5ef5d is incorrect.
CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 5EF5D.
Sorting index $I30 in file 5EF5D.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file MICROS~1.DLL (4DAAC) into directory file 4D3F8.
Recovering orphaned file Microsoft.Applications.Telemetry.Windows.dll (4DAAC) into directory file 4D3F8.
Recovering orphaned file MICROS~1.DLL (4DAAC) into directory file 4D3F8.
Recovering orphaned file Microsoft.Applications.Telemetry.Windows.dll (4DAAC) into directory file 4D3F8.
Recovering orphaned file MICROS~2.DLL (4DABC) into directory file 4D3F8.
Recovering orphaned file Microsoft.Bond.dll (4DABC) into directory file 4D3F8.
Recovering orphaned file MICROS~2.DLL (4DABC) into directory file 4D3F8.
Recovering orphaned file Microsoft.Bond.dll (4DABC) into directory file 4D3F8.
Recovering orphaned file MICROS~3.DLL (4DABD) into directory file 4D3F8.
Recovering orphaned file Microsoft.Bond.Interfaces.dll (4DABD) into directory file 4D3F8.
Skipping further messages about recovering orphans.
39 unindexed files recovered to original directory.

Stage 3: Examining security descriptors ...
Adding 2 bad clusters to the Bad Clusters File.

-----------------------------------------------------------------------
Category: 0
Computer Name: DESKTOP-3704DLB
Event Code: 26228
Record Number: 6831
Source Name: Chkdsk
Time Written: 03-08-2021 @ 17:36:13
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.

Checking file system on \Device\HarddiskVolume3
Volume label is OS.

Examining 1 corruption record ...

Record 1 of 1: Bad index "$I30" in directory "\Users\Valerie Burns\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a93ee23d22f7d2b41c4d922f566446f904d0156d\d2f5075e-c322-47e7-af0c-49ecbb3d70bf <0x10,0x5ef5d>" ... The multi-sector header signature for VCN 0x0 of index $I30
in file 0x5ef5d is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ?? ÿÿÿÿÿÿÿÿ........
corruption found.

1 corruption record processed in 0.4 seconds.

Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.

-----------------------------------------------------------------------
 
#4 ·
Yes, I'm a music teacher, in fact!
(y)

Sad that it's dying with only about 1-2 years of use!
Let's clear something: the disk is "dying", not the computer. You said that you bought it 4-5 years ago, so it is normal for the disk to need a replacement, even thought there are disks which can live much longer. I replaced my first hard disk in 2016, 4 years after I bought the computer. Now, I'm still with the "new" disk and everything is fine until now (fingers crossed).

Based on the results above, there are signs of disk corruptions and the Caution indication means that you have to consider backup your files and replace the disk.

Let's cross the result with this check:

Failure Prediction
  • Press the Windows + R keys to open the Run dialog
  • Type powershell.exe , press at the same time Control and Shift keys and then Enter
  • Copy and paste the command below and press Enter
    Code:
    Get-WmiObject -namespace root\wmi –class MSStorageDriver_FailurePredictStatus
  • Report what is written beside the title PredictFailure (True or False)
 
#5 ·
Oh ok. The desktop that I replaced with this laptop had it's motherboard die and was told it would be more $ to replace that then to get a new computer by the tech person at my school, so I did. I have no idea if the motherboard and the disk are the same thing or not! :)

It said False.


__GENUS : 2
__CLASS : MSStorageDriver_FailurePredictStatus
__SUPERCLASS : MSStorageDriver
__DYNASTY : MSStorageDriver
__RELPATH : MSStorageDriver_FailurePredictStatus.InstanceName="SCSI\\Disk&Ven_WDC&Prod_WD5000LPCX-75VHA\\4&19169
3a4&0&000000_0"
__PROPERTY_COUNT : 4
__DERIVATION : {MSStorageDriver}
__SERVER : DESKTOP-3704DLB
__NAMESPACE : root\wmi
__PATH : \\DESKTOP-3704DLB\root\wmi:MSStorageDriver_FailurePredictStatus.InstanceName="SCSI\\Disk&Ven_WDC&Pro
d_WD5000LPCX-75VHA\\4&191693a4&0&000000_0"
Active : True
InstanceName : SCSI\Disk&Ven_WDC&Prod_WD5000LPCX-75VHA\4&191693a4&0&000000_0
PredictFailure : False
Reason : 0
PSComputerName : DESKTOP-3704DLB
 
#6 ·
No, motherboard and disk are certainly not the same thing. Disk can be replaced easily and it doesn’t cost much.

False in the result above means that you have time to take action. I have prepared some instructions regarding your FRST logs, but I prefer not to post them, until you do make a backup of your files. Besides, there is no active infection's signs in the logs. After the backup, we can continue here with the instructions. You can continue using this old disk, running the CrystalDiskInfo in a daily basis. As soon as the indication changes to Bad, you will have to replace immediately your hard disk. That means you have to order a new disk for the laptop and you have to do this now.

See the attachment to check what you have to take in mind when you will order a new disk.

1. The brand
2. Transfer mode
3. Buffer size
4. Rotation rate

Take notes about your disk's specifications now (from the CrystalDiskInfo result), and any improvement regarding them is welcome.

Make your search online and when you are ready, we can continue here, fixing what we can. But as I told you, no one can tell for how long you can use the computer with this disk. You already said that everything became so difficult with it.

Let me know if you have any questions.
 

Attachments

#7 ·
Hello-
I did back up my computer as you instructed before I ran the things you told me to. I think I got everything. It's hard to be sure, because sometimes the computer saves things where I didn't know it, or in the administrator account, my account, default account, or all users (even though this never has everything from all users).

I have never had to look for computer parts before, is the disk something that I need to buy from Dell since this is a Dell, or can it be bought from anywhere? If so, is there a place you would recommend getting it from? The 4 things you said to take note of...#1 was the brand...is that the long letter/number thing that your 1st red arrow is pointing to (as the other 3 arrows are pointing to items #2-4 on your list)? Sorry for my dumb questions!
 
#8 · (Edited)
Hi, Doremi.

Actually, you can go to C:\Users , find your User account and copy it in an external disk. Alternatively, you can go to your User account and select from there whatever you want (e.g. Documents, Videos, Music, Pictures, Downloads, Desktop...).

Have in mind that you can't back up programs. You will need to install them from the very beginning. So, if you have licenses for specific programs (E.g. Finale), make sure you have them in a place that you find them easily after the disk replacement.

Disk has nothing to do with Dell. You can search about one in Amazon.

Here are the specifications of your computer's disk:

disk2.jpg


The model is WD (Western Digital) and the capacity is 500GB (I forgot to mark that with the yellow marker).
Transfer mode: SATA/600
Buffer size: 16MB
Rotation Rate: 5400RPM

Assuming it is a laptop, you want a 2.5'' disk and not 3.5'' which is for Desktop computers.

This is your disk now: https://www.amazon.com/Blue-500GB-Mobile-Hard-Drive/dp/B013QFRZL2

This is a similar one, but with 1T capacity: https://www.amazon.com/Seagate-Barr.../B07H28QRKN/ref=psdc_1254762011_t1_B013QFRZL2

There are also these with better specifications:

https://www.amazon.com/Hitachi-Trav...ata+6g+7200rpm+hitachi&qid=1618554735&sr=8-26

https://www.amazon.com/HGST-Travels...7912a&pd_rd_wg=i7jAs&pd_rd_i=B07KPQ6JK7&psc=1

There is also the SSD solution, instead of a hard disk (faster but cost much more).

Make your search and when you choose one, let me know, if you want.
 
#10 ·
#14 ·
It's ordered!
Good job!

You said there's some things we can do with the current drive in the meantime?
If you are going to replace the disk as soon as it arrives, there is no meaning of taking any action now.

If you want to continue using the old disk, until it completely fails, then we can proceed.

Let me know your decision.
 
#15 ·
The disk won't get here until next weekend. If you think my current one should be ok until then, we can wait until I get it. I just don't want this thread to automatically close because it will be more than 3 days before I have the new part. Can we keep it open until then?
 
#16 ·
Hi, Valerie.

Yes, the topic will remain open, until everything is fine with your disk. Since you made a backup, let's make an effort.

1. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
Dell Digital Delivery
Dell Product Registration
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\Valerie Burns\Amazon Drive:com.amazon.drive.sync [178]
AlternateDataStreams: C:\Users\Valerie Burns\Amazon Drive:com.amazon.drive.sync.root [42]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-3429261077-3671411131-4276997704-1001 -> DefaultScope {1142671E-7C50-44DF-8D88-0B0DBE23A9AF} URL =
SearchScopes: HKU\S-1-5-21-3429261077-3671411131-4276997704-1001 -> {1142671E-7C50-44DF-8D88-0B0DBE23A9AF} URL =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.59\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.59\BHO\ie_to_edge_bho.dll => No File
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: Dell Help & Support => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: DellUpdate => 2
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
Task: {3CFCE003-130D-40A7-A239-E7C1FA692F7D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F4EBEF1B-B047-48C6-8BC4-B08A003539A4} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [1595 2016-09-14] () [File not signed]
S4 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell Inc -> Dell)
S4 Dell Foundation Services; "C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe" [X]
S4 Dell Help & Support; "C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe" [X]
S4 DellDigitalDelivery; "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X]
S4 DellUpdate; "C:\Program Files (x86)\Dell Update\DellUpService.exe" [X]
S2 DpmLiteDrv; \??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [X]
C:\WINDOWS\system32\Tasks\McAfee
C:\Users\Administrator\Downloads\MCPR.exe
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:

1. The fixlog.txt
 
#17 ·
I hit fix. It started to run, and I walked away for a minute. When I came back, It had shut down and there was no report. I ran it again and got it to finish this time. Here's the report:
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Valerie Burns (17-04-2021 11:06:28) Run:2
Running from C:\Users\Valerie Burns\Desktop
Loaded Profiles: defaultuser0 & Valerie Burns & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Users\Valerie Burns\Amazon Drive:com.amazon.drive.sync [178]
AlternateDataStreams: C:\Users\Valerie Burns\Amazon Drive:com.amazon.drive.sync.root [42]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-3429261077-3671411131-4276997704-1001 -> DefaultScope {1142671E-7C50-44DF-8D88-0B0DBE23A9AF} URL =
SearchScopes: HKU\S-1-5-21-3429261077-3671411131-4276997704-1001 -> {1142671E-7C50-44DF-8D88-0B0DBE23A9AF} URL =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.59\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.59\BHO\ie_to_edge_bho.dll => No File
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: Dell Help & Support => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: DellUpdate => 2
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
Task: {3CFCE003-130D-40A7-A239-E7C1FA692F7D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F4EBEF1B-B047-48C6-8BC4-B08A003539A4} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [1595 2016-09-14] () [File not signed]
S4 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell Inc -> Dell)
S4 Dell Foundation Services; "C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe" [X]
S4 Dell Help & Support; "C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe" [X]
S4 DellDigitalDelivery; "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X]
S4 DellUpdate; "C:\Program Files (x86)\Dell Update\DellUpService.exe" [X]
S2 DpmLiteDrv; \??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [X]
C:\WINDOWS\system32\Tasks\McAfee
C:\Users\Administrator\Downloads\MCPR.exe
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CLVDShellExt => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\CLVDShellExt => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
C:\Users\Valerie Burns\Amazon Drive => ":com.amazon.drive.sync" ADS could not remove.
C:\Users\Valerie Burns\Amazon Drive => ":com.amazon.drive.sync.root" ADS could not remove.
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
"HKU\S-1-5-21-3429261077-3671411131-4276997704-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-3429261077-3671411131-4276997704-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1142671E-7C50-44DF-8D88-0B0DBE23A9AF} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ClientAnalyticsService => not found
HKLM\System\CurrentControlSet\Services\ClientAnalyticsService => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HomeNetSvc => not found
HKLM\System\CurrentControlSet\Services\HomeNetSvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McAfee SiteAdvisor Service => not found
HKLM\System\CurrentControlSet\Services\McAfee SiteAdvisor Service => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McAWFwk => not found
HKLM\System\CurrentControlSet\Services\McAWFwk => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McBootDelayStartSvc => not found
HKLM\System\CurrentControlSet\Services\McBootDelayStartSvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mccspsvc => not found
HKLM\System\CurrentControlSet\Services\mccspsvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McNaiAnn => not found
HKLM\System\CurrentControlSet\Services\McNaiAnn => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McODS => not found
HKLM\System\CurrentControlSet\Services\McODS => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mcpltsvc => not found
HKLM\System\CurrentControlSet\Services\mcpltsvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McProxy => not found
HKLM\System\CurrentControlSet\Services\McProxy => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MSK80Service => not found
HKLM\System\CurrentControlSet\Services\MSK80Service => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Dell Foundation Services => not found
HKLM\System\CurrentControlSet\Services\Dell Foundation Services => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Dell Help & Support => not found
HKLM\System\CurrentControlSet\Services\Dell Help & Support => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DellDigitalDelivery => not found
HKLM\System\CurrentControlSet\Services\DellDigitalDelivery => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DellUpdate => not found
HKLM\System\CurrentControlSet\Services\DellUpdate => not found
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CFCE003-130D-40A7-A239-E7C1FA692F7D}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4EBEF1B-B047-48C6-8BC4-B08A003539A4}" => not found
"C:\WINDOWS\System32\Tasks\Dell Cleanup" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell Cleanup" => not found
Product Registration => service not found.
Dell Foundation Services => service not found.
Dell Help & Support => service not found.
DellDigitalDelivery => service not found.
DellUpdate => service not found.
DpmLiteDrv => service not found.
"C:\WINDOWS\system32\Tasks\McAfee" => not found
"C:\Users\Administrator\Downloads\MCPR.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7362640 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 764366 B
Edge => 0 B
Chrome => 11275296 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 32858 B
NetworkService => 41945560 B
defaultuser0 => 41952728 B
Valerie Burns => 947533610 B
Administrator => 990227344 B

RecycleBin => 21238965196 B
EmptyTemp: => 21.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:12:02 ====
 
#18 ·
Good. It seems that the fix did its job from the first time, that's why the "Not found" for most of the entries.

The fix cleared almost 22GB temporary files! That's a lot of free space!

Can I see fresh FRST logs now, please?
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 
#20 ·
Thank you, Valerie.

1. Firewall rules

Have you set a Firewall rule regarding Chrome?

It seems that you blocked this: C:\program files (x86)\google\chrome\application\chrome.exe

2. Check Windows Defender

2.1. From Task Manager
  • Right click anywhere on the Taskbar and choose Task Manager.
  • Select the tab Start-up.
  • Check if Windows Security or Windows Defender is disabled. If yes, select it and click on the Enable button.
2.2. From Settings
  • Go to Settings (Windows logo on the keyboard + i)
  • Select Privacy & Security
  • From the left pane, Windows Security
  • Open Windows Security
  • Please take a screenshot of what you see at the Security at a glance screen (Microsoft's instructions of how to take screenshots using snipping tool are here)

2.3. Set Malwarebytes settings
  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT CHECKED.
Under the title Potentially unwanted items all options are set to Always.
3. Disable the built-in Administrator account

There is no need to have enabled the built-in Administrator account. We usually enable it to fix issues and then disable it again.

To disable the account:
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter to execute it:
Code:
net user administrator /active:no
  • Restart the computer choosing your usual account to login.

In your next reply please post:
  1. Your reply regarding Firewall rules
  2. Your reply regarding Windows Defender
 
#21 ·
1. I have not set it to block Chrome. However, every time I open Chrome, it asks me if I want to allow the Chrome update to make changes to my computer. Per your instructions at the beginning to not change anything while you're helping me, I keep clicking no, so I guess that could be what is being blocked.
2.1 Task Manager doesn't show either of those under startup. Only the notification icon is there:
Rectangle Font Screenshot Operating system Software

2.2 In my settings, Privacy and Security are separate:
Purple Rectangle Violet Font Screenshot
but I found it under Update & Security:
Screenshot Font Rectangle Software Multimedia
Rectangle Font Screenshot Software Electronic device

2.3 The 1st one didn't have the expert algorithms checked, so I fixed that.
The 2nd item, I can't change, I don't have premium. The 3rd item was set to always.

3. done.
 
#23 ·
Hi, Valerie.

I want you to enable Windows Security notifications icon in Start-up items (1st screenshot above).

Then I would like to see a screenshot of the window that opens when you click on Open Windows Security (3rd screenshot above).
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top