Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Ethereum mailing list breach exposes 35,000 to crypto draining attack

Featured Deal: Upgrade your iPad with an Apple Magic Keyboard Folio for under $90

Latest Buyer's Guide:    Best web browsers with built in VPN: Boost online privacy

Generic User Avatar

Computer is very slow';

Started by Lucy777 , May 29 2024 08:12 PM

  • Please log in to reply
99 replies to this topic

#16 Lucy777

Lucy777
  • Topic Starter

  • Avatar image
  • Members
  • 57 posts
  • OFFLINE
    •  
  • Local time:02:08 AM

Posted 01 June 2024 - 01:50 PM

Here is the chkdsk log. I believe it is the only thing you were still waiting for?

Thank you

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 6/1/2024 12:45:11 PM >------
Category: 0
Computer Name: SAMSUNG
Event Code: 1001
Record Number: 135602
Source Name: Microsoft-Windows-Wininit
Time Written: 06-01-2024 @ 17:20:47
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Local Disk.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
Stage 1: Examining basic file system structure ...
Cleaning up instance tags for file 0x12129f.
  2583552 file records processed.                                                        
 
 
File verification completed.
 Phase duration (File record verification): 10.65 minutes.
  52505 large file records processed.                                   
 
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                     
 
 
 Phase duration (Bad file record checking): 1.50 milliseconds.
 
Stage 2: Examining file name linkage ...
  114888 reparse records processed.                                      
 
 
  3416966 index entries processed.                                                       
 
 
Index verification completed.
 Phase duration (Index verification): 1.07 hours.
  0 unindexed files scanned.                                        
 
 
 Phase duration (Orphan reconnection): 44.84 seconds.
  0 unindexed files recovered to lost and found.                    
 
 
 Phase duration (Orphan recovery to lost and found): 1.08 minutes.
  114888 reparse records processed.                                      
 
 
 Phase duration (Reparse point and Object ID verification): 4.92 minutes.
 
Stage 3: Examining security descriptors ...
Cleaning up 1037 unused index entries from index $SII of file 0x9.
Cleaning up 1037 unused index entries from index $SDH of file 0x9.
Cleaning up 1037 unused security descriptors.
Security descriptor verification completed.
 Phase duration (Security descriptor verification): 468.76 milliseconds.
  416708 data files processed.                                           
 
 
 Phase duration (Data attribute verification): 1.71 milliseconds.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
 
Stage 4: Looking for bad clusters in user file data ...
  2583536 files processed.                                                               
 
 
File data verification completed.
 Phase duration (User file recovery): 14.87 hours.
 
Stage 5: Looking for bad, free clusters ...
  116658269 free clusters processed.                                                       
 
 
Free space verification is complete.
 Phase duration (Free space recovery): 0.00 milliseconds.
 
Windows has made corrections to the file system.
No further action is required.
 
1950982140 KB total disk space.
1480408960 KB in 2005032 files.
   1197976 KB in 416709 indexes.
         0 KB in bad sectors.
   2742124 KB in use by the system.
     65536 KB occupied by the log file.
 466633080 KB available on disk.
 
      4096 bytes in each allocation unit.
 487745535 total allocation units on disk.
 116658270 allocation units available on disk.
Total duration: 16.23 hours (58448846 ms).
 
Internal Info:
00 6c 27 00 33 f3 24 00 cc 5f 44 00 00 00 00 00  .l'.3.$.._D.....
f6 3b 00 00 d2 84 01 00 00 00 00 00 00 00 00 00  .;..............
 
-----------------------------------------------------------------------
Category: 0
Computer Name: SAMSUNG
Event Code: 26212
Record Number: 135223
Source Name: Chkdsk
Time Written: 05-31-2024 @ 04:10:14
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode on a volume snapshot.  
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Local Disk.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Cleaning up instance tags for file 0x12129f.
  2583552 file records processed.                                                        
 
File verification completed.
 Phase duration (File record verification): 24.44 minutes.
  52510 large file records processed.                                   
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                     
 
 Phase duration (Bad file record checking): 0.06 milliseconds.
 
Stage 2: Examining file name linkage ...
  114885 reparse records processed.                                      
 
 
-----------------------------------------------------------------------
Category: 0
Computer Name: SAMSUNG
Event Code: 26226
Record Number: 115716
Source Name: Chkdsk
Time Written: 01-29-2024 @ 15:17:32
Event Type: Information
User: 
Message: Chkdsk was executed in scan mode on a volume snapshot.  
 
Checking file system on G:
Volume label is Seagate__Bk_Hub.
 
Stage 1: Examining basic file system structure ...
  1213696 file records processed.                                                        
 
File verification completed.
 Phase duration (File record verification): 55.71 seconds.
  2842 large file records processed.                                   
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                     
 
 Phase duration (Bad file record checking): 5.42 milliseconds.
 
Stage 2: Examining file name linkage ...
  1409 reparse records processed.                                      
 
  1244668 index entries processed.                                                       
 
Index verification completed.
 Phase duration (Index verification): 3.31 minutes.
 
 Phase duration (Orphan reconnection): 618.23 milliseconds.
 
 Phase duration (Orphan recovery to lost and found): 271.89 milliseconds.
  1409 reparse records processed.                                      
 
 Phase duration (Reparse point and Object ID verification): 1.62 seconds.
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
 Phase duration (Security descriptor verification): 338.53 milliseconds.
  15487 data files processed.                                           
 
 Phase duration (Data attribute verification): 2.88 milliseconds.
CHKDSK is verifying Usn Journal...
  1464 USN bytes processed.                                                           
 
Usn Journal verification completed.
 Phase duration (USN journal verification): 14.43 milliseconds.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
   7630755 MB total disk space.
   7063541 MB in 774400 files.
    336232 KB in 15488 indexes.
   1518811 KB in use by the system.
     65536 KB occupied by the log file.
 578972352 KB available on disk.
 
      4096 bytes in each allocation unit.
1953473535 total allocation units on disk.
 144743088 allocation units available on disk.
Total duration: 4.28 minutes (257335 ms).
 
----------------------------------------------------------------------
 
 
Stage 1: Examining basic file system structure ...
 
Stage 2: Examining file name linkage ...
 
Stage 3: Examining security descriptors ...
 
-----------------------------------------------------------------------
Category: 0
Computer Name: SAMSUNG
Event Code: 26214
Record Number: 113841
Source Name: Chkdsk
Time Written: 01-12-2024 @ 16:29:33
Event Type: Information
User: 
Message: Chkdsk was executed in read/write mode.  
 
Checking file system on G:
Volume dismounted.  All opened handles to this volume are now invalid.
Volume label is Seagate Main Backup Plus Hub-1.
 
Stage 1: Examining basic file system structure ...
The allocated length 0x36000 is not in multiple of 0x10000 for attribute
of type 0x80 and instance tag 0x0.
  1213696 file records processed.                                                        
 
File verification completed.
 Phase duration (File record verification): 51.06 seconds.
  2843 large file records processed.                                   
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                     
 
 Phase duration (Bad file record checking): 1.21 milliseconds.
 
Stage 2: Examining file name linkage ...
  1651 reparse records processed.                                      
 
Index entry EASYFI~1.MP4 of index $I30 in file 0xe75e points to unused file 0xe760.
Deleting index entry EASYFI~1.MP4 in index $I30 of file E75E.
  1244712 index entries processed.                                                       
 
Index verification completed.
 Phase duration (Index verification): 2.12 minutes.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file The Littlest Hobo (1979) 06x01 - Second Best.mp4 (3D1F) into directory file 55D29.
There is no DOS file name attribute in file 0x3d1f.
Correcting minor file name errors in file 3D1F.
Recovering orphaned file The Littlest Hobo (1979) 06x02 - Three Monkeys of Bah Roghar (Part 1).mp4 (43F5) into directory file 55D29.
There is no DOS file name attribute in file 0x43f5.
Correcting minor file name errors in file 43F5.
Recovering orphaned file Arliss S01E02 Negotiating It's Never (Full Episodes).mp4 (52533) into directory file 524E6.
There is no DOS file name attribute in file 0x52533.
Correcting minor file name errors in file 52533.
Recovering orphaned file Arliss S01E02 Negotiating It's Never (Full Episodes).srt (52534) into directory file 524E6.
There is no DOS file name attribute in file 0x52534.
Correcting minor file name errors in file 52534.
Recovering orphaned file Arliss S01E03 Athletes Are Role Mod (Full Episodes).mp4 (52535) into directory file 524E6.
There is no DOS file name attribute in file 0x52535.
Correcting minor file name errors in file 52535.
Recovering orphaned file Arliss S01E03 Athletes Are Role Mod (Full Episodes).srt (52536) into directory file 524E6.
There is no DOS file name attribute in file 0x52536.
Correcting minor file name errors in file 52536.
Recovering orphaned file Arliss S01E04 How To Turn (Full Episodes).mp4 (52537) into directory file 524E6.
There is no DOS file name attribute in file 0x52537.
Correcting minor file name errors in file 52537.
Recovering orphaned file Arliss S01E04 How To Turn (Full Episodes).srt (52538) into directory file 524E6.
There is no DOS file name attribute in file 0x52538.
Correcting minor file name errors in file 52538.
Recovering orphaned file Arliss S01E05-What About The Fans.avi (52539) into directory file 524E6.
There is no DOS file name attribute in file 0x52539.
Correcting minor file name errors in file 52539.
Recovering orphaned file Arliss S01E06 The Company You Keep (Full Episodes).mp4 (5253A) into directory file 524E6.
Skipping further messages about recovering orphans.
There is no DOS file name attribute in file 0x5253a.
Correcting minor file name errors in file 5253A.
There is no DOS file name attribute in file 0x5253b.
Correcting minor file name errors in file 5253B.
There is no DOS file name attribute in file 0x52554.
Correcting minor file name errors in file 52554.
There is no DOS file name attribute in file 0x5255c.
Correcting minor file name errors in file 5255C.
 
  13 unindexed files recovered to original directory.
 Phase duration (Orphan reconnection): 0.00 milliseconds.
CHKDSK is recovering remaining unindexed files.
 
    Lost and found is located at \found.002
 
 Phase duration (Orphan recovery to lost and found): 0.00 milliseconds.
  1651 reparse records processed.                                      
 
 Phase duration (Reparse point and Object ID verification): 262.34 milliseconds.
 
Stage 3: Examining security descriptors ...
Cleaning up 30 unused index entries from index $SII of file 0x9.
Cleaning up 30 unused index entries from index $SDH of file 0x9.
Cleaning up 30 unused security descriptors.
Security descriptor verification completed.
 Phase duration (Security descriptor verification): 23.67 milliseconds.
  15509 data files processed.                                           
 
 Phase duration (Data attribute verification): 8.22 milliseconds.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.
 
Windows has made corrections to the file system.
No further action is required.
 
   7630755 MB total disk space.
   7153995 MB in 774627 files.
    336540 KB in 15511 indexes.
   1518299 KB in use by the system.
     65536 KB occupied by the log file.
 486347544 KB available on disk.
 
      4096 bytes in each allocation unit.
1953473535 total allocation units on disk.
 121586886 allocation units available on disk.
Total duration: 2.99 minutes (179736 ms).
 
-----------------------------------------------------------------------
Category: 0
Computer Name: SAMSUNG
Event Code: 26226
Record Number: 113838
Source Name: Chkdsk
Time Written: 01-12-2024 @ 16:23:47
Event Type: Information
User: 
Message: Chkdsk was executed in scan mode on a volume snapshot.  
 
Checking file system on G:
Volume label is Seagate Main Backup Plus Hub-1.
 
Stage 1: Examining basic file system structure ...
The allocated length 0x36000 is not in multiple of 0x10000 for attribute
of type 0x80 and instance tag 0x0.
  1213696 file records processed.                                                        
 
File verification completed.
 Phase duration (File record verification): 56.49 seconds.
  2843 large file records processed.                                   
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                     
 
 Phase duration (Bad file record checking): 1.79 milliseconds.
 
Stage 2: Examining file name linkage ...
  1651 reparse records processed.                                      
 
    Found an unneeded link ($FILE_NAME: "BUY&SE~1.SRT") in index "$I30" of directory "\1-YOUTUBE\PRESSURE WASHER <0x2,0xe75e>"
was not able to send command for self-healing due to lack of memory.
 
----------------------------------------------------------------------
 
 
Stage 1: Examining basic file system structure ...
 
Stage 2: Examining file name linkage ...
Index entry BUY&SE~1.SRT of index $I30 in file 0xe75e points to unused file 0xe75f.
Deleting index entry BUY&SE~1.SRT in index $I30 of file E75E.
"chkdsk /scan" is aborting due to self-healing command failure: 0xc0000102
"chkdsk /f" will be required to repair the volume.
 
-----------------------------------------------------------------------

BC AdBot (Login to Remove)

 

#17 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:01:08 AM

Posted 01 June 2024 - 07:05 PM

Can you update me on the current computer behavior?
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#18 Lucy777

Lucy777
  • Topic Starter

  • Avatar image
  • Members
  • 57 posts
  • OFFLINE
    •  
  • Local time:02:08 AM

Posted 01 June 2024 - 07:26 PM

There doesn’t seem to be much change. Booting up is still very slow but to be truthful haven’t had a lot of use of it today. By the time Chkdsk finished running and then we were out for a bit today have not used it a lot but plan to be home tomorrow so should be using it more tomorrow. 
 

Did none of the scans show anything that would account for the slowness? Is there a possibility of malware that hasn’t been detected?

 

thank you


Edited by Lucy777, 01 June 2024 - 07:30 PM.

#19 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:01:08 AM

Posted 02 June 2024 - 08:30 AM

There is no evidence malware is at the root of your issues. Chkdsk repaired some issues but I don't think it is going to help us much.

I would like to run some maintenance commands then test a different Windows environment. Please do these things for me.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
cmd: "%windir%\System32\lodctr.exe" /R 
cmd: "%windir%\SysWoW64\lodctr.exe" /R 
cmd: "C:\Windows\SysWoW64\lodctr.exe" /R 
cmd: "C:\Windows\System32\lodctr.exe" /R 
cmd: powercfg -a
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
  • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
===================================================

Clean Boot

--------------------
  • Press the Windows Key + R at the same time.
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click on the Startup tab
  • Click Open Task Manager
  • Note down each entry listed as Enabled then right click on the item and select Disable (you will need this list during subsequent steps)
  • Close the Task Manager windows and you should be back at the System Configuration window
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • Click Apply, then OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Clean boot results?

Edited by Oh My!, 02 June 2024 - 08:34 AM.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#20 Lucy777

Lucy777
  • Topic Starter

  • Avatar image
  • Members
  • 57 posts
  • OFFLINE
    •  
  • Local time:02:08 AM

Posted 03 June 2024 - 08:56 PM

Sorry for the delay in responding, it’s been a busy couple of days. Below is the Fixlog. I did the procedure to do a clean boot and it did seem to boot up faster. I really didn’t have much of a chance to do much experimenting today but from the little I did it did seem like it was running faster. I can’t say it is as fast as it used to be but again didn’t get enough time to really be able to tell.

Thank you.

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.06.2024

Ran by DW (02-06-2024 19:16:30) Run:2
Running from C:\1-VIRUS PROGRAMS
Loaded Profiles: DW
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
cmd: "%windir%\System32\lodctr.exe" /R 
cmd: "%windir%\SysWoW64\lodctr.exe" /R 
cmd: "C:\Windows\SysWoW64\lodctr.exe" /R 
cmd: "C:\Windows\System32\lodctr.exe" /R 
cmd: powercfg -a
Emptytemp:
End::
*****************
 
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset resetlog.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
 
========= End of CMD: =========
 
 
========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
C:\Firewall.reg => moved successfully
 
========= netsh advfirewall reset =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
Unable to cancel {0FD8882C-D471-4D66-81DA-5C1A24DE5BBD}.
0 out of 1 jobs canceled.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= "%windir%\System32\lodctr.exe" /R =========
 
 
Error: Unable to rebuild performance counter setting from system backup store, error code is 2
 
========= End of CMD: =========
 
 
========= "%windir%\SysWoW64\lodctr.exe" /R =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
 
========= End of CMD: =========
 
 
========= "C:\Windows\SysWoW64\lodctr.exe" /R =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
 
========= End of CMD: =========
 
 
========= "C:\Windows\System32\lodctr.exe" /R =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
 
========= End of CMD: =========
 
 
========= powercfg -a =========
 
The following sleep states are available on this system:
    Standby (S3)
    Hibernate
    Hybrid Sleep
    Fast Startup
 
The following sleep states are not available on this system:
    Standby (S1)
    The system firmware does not support this standby state.
 
    Standby (S2)
    The system firmware does not support this standby state.
 
    Standby (S0 Low Power Idle)
    The system firmware does not support this standby state.
 
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 303670250 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 15352152 B
Edge => 0 B
Chrome => 145461628 B
Firefox => 1649079 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2342 B
NetworkService => 328890546 B
DW => 2303760305 B
 
RecycleBin => 42214042568 B
EmptyTemp: => 42.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:48:56 ====

Edited by Lucy777, 03 June 2024 - 08:57 PM.

#21 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:01:08 AM

Posted 04 June 2024 - 07:59 AM

Thank you for the report.

The difference in performance between normal boot and Clean Boot indicates the issue may be related to non-Miicrosoft software. We need to work through troubleshooting steps to try to identify the culprit(s).

Please do this

===================================================

Troubleshooting in Clean Boot Environment

--------------------
  • If your computer is still in a Clean Boot state skip down to and start with "Enable half of the entries leaving the other half unchecked"
  • Press the Windows Key + R at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • If Safe Boot is checked under the Boot tab, uncheck it
  • Click the Services tab
  • Check Hide All Microsoft Services
  • Click Disable All and you should be presented with a window where all items are unchecked
  • Enable half of the entries leaving the other half unchecked
  • Click Apply, OK, then confirm the restarting of your computer
  • If your symptoms reappear, repeat the msconfig step to get back to the half checked screen, uncheck an item, reboot your computer and see if your symptoms disappear. Repeat the process as necessary
  • If your symptoms do not appear, repeat the msconfig step to get back to the half checked screen, check an additional item, reboot your computer and see if your symptoms reappear. Repeat the process as necessary
  • If your symptoms still do not reappear click the Startup tab then Task Manager. Using the Startup tab list of previously enabled items you disabled, Enable one at a time, reboot your computer and check the performance
  • Note: It is possible the unchecking and rechecking of items resolves the underlying issue without a particular item being identified as the culprit
  • List the program(s) causing your difficulties in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Rsults

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#22 Lucy777

Lucy777
  • Topic Starter

  • Avatar image
  • Members
  • 57 posts
  • OFFLINE
    •  
  • Local time:02:08 AM

Posted 05 June 2024 - 09:34 PM

I was out most of the day yesterday thus the slow reply. With everything disabled the startup was definitely faster. Enabling the services maybe slowed it down by 10-15 seconds but really immaterial. There was numerous items in the startup but enabled all the ones that were enabled before and that extended the boot up by about 45 seconds but still much better then before. Having been in and out so much over the last few days I haven’t had an opportunity to use it enough to see if the overall performance has improved but boot up is definitely faster. I could disable the startup entries and re-enable them one at a time but don’t know it would be worth it for not much more improvement. If there is items in that startup list that I don’t really want should I just disable them in there or is there a better place to remove it?

I attached a notification I received when I had booted with everything re-enabled and not sure if it is a concern or not so would appreciate knowing if the program that tried to make changes is a legitimate program and whether it should be allowed to make changes? (GenieTimeLineAgent.exe)

I also have another issue but I’m not sure if it is within your area of expertise. This computer originally came with Windows 8 and when Microsoft had the free upgrade to Windows 10 there was some kind of issue with the installation, anyway when I boot it comes to a menu and asks if I want to boot from Windows 8 or Windows 10. If I select Windows 10 it boots fine but if I select Windows 8 I get a recovery screen which I took a picture of and attached it also. I don’t think it is causing any issues performance wise but would prefer getting rid of any remnants there may be of Windows 8 so it no longer always comes up to the menu to give a choice between Windows 8 and Windows 10.

 

Thanks again

Attached Files


#23 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:01:08 AM

Posted 06 June 2024 - 08:38 AM

Thank you for the detailed reply.
 
  • Note: It is possible the unchecking and rechecking of items resolves the underlying issue without a particular item being identified as the culprit
Regarding the faster performance, I included the above line in my Clean Boot Troubleshooting steps since what you are describing sometimes happens. Still, we need to monitor things.

I don't think you need GenieTimelineService but before removing it I need to first check your current setup. What are the model numbers of your modem and wireless router or modem/router combination unit?

You should Disable things from the Startup Tab. It is easiest to Enable/Disable items from there.

Regarding Windows 8, I need to gather some information.

Please do this.

===================================================

ListParts by Farbar for 64 bit Systems

--------------------
  • Download ListParts.exe (for 64 bit systems) and save it to your desktop
  • Right click on the icon and select Run as administrator
  • Place a check mark in List BCD
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Model number(s)
  • Result.txt

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#24 Lucy777

Lucy777
  • Topic Starter

  • Avatar image
  • Members
  • 57 posts
  • OFFLINE
    •  
  • Local time:02:08 AM

Posted 06 June 2024 - 12:26 PM

If the Genie program isn’t a harm then we can just leave it. I just wasn’t sure if it was an unwanted program. I hate to keep adding things on but there is one other issue I would like to mention or resolve. I use Windows Live Mail 2012 and it used to be if I held the Ctrl key and turned the scroll wheel on my mouse it would increase or decrease the size of the text in a message however it no longer functions that way. I looked for a setting to enable or disable this feature but could not find one so if you know how to reactivate that feature I would love to have that functionality back.

 

here is the log you requested.

 

thank you

ListParts by Farbar Version: 31-07-2014

Ran by DW (administrator) on 06-06-2024 at 11:07:46
WIN_81 (X64)
Running From: C:\1-VIRUS PROGRAMS
Language: English (United States)
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 44%
Total physical RAM: 8079.29 MB
Available physical RAM: 4451.11 MB
Total Pagefile: 22415.29 MB
Available Pagefile: 18929.25 MB
Total Virtual: 131072 MB
Available Virtual: 131067.83 MB
 
======================= Partitions =========================
 
1 Drive c: (Local Disk) (Fixed) (Total:1860.6 GB) (Free:402 GB) NTFS
3 Drive f: () (Fixed) (Total:908.78 GB) (Free:21.83 GB) NTFS
4 Drive u: (easystore_264D-1) (Network) (Total:16764 GB) (Free:4261.57 GB) NTFS
5 Drive x: (G) (Network) (Total:13039 GB) (Free:530.41 GB) NTFS
7 Drive z: (Public) (Network) (Total:3663.49 GB) (Free:522.69 GB) NTFS
 
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B   *    *
  Disk 1    Online         1863 GB      0 B        *
 
Partitions of Disk 0:
===============
 
 
Disk ID: {2D3E3661-B121-468C-9FB0-EAE5BE628938}
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery           499 MB  1024 KB
  Partition 2    System (partition with boot components)             300 MB   500 MB
  Partition 3    Dynamic Reserved  1024 KB   800 MB
  Partition 4    Reserved           127 MB   801 MB
  Partition 5    Dynamic Data       908 GB   928 MB
  Partition 6    Recovery           449 MB   909 GB
  Partition 7    Recovery            20 GB   910 GB
  Partition 8    Recovery          1024 MB   930 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         Windows RE   NTFS   Partition    499 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 2
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         SYSTEM       FAT32  Partition    300 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 3
Type    : 5808c8aa-7e8f-42e0-85d2-e1e90434cfb3
Hidden  : Yes
Required: No
Attrib  : 0000000000000000
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 4
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 5
Type    : af9b60a0-1431-4f62-bc68-3311714a69ad
Hidden  : Yes
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 0     F                NTFS   Simple       908 GB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 6
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3                      NTFS   Partition    449 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 7
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X0000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         SAMSUNG_REC  NTFS   Partition     20 GB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 8
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X0000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5         SAMSUNG_REC  FAT32  Partition   1024 MB  Healthy    Hidden  
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
 
Disk ID: {1FAF3886-A221-4D60-A499-0B372E014273}
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Reserved           128 MB    17 KB
  Partition 2    System (partition with boot components)             498 MB   129 MB
  Partition 3    Primary           1860 GB   627 MB
  Partition 4    Recovery           943 MB  1861 GB
  Partition 5    Recovery           451 MB  1862 GB
  Partition 6    Recovery           452 MB  1862 GB
 
======================================================================================================
 
Disk: 1
Partition 1
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0000000000000000
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 1
Partition 2
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 8                      FAT32  Partition    498 MB  Healthy    System (partition with boot components)  
 
======================================================================================================
 
Disk: 1
Partition 3
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 7     C   Local Disk   NTFS   Partition   1860 GB  Healthy    Boot    
 
======================================================================================================
 
Disk: 1
Partition 4
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 9                      NTFS   Partition    943 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 1
Partition 5
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 10                     NTFS   Partition    451 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 1
Partition 6
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 11                     NTFS   Partition    452 MB  Healthy    Hidden  
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 4820B9BD
 
Partition : GPT Partition Type
==============================
Partitions of Disk 1:
===============
Disk ID: BCEA6765
 
Partition : GPT Partition Type
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {7e04bdf0-583f-11eb-8539-806e6f6e6963}
timeout                 0
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume8
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {bf322be8-0386-11ec-b3c7-b074d77157e5}
displayorder            {current}
                        {7a2d19e9-4578-11e2-9454-002454668384}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {7e04bdf0-583f-11eb-8539-806e6f6e6963}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
 
Windows Boot Loader
-------------------
identifier              {09159f25-7d27-4b2b-bcb2-fb0056a45a41}
device                  unknown
path                    \Windows\system32\winload.efi
description             Windows
osdevice                unknown
systemroot              \Windows
 
Windows Boot Loader
-------------------
identifier              {690b7ec5-0376-11ec-855a-d8ec53cf1b59}
device                  ramdisk=[\Device\HarddiskVolume10]\Recovery\WindowsRE\Winre.wim,{690b7ec6-0376-11ec-855a-d8ec53cf1b59}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume10]\Recovery\WindowsRE\Winre.wim,{690b7ec6-0376-11ec-855a-d8ec53cf1b59}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {7351abf4-4003-471b-ac46-d07e6194d9cb}
device                  unknown
path                    \Windows\system32\winload.efi
description             Windows
osdevice                unknown
systemroot              \Windows
 
Windows Boot Loader
-------------------
identifier              {7a2d19e9-4578-11e2-9454-002454668384}
device                  unknown
path                    \windows\system32\winload.efi
description             Windows 8
locale                  en-us
inherit                 {bootloadersettings}
recoveryenabled         No
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                unknown
systemroot              \windows
resumeobject            {7a2d19e8-4578-11e2-9454-002454668384}
nx                      OptIn
bootmenupolicy          Standard
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {690b7ec5-0376-11ec-855a-d8ec53cf1b59}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {bf322be8-0386-11ec-b3c7-b074d77157e5}
nx                      OptIn
bootmenupolicy          Standard
 
Windows Boot Loader
-------------------
identifier              {c84919e5-056b-4926-a3cd-afac3e6bf0eb}
device                  unknown
path                    \Windows\system32\winload.efi
description             Windows
osdevice                unknown
systemroot              \Windows
 
Windows Boot Loader
-------------------
identifier              {d2a07280-95ec-4153-bdad-a63574cfbedc}
device                  unknown
path                    \Windows\system32\winload.efi
description             Windows
osdevice                unknown
systemroot              \Windows
 
Windows Boot Loader
-------------------
identifier              {d7dbfae0-0a56-41b9-870a-1a3882f4d2b4}
device                  unknown
path                    \Windows\system32\winload.efi
description             Windows
osdevice                unknown
systemroot              \Windows
 
Windows Boot Loader
-------------------
identifier              {dd1e4d80-c33b-47f5-982d-325b470cf5fd}
device                  unknown
path                    \Windows\system32\winload.efi
description             Windows
osdevice                unknown
systemroot              \Windows
 
Windows Boot Loader
-------------------
identifier              {ddffbcfd-d38b-11e4-be71-50b7c308ea9e}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{ddffbcfe-d38b-11e4-be71-50b7c308ea9e}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{ddffbcfe-d38b-11e4-be71-50b7c308ea9e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {ddffbd02-d38b-11e4-be71-50b7c308ea9e}
device                  ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{ddffbd03-d38b-11e4-be71-50b7c308ea9e}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{ddffbd03-d38b-11e4-be71-50b7c308ea9e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {7a2d19e8-4578-11e2-9454-002454668384}
device                  unknown
path                    \windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-us
inherit                 {resumeloadersettings}
recoveryenabled         No
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              unknown
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {bf322be8-0386-11ec-b3c7-b074d77157e5}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {690b7ec5-0376-11ec-855a-d8ec53cf1b59}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume8
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
badmemorylist           0x10007
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {690b7ec6-0376-11ec-855a-d8ec53cf1b59}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume10
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {ddffbcfe-d38b-11e4-be71-50b7c308ea9e}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
****** End Of Log ******

#25 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:01:08 AM

Posted 06 June 2024 - 05:48 PM

We will return to the Live Mail issue but let's work through this first.

The GenieTimelineService/Netgear software appears to be quite old. We should remove it unless it is applicable to your current network setup. The model numbers for the modem/router will help me determine that.

Regarding Window 8, please do this.

===================================================

Removing Windows 8 Dual Boot Option

--------------------
  • Click Start, type msconfig, then select Run as administrator
  • Click on the Boot tab
  • Left click on Windows 8 to highlight the entry
  • Click Delete
  • Click OK
  • Click Restart
  • Confirm the option to select Windows 8 no longer appears and you boot directly into Windows 10
===================================================

Things I would like to see in your next reply.
  • Which modem and router do you have
  • Is Windows 8 now gone?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#26 Lucy777

Lucy777
  • Topic Starter

  • Avatar image
  • Members
  • 57 posts
  • OFFLINE
    •  
  • Local time:02:08 AM

Posted 06 June 2024 - 08:12 PM

it booted without asking to select the OS and the boot was quicker than before the change.

 

My modem is supplied by the cable company and there is no brand name on it. If I access the app where I can change settings etc it shows it as a Technicolor X87.

 

My router is a TP-Link Archer AXE75 AXE5400 TriBand.

 

I hate to keep adding in more stuff but when I went to shut down I got a message that several apps needed to be closed so I cancelled and closed everything that was open and went to shutdown again and received the message shown in the attachment in spite of me having closed everything. I find that with Microsoft this is not an unusual message. When I see a message like this, where a name is not provided, I often get concerned that perhaps something is running in the background that could be malware or another app that could be dangerous. If it showed the name it would be helpful but when my computer has been running slow and then you get a message like this it is really irritating I’ll often get notifications that a program is trying to make changes but again no mention of the program. If I knew what the program was then I would know in most cases whether it was concerning so don’t understand why Microsoft doesn’t show the program name. I occasionally get a message that a program has been blocked from running because it could be dangerous or something similar but it seldom if ever tells you the what program it was so have no idea if it is malware or a virus.

 

Attached Files


#27 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:01:08 AM

Posted 06 June 2024 - 09:15 PM

Is this the first time you received the App notification?

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------
  • Download Revo Uninstaller Free Portable and save it to your Desktop
  • Right click on the folder and select Extract All..., then click Extract
  • Double click on the RevoUninstaller-Portable folder
  • Right click on RevoUPort and select Run as administrator
  • Click OK on the License Agreement
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
NETGEAR Genie
  • If the program's uninstaller appears work through the steps to remove the program(s)
  • Be sure the Advanced option is selected then click Scan
  • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
  • Once done click Finish
  • Reboot your computer
===================================================

Event Viewer Application Critical/Warning Information

--------------------
  • Press Windows Key + R at the same time
  • Type eventvwr.msc and press Enter
  • Click on the arrow to the left of Windows Logs to expand the category
  • Left click on Application
  • On the right hand side of the screen click Filter Current Log...
  • Select Critical and Warning, then click OK
  • Select Save Filtered Log File As...
  • Under File Name: please type Application then save it to your desktop
  • Zip the file and upload it here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Netgear uninstalled?
  • Uploaded zipped file

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#28 Lucy777

Lucy777
  • Topic Starter

  • Avatar image
  • Members
  • 57 posts
  • OFFLINE
    •  
  • Local time:02:08 AM

Posted 07 June 2024 - 11:06 AM

As far as the app notification it doesn’t happen every time I shut down but from time to time I get this or a similar notification but with no name so is frustrating as i don’t know what the application is.

 

Netgear Genie seems to have uninstalled correctly,

 

I uploaded the zipped file at the link provided.

Thank you


Edited by Lucy777, 07 June 2024 - 01:13 PM.

#29 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:01:08 AM

Posted 07 June 2024 - 01:51 PM

Thank you for the report.

Please do this.

===================================================

Western Digital Data LifeGuard Diagnostic Dashboard

--------------------
  • Download Western Digital Dashboard and save it to your Desktop
  • Right click on DashboardSetup.exe and select Run as administrator
  • Select Install
  • Select Finish to launch the dashboard
  • Select Generate Report File and save the report onto your Desktop
  • Once completed attach the Dashboard_Report.zip file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Dashboard report

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#30 Lucy777

Lucy777
  • Topic Starter

  • Avatar image
  • Members
  • 57 posts
  • OFFLINE
    •  
  • Local time:02:08 AM

Posted 07 June 2024 - 05:12 PM

There were no devices found. I have a WD NAS and 2 WD USB external drives connected to the NAS but no local WD drives.

 

Here is a screen capture.

 

was there something specific you were looking for with the WD Dashboard?

Attached Files


Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·