Laky25cz Posted April 10, 2022 ID:1510625 Share Posted April 10, 2022 Hello, i have an issue but dont know how to fix it, Microsoft Community experts told me to try to ask here if it could be a malware or anything so thats why im asking. When I start my PC there is a Lenovo logo on startup, the logo stands there and does nothing (there should be a spinning wheel under it but there is none) it takes like 5 minutes and the wheel appears, after that the pc lets me go log in and is fast again, so that's the only weird issue that happened. It's sometimes faster sometimes slower, I have bootlog right here so you can check it out: https://1drv.ms/u/s!AtXvt0COWcj4ihKVw_JuTCxS_w8p?e=PoPoiX Looked into it but i dont know that much about startup stuff, so i didn't see anything weird in there. Thanks (PS: did a full virus scan in windows defender, Eset, malwarbytes and adwcleaner, did an offline scan too, nothing found, SFC scan found nothing too, scanned with CCleaner found nothing.) (PS before this started happening I downloaded the KB4023057 update I dont know if it's because of the update but could be.) Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 10, 2022 ID:1510627 Share Posted April 10, 2022 Hello @Laky25cz In order to begin to help you properly, I will need a diagnostic report in order to review & diagnose. Specifically the FRST Farbar diagnostic report. It is safe to get & use. Be very sure you SAVE it first.https://support.malwarebytes.com/hc/en-us/articles/360039025013-Run-Farbar-Recovery-Scan-Tool-to-gather-logs Attach FRST.txt + Addition.txt with your reply. You may if you wish, ZIP the 2 into a zip file & then attach. { just please do not copy, paste their contents in main body of reply box here.) Link to post Share on other sites More sharing options...
Laky25cz Posted April 10, 2022 Author ID:1510639 Share Posted April 10, 2022 Hello, used your tool and here is your info, Microsoft experts also told me that BIOS reset to default settings could work, what do you think? FRST files.rar Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 10, 2022 ID:1510643 Share Posted April 10, 2022 Hello. Thank you for the FRST reports. Hold off on any change to BIOS, please. However, do tell me if in the past you had done something with Bios, like a change from normal default. I did not realize the language of this OS is non-English. Please make this small adjustment ( in preparation for future work). Go to your Downloads folder (C:\Users\Uzivatel\Downloads). Do a RIGHT-click on FRST64.exe & select RENAME & then change it to FRSTENGLISH.exe . and tap Enter-key to apply the name-change. I do notice a number of auto-started applications that do not have to be auto-started. Some of them are games, others un-needed eye-candy. Here are what you can adjust so that they do not "auto-start with Windows" Lightshot Steam GogGalaxy EpicGamesLauncher CCleaner Smart Cleaning Apply these principles now from the following How-to How to perform a clean boot in Windowshttps://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows { Tell me, if this hardware setup still has a Canon hardware printer). After the adjustments above, do a Windows RESTART from the Start menu. Link to post Share on other sites More sharing options...
Laky25cz Posted April 10, 2022 Author ID:1510645 Share Posted April 10, 2022 Hello, Never done anything with BIOS before. This PC had a full clean install a few weeks ago because of certain issues that are fixed, Im okay with Lightshot being active and steam being active, i use lightshot to picture stuff and steam to play games regurarly (didnt have any issues with them being started on startup), Gog, Epic and CCleaner should be turned off, i have it turned off on startup in Task manager so thats weird (not allowed). I still have a canon printer i bought a year ago, This issue never happened on this pc and started happening after i downloaded the newest windows update, after that i put the PC to sleep and next morning it started happening. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 10, 2022 ID:1510647 Share Posted April 10, 2022 Lightshot is a extra that is not needed at startup. Ditto on Steam. You can start those manually as you actually need them. Removing those from startup will get Windows to finish its loadup process quicker. Link to post Share on other sites More sharing options...
Laky25cz Posted April 10, 2022 Author ID:1510650 Share Posted April 10, 2022 Alright, i will try if it works too, but im still confused why would the logo stay there so long and the wheel came in after a few minutes, when all those things were turned on before and the circle was there right after the logo came up, it just seems suspicious to me. It took max 1 minute to get into login screen 2 days ago and now it takes like 7. Even when those things were installed, i installed the KB4023057 and boom it started happening. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 10, 2022 ID:1510655 Share Posted April 10, 2022 Your machine should have the FRSTENGLISH report tool on the Downloads (C:\Users\Uzivatel\Downloads) folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. 1 Link to post Share on other sites More sharing options...
Laky25cz Posted April 10, 2022 Author ID:1510662 Share Posted April 10, 2022 Here, Did what you asked. Looked into it and everything is in english expect Uzivatel and Aplikace, Uzivatel means User, Aplikace means Apps. FRST2.rar 1 Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted April 10, 2022 Solution ID:1510671 Share Posted April 10, 2022 Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do checks & some cleanups. This is really just housekkeping. We will use FRSTENGLISH on the Desktop\Aplikace folder to run a custom script. The system will be rebooted after the script has run. As I recall, I had asked you earlier to rename the FRST64.exe to FRSTENGLISH.exe The FRSTENGLISH as well as the script I have attached need to be in the same folder. They work as a pair. This custom script is for Laky25cz only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. Hoping it will not exceed 60 minutes in execute time. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. . NOTE-2: It will attempt to do a quick scan with Microsoft Defender antivirus. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Desktop\Aplikace folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Desktop\Aplikace folder. RIGHT click on FRSTENGLISH and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. 1 Link to post Share on other sites More sharing options...
Laky25cz Posted April 11, 2022 Author ID:1510725 Share Posted April 11, 2022 Hello, Mate i ran the script and it really worked, the Lenovo screen was there for like 2 seconds and it was gone, it no longer took 7 minutes, seems like it really worked man, thank you, does this script work after multiple uses? For example if the pc started beign slower after like lets say 3 months can i do it again? Thanks. Here is the log. Fixlog_11-04-2022 17.59.43.txt 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 11, 2022 ID:1510752 Share Posted April 11, 2022 I am happy to read the good news. I would not recommend re-running the same script, since most of it was like a one-time run. Plus the SFC & DISM runs can be done, as needed, on-demand by computer owner. But the SFC & DISM tools found no integrity issues. What I had been concerned about ( before this) was that the initial reports could not get a readable status as to the Windows Boot Manager / Windows Boot Loader. However, this run did get a good readout. And it looks fine. I do notice that there is a 30 second time-wait there that we can reduce to 6 seconds ( shaving off 24 seconds). (6 seconds is sufficient time if it became really necessary for you to act to make a choice of boot selection, other than normal that is.) Lets get you to do a couple of commands in a Elevated Command-prompt window. On the Windows taskbar , on the Windows search box, type in cmd.exe and then look at the entire list of choices, and click on Run as Administrator. Once the Command prompt window is up, copy > paste the line in the codebox below into the command-window It is best to use COPY & Paste for the following. All of the whole line line as-is and when ready, tap Enter-key to apply bcdedit /export c:\bcdbackup This will make a save copy of the current boot configuration. Next, COPY & Paste for the following. All of the whole line line as-is and when ready, tap Enter-key to apply bcdedit /timeout 6 When all finished, Close the command-prompt-window, or type in EXIT. Then do one Window Restart. See how that goes. The other important thing to do is to make time, and do a Full Backup of your system to offline media storage ( such as a large enough external, removable backup drive). 1 Link to post Share on other sites More sharing options...
Laky25cz Posted April 11, 2022 Author ID:1510767 Share Posted April 11, 2022 Hello, Did the 2 commands you told me about, the process is now faster, but the command says the 6 seconds right? well i did the 2 commands, Operation completed sucessfully on both restarted and it took like 45 seconds now, its faster than before (7 minutes) but its still weird when the command said 6 and it took 45. Im grateful for your help but it still seems weird like it should be faster but its alright. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 11, 2022 ID:1510878 Share Posted April 11, 2022 This next report is simply to check on the need for updates on some installed application programs. My view is that we can plan to close this case very soon. There are no malware infection issues here. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
Laky25cz Posted April 11, 2022 Author ID:1510879 Share Posted April 11, 2022 Will do, only thing that came out screaming was Windows Defender, it said the tool contained ''Trojan:Win32/Spursint.F!cl'' Dont think its true, cause win defender sometimes lies idk why would this even have a trojan in it, so will post the log from the scan in a sec. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 11, 2022 ID:1510891 Share Posted April 11, 2022 Have MS Defender ignore that "warning" ( so called). MS Windows & its Smartscreen protection is overly touchy aboyt some apps that it does not have a long history on. SecurityCheck is a safe tool. 1 Link to post Share on other sites More sharing options...
Laky25cz Posted April 11, 2022 Author ID:1510894 Share Posted April 11, 2022 Hello, Here you go, looked into it and only ''unwanted program'' is CCleaner, i know its not exactly the best but its good to use it atleast sometimes, so yeah there is no virus, so i thank you for the help and i guess if i ever need something i will look into these forums again. Thank you and Good Luck. SecurityCheck.txt Link to post Share on other sites More sharing options...
Laky25cz Posted April 11, 2022 Author ID:1510906 Share Posted April 11, 2022 Also i do not know if you need it but i ran it anyway, saw few people who use it to ''finalise the work'' here you go KpMr by kernel-panik report. kprm-20220411214812.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 11, 2022 ID:1510908 Share Posted April 11, 2022 Most of the security community no longer recommend the use of CCleaner ever since it no longer is owned by Piriform. You can use the Windows built-in CLEANMGR applet to remove temporary files & other housekeeping cleanup.https://www.tenforums.com/tutorials/3012-open-use-disk-cleanup-windows-10-a.html Tenforums is a excellent resource on Windows 10 issues.https://www.tenforums.com * KPRM is the cleanup tool for tools that were used. Thanks. I am marking the case for closure. Let me emphasize, Backup is your best friend. Backup this system soonest you can. One thing I did wish to point out about this Lenovo. I cannot tell how old it is. or how old the disc drive is. But the microprocessor is a Intel i3, which these days is simply old. You cannot expect a instantaneous uber-fast-lightning speed Windows startup. Also, remember that Windows startup does not begin until the machine Bootloader is started. It seems to me that now at least the Windows boot loader is in good state. No malware here. I do wish you the best. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 11, 2022 ID:1510909 Share Posted April 11, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts