New
#41
Downloading.
5 seconds are lost due to Winlogon waiting for the audio process (StacSV) to start (5 seconds). There's a delay in explorer.exe starting which appears to track back to Windows Defender scanning D:\Preload\Base.wim (almost 100% of the time spent), along with another large delay due to explorer tray/shell calls due to ObjectDock (DesktopDock64 and ShellEx64). Post-explorer init appears to come mostly from App-V and the Office virtualization handler service (Office 365 installed?), as well as an additional very large disk overhead to the same file mentioned previously.
A couple of questions - is that WIM file mounted and in use? Does this issue reproduce without Office and Object Desktop installed?
So that wim file is the threat that MSE found in the first place, and it's still worried about it? I was never able to locate the file, it's in the recovery drive that I can't get a look into (image in my post 17). Would that explain why I now always get the little green popup box saying detected threats are being cleaned (image in my post 24)?
I've never uninstalled Office. I don't know what Object Desktop is.
If I installed windows ten might I be able to sidestep this problem, or would it more likely make it worse?
I would guess in the answer to the .WIM file, the recovery image itself is likely infected (or was), and is unable to be cleaned due to the partition / filesystem. I would in this case (as I would recommend in 99.999% of infection cases) that you back up your data to another drive (removable or otherwise), make sure it's clean there, and then rebuild the PC from scratch. With whatever OS you're comfortable with and are licensed to use.
Then, restore applications, make sure everything is clean with an offline scan, then restore data and offline scan again before committing to use the PC going forward.
What is Windows Defender Offline? - Windows Help
Thanks cluberti.
So I'll back up my files to an external drive.
Then do I do "Return your computer to factory condition"?
Success!
I backed up my files, did a factory restore then scanned and reloaded my files.
And she's working like a dream, starting quickly again and running a lot more quietly too.
Thank you everyone for all your help, I really appreciate it.
You're welcome, although I think Golden, cluberti and Layback Bear did all the helping.
Glad you got it sorted. :)
Last edited by derekimo; 03 Jun 2016 at 21:01.