Solved Computer runs more and more slowly

Panzer4

Thread Starter
Joined
Nov 25, 2003
Messages
1,720
I bought this computer about a year and a half ago as an interim measure between the death of my last self-built gaming machine and the birth of my next one. I must say that I have been surprised that it runs games as seamlessly and smoothly as it does. In other functions, though, it has slowed considerably, gradually over time. I have used several freeware apps to keep it relatively healthy, though I fear that I might not have helped as much as I might have hindered. I know that it needs to go through the cleaning process if someone is just willing to take me through it. Thanks.



Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19041, Installed 20200929042102.000000-480
Processor: AMD FX(tm)-6350 Six-Core Processor, AMD64 Family 21 Model 2 Stepping 0, CPU Count: 6
Total Physical RAM: 8 GB
Graphics Card: AMD Radeon (TM) R7 360 Series
Hard Drives: C: 930 GB (685 GB Free); F: 269 GB (199 GB Free); G: 195 GB (166 GB Free);
Motherboard: ASUSTeK Computer INC. M5A78L-M/USB3, ver Rev X.0x, s/n 160674283300355
System: American Megatrends Inc., ver 120214 - 20141202, s/n System Serial Number
Antivirus: Avira Antivirus, Enabled and Updated
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Hi, Panzer4.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

=============================

I will be back to you as soon as I review your logs.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Hello.

My very fiirst comments/instructions regarding your logs:

1. Many antivirus

You have many antivirus products installed, along with the built-in Windows 10 antivirus, Windows Defender:

Avira Antivirus
Total AV
Webroot SecureAnywhere

Although having more than one opinion regarding your security, have in mind that Installing more than one of those programs may conflict with each other and cause the following:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
Therefore, I recommend you to stay only with one antivirus and uninstall everything else. I would say, choose among Windows Defender (recommended in Windows 10) and Avira and uninstall the rest. See instructions in Step 2 below.


2. Uninstall programs

No need to have programs to update your drivers. This is done automatically by the operating system. Having 3rd party software for that, may harm your system rather than doing any good. So, uninstall these programs:

Driver Easy 5.6.14
DriverFix 4.2021.1.29
O&O Defrag Professional

To uninstall the programs:
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
Driver Easy 5.6.14
DriverFix 4.2021.1.29
O&O Defrag Professional
  • Select the above program and click Uninstall.
  • Restart the computer.

3. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

In your next reply please post:
  1. What programs did you uninstall
  2. The fresh FRST logs, FRST.txt and Addition.txt
 

Panzer4

Thread Starter
Joined
Nov 25, 2003
Messages
1,720
Hi Dr. M: I uninstalled all of the programs you listed with two exceptions: the two driver programs did not appear in the uninstaller list as I had previously uninstalled them using revouninstaller.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Thank you, Panzer.


1. Stop Google Drive Sync at start-up

You have Google Drive set up to sync at Startup. If Google Drive is set up to sync at startup, specific files in the TEMP folder are created every time you start your computer. If you want to stop this, please do the following:
  • Click Backup & Sync in your Taskbar/Notification area using Cloud icon.
  • Click the 3 dots to open Settings.
  • Click the Preferences option - usually the 5th one down from the top.
  • Select the Settings section located on the right side of the popup.
  • Clear that checkbox for Open Backup & Sync on system startup, save the changes and reboot.
  • You can also check i the Google drive sync is enabled at start up if you do the following:
    • Right click anywhere on your Taskbar and choose Task Manager.
    • If you don't see the tab Start-up, click More Details.
    • Choose the Start-up tab.
    • Check in the list if Google Drive Sync is enabled. If yes, click on it and choose Disable.

2. Remove Chrome extensions
  • Open Chrome
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find the following extensions and remove th,em clicking on Remove.
  • Code:
    Avira Password Manager
    Avira Safe Shopping
    Avira Browser Safety
  • Confirm the action by clicking Remove once again.

3. Remove Edge extension
  • Open Edge
  • Click on the 3 vertical dots at the upper right corner
  • Choose Extensions
  • Find Web Threat Shield and choose Remove

4. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AV: Total AV (Enabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2021-05-15] (Webroot Inc. -> Webroot)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2021-05-15] (Webroot Inc. -> Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
FirewallRules: [{2BDCEC9C-2FDE-40D3-8274-129A16A37A33}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{E427FC73-C470-451E-9D9D-D9C6C02C11BD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{3D51B831-32D7-412C-AEFF-2B25BFC9ECED}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
HKU\S-1-5-21-1034979164-3765340690-1298794446-1001\...\Run: [] => [X]
HKU\S-1-5-21-1034979164-3765340690-1298794446-1001\...\Policies\system: [shell] explorer.exe <==== ATTENTION
HKU\S-1-5-21-1034979164-3765340690-1298794446-1001\...\MountPoints2: {09fc3325-bdc3-11e6-9317-708bcd7c3e70} - "E:\WD SmartWare.exe" autoplay=true
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {411D4897-DC00-496B-A63E-668C25DDE4D8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Extension: (Web Threat Shield) - C:\Users\Michael McDonald\AppData\Roaming\Mozilla\Firefox\Profiles\pzgz7htx.default-release\Extensions\[email protected] [2021-01-25]
CHR NewTab: Default ->  Not-active:"chrome-extension://appnhedojingciaakebonapfgmpfabac/web_page_home.html"
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [2037856 2020-08-25] (Webroot Inc. -> Webroot, Inc.)
R3 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [3002624 2020-08-25] (Webroot Inc. -> Webroot, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [79048 2019-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) <==== ATTENTION
R1 WRCore; C:\Program Files\Webroot\Core\WRCore.x64.sys [268720 2020-06-15] (Webroot Inc. -> Webroot, Inc.)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [149224 2020-08-05] (Webroot Inc. -> Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [58304 2020-08-05] (Webroot, Inc -> Webroot)
U1 aswbdisk; no ImagePath
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
C:\Users\Michael McDonald\Downloads\driverfixwebdl-8368122072.exe
C:\Users\Michael McDonald\Downloads\DCS_World_web.exe
C:\WINDOWS\system32\Drivers\avkmgr.sys
C:\Users\Michael McDonald\Downloads\avira_en_sptl1_f8dc36737754b924__prtz1.exe
C:\Users\Michael McDonald\AppData\LocalLow\IObit
C:\Users\Michael McDonald\Downloads\db-installer.exe
C:\Users\Michael McDonald\Downloads\ks4.021.3.10.391en_25092.exe
C:\Users\Michael McDonald\AppData\Local\O&O_Software_GmbH
C:\Users\Michael McDonald\AppData\Local\O&O
C:\WINDOWS\system32\oodag
C:\ProgramData\OO Software
C:\Users\Michael McDonald\Downloads\OODefrag24Professional64Enu.exe
C:\ProgramData\IObit
C:\Users\Michael McDonald\AppData\Roaming\IObit
C:\Users\Michael McDonald\Downloads\asc-trial-setup - Copy.exe
C:\Users\Michael McDonald\Downloads\asc-trial-setup.exe
C:\WINDOWS\system32\Tasks\Avira
C:\Users\Public\Security Sessions
C:\Users\Michael McDonald\AppData\Local\Avira
C:\Program Files (x86)\Avira
C:\ProgramData\Avira
C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release(1).exe
C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release.exe
C:\Users\Michael McDonald\AppData\Local\AVAST Software
C:\ProgramData\Avast Software
C:\Users\Michael McDonald\Downloads\avast_free_antivirus_setup_online.exe
C:\Users\Michael McDonald\Downloads\TotalAV_Setup(1).exe
C:\ProgramData\TotalAV
C:\Users\Michael McDonald\Downloads\TotalAV_Setup.exe
C:\WINDOWS\SysWOW64\WRusr.dll
C:\WINDOWS\system32\WRusr.dll
C:\ProgramData\WRData
C:\Program Files\Webroot
C:\Users\Michael McDonald\AppData\Roaming\Easeware
C:\Users\Michael McDonald\Documents\.tmp.drivedownload
C:\Program Files\Common Files\McAfee
C:\ProgramData\McAfee
C:\Program Files\McAfee
C:\WINDOWS\system32\Drivers\WRBoot.sys
C:\Ranulph
C:\WINDOWS\system32\WRusr.dll
C:\Program Files\Common Files\Webroot
C:\Program Files (x86)\Common Files\Webroot
C:\Program Files (x86)\Avira
C:\Program Files\OO Software
C:\Program Files\Webroot
C:\Program Files\TrueKe
C:\WINDOWS\System32\drivers\webshieldfilter.sys
C:\WINDOWS\System32\drivers\WRkrn.sys
C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. What do you want to do with Google Drive Sync at startup
  2. The fixlog.txt
 
Last edited:

Panzer4

Thread Starter
Joined
Nov 25, 2003
Messages
1,720
As far as what to do with the Google Drive Sync at startup I really couldn't say as I don't know what it is or does. So I await your advice.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by Michael McDonald (15-05-2021 07:29:47) Run:1
Running from C:\Users\Michael McDonald\Desktop
Loaded Profiles: defaultuser0 & Michael McDonald
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AV: Total AV (Enabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2021-05-15] (Webroot Inc. -> Webroot)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2021-05-15] (Webroot Inc. -> Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
FirewallRules: [{2BDCEC9C-2FDE-40D3-8274-129A16A37A33}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{E427FC73-C470-451E-9D9D-D9C6C02C11BD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{3D51B831-32D7-412C-AEFF-2B25BFC9ECED}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
HKU\S-1-5-21-1034979164-3765340690-1298794446-1001\...\Run: [] => [X]
HKU\S-1-5-21-1034979164-3765340690-1298794446-1001\...\Policies\system: [shell] explorer.exe <==== ATTENTION
HKU\S-1-5-21-1034979164-3765340690-1298794446-1001\...\MountPoints2: {09fc3325-bdc3-11e6-9317-708bcd7c3e70} - "E:\WD SmartWare.exe" autoplay=true
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {411D4897-DC00-496B-A63E-668C25DDE4D8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Extension: (Web Threat Shield) - C:\Users\Michael McDonald\AppData\Roaming\Mozilla\Firefox\Profiles\pzgz7htx.default-release\Extensions\[email protected] [2021-01-25]
CHR NewTab: Default -> Not-active:"chrome-extension://appnhedojingciaakebonapfgmpfabac/web_page_home.html"
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [2037856 2020-08-25] (Webroot Inc. -> Webroot, Inc.)
R3 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [3002624 2020-08-25] (Webroot Inc. -> Webroot, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [79048 2019-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) <==== ATTENTION
R1 WRCore; C:\Program Files\Webroot\Core\WRCore.x64.sys [268720 2020-06-15] (Webroot Inc. -> Webroot, Inc.)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [149224 2020-08-05] (Webroot Inc. -> Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [58304 2020-08-05] (Webroot, Inc -> Webroot)
U1 aswbdisk; no ImagePath
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
C:\Users\Michael McDonald\Downloads\driverfixwebdl-8368122072.exe
C:\Users\Michael McDonald\Downloads\DCS_World_web.exe
C:\WINDOWS\system32\Drivers\avkmgr.sys
C:\Users\Michael McDonald\Downloads\avira_en_sptl1_f8dc36737754b924__prtz1.exe
C:\Users\Michael McDonald\AppData\LocalLow\IObit
C:\Users\Michael McDonald\Downloads\db-installer.exe
C:\Users\Michael McDonald\Downloads\ks4.021.3.10.391en_25092.exe
C:\Users\Michael McDonald\AppData\Local\O&O_Software_GmbH
C:\Users\Michael McDonald\AppData\Local\O&O
C:\WINDOWS\system32\oodag
C:\ProgramData\OO Software
C:\Users\Michael McDonald\Downloads\OODefrag24Professional64Enu.exe
C:\ProgramData\IObit
C:\Users\Michael McDonald\AppData\Roaming\IObit
C:\Users\Michael McDonald\Downloads\asc-trial-setup - Copy.exe
C:\Users\Michael McDonald\Downloads\asc-trial-setup.exe
C:\WINDOWS\system32\Tasks\Avira
C:\Users\Public\Security Sessions
C:\Users\Michael McDonald\AppData\Local\Avira
C:\Program Files (x86)\Avira
C:\ProgramData\Avira
C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release(1).exe
C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release.exe
C:\Users\Michael McDonald\AppData\Local\AVAST Software
C:\ProgramData\Avast Software
C:\Users\Michael McDonald\Downloads\avast_free_antivirus_setup_online.exe
C:\Users\Michael McDonald\Downloads\TotalAV_Setup(1).exe
2C:\ProgramData\TotalAV
C:\Users\Michael McDonald\Downloads\TotalAV_Setup.exe
C:\WINDOWS\SysWOW64\WRusr.dll
C:\WINDOWS\system32\WRusr.dll
C:\ProgramData\WRData
C:\Program Files\Webroot
C:\Users\Michael McDonald\AppData\Roaming\Easeware
C:\Users\Michael McDonald\Documents\.tmp.drivedownload
C:\Program Files\Common Files\McAfee
C:\ProgramData\McAfee
C:\Program Files\McAfee
C:\WINDOWS\system32\Drivers\WRBoot.sys
C:\Ranulph
C:\WINDOWS\system32\WRusr.dll
C:\Program Files\Common Files\Webroot
C:\Program Files (x86)\Common Files\Webroot
C:\Program Files (x86)\Avira
C:\Program Files\OO Software
C:\Program Files\Webroot
C:\Program Files\TrueKe
C:\WINDOWS\System32\drivers\webshieldfilter.sys
C:\WINDOWS\System32\drivers\WRkrn.sys
C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"AV: Total AV (Enabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}" => removed successfully
"AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WRShellExt => removed successfully
HKLM\Software\Classes\CLSID\{69D72956-317C-44bd-B369-8E44D4EF9802} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WRShellExt => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => removed successfully
HKLM\Software\Classes\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BDCEC9C-2FDE-40D3-8274-129A16A37A33}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E427FC73-C470-451E-9D9D-D9C6C02C11BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D51B831-32D7-412C-AEFF-2B25BFC9ECED}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\OODefragTray" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WRSVC" => removed successfully
"HKU\S-1-5-21-1034979164-3765340690-1298794446-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-1034979164-3765340690-1298794446-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\shell" => removed successfully
HKU\S-1-5-21-1034979164-3765340690-1298794446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09fc3325-bdc3-11e6-9317-708bcd7c3e70} => removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\"Notification Packages"="scecli" => value restored successfully
C:\Program Files\Mozilla Firefox\distribution\policies.json => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{411D4897-DC00-496B-A63E-668C25DDE4D8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{411D4897-DC00-496B-A63E-668C25DDE4D8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\Users\Michael McDonald\AppData\Roaming\Mozilla\Firefox\Profiles\pzgz7htx.default-release\Extensions\[email protected] => moved successfully
"Chrome NewTab" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
WRCoreService => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WRCoreService => could not remove, key could be protected
WRSkyClient => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WRSkyClient => could not remove, key could be protected
WRSVC => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WRSVC => removed successfully
HKLM\System\CurrentControlSet\Services\Browser => removed successfully
Browser => service removed successfully
webshieldfilter => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\webshieldfilter => removed successfully
webshieldfilter => service removed successfully
WRCore => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WRCore => could not remove, key could be protected
WRkrn => Unable to stop service.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-05-2021 07:53:58)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\WRCoreService => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\WRSkyClient => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\WRCore => could not remove, key could be protected

==== End of Fixlog 07:53:58 ====
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Google Drive Sync is for your Google Drive's content and its synchronization among all your devices that use it. I would not want Google Drive Sync to be enabled at Startup. The Sync can be done as soon as you open the Drive, so that's fine for me. But it's your computer, so your decision.

The fix didn't run properly for all the included items. Let's run it in Safe mode.

1. Restart with Safe mode
  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

2. FRST fix

Repeat Step 4 as instructed here.


In your next reply please post:
  1. The fixlog.txt
 
Last edited:

Panzer4

Thread Starter
Joined
Nov 25, 2003
Messages
1,720
That is twice now that the program froze and said "Not Responding." I closed the program at that point.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Were you able to log in Safe mode?

If yes, apply the fix again and give it some time, even it says Not responding.
 

Panzer4

Thread Starter
Joined
Nov 25, 2003
Messages
1,720
Hi Dr. M. I was able to log in in Safe mode. I tried running the fix again and let it percolate for about 45 minutes. Unfortunately I have to go now and will not be able to work on it until late tonight or tomorrow sometime. Talk to you later.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
OK.

Let me know what happened with the fix. If you are not able to run it, we may need to do it in another way.
 

Panzer4

Thread Starter
Joined
Nov 25, 2003
Messages
1,720
Good morning. I put it in Safe mode but when I ran Farbar and pressed Fix all I got was an error message saying it couldn't find fixlst.txt.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Have you selected the content of the fix here and choose copy first?
 

Panzer4

Thread Starter
Joined
Nov 25, 2003
Messages
1,720
I very carefully ran Farbar but about a minute in
it froze. What do you advise? Should I start it again and just let it run until whenever?
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,663
Let it run. Do not interrupt it every time you try it. If it takes longer than 20-25 minutes, let me know.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top