Solved Computer runs more and more slowly

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,654
Try to run again FRST in normal mode (not Safe mode), by pressing the SCAN button this time. I would like to see if it is running that way. If yes, I would like to see fresh FRST.txt and Addition.txt logs.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,654
I would like to remind you this basic rule during the cleaning procedure:

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
I can see at least one program you have installed yesterday (CH Control Manager Software).

Let's change our approach.

1. Un-hide Core (Webroot)

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system.

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
Core (HKLM\...\{48CD9577-944F-496C-B8AE-F6150240C2D1}) (Version: 1.1.227 - Webroot) Hidden
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

2. Uninstall Core
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
Core
  • Select the above program and click Uninstall.
  • Restart the computer.

3. Fresh FRST logs

Please perform a new Scan with FRST and attach FRST.txt and Addition.txt.


In your next reply please post:
  1. The fixlog.txt
  2. What happened with Core
  3. Fresh FRST logs (Addition and FRST)
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,654
Have you tried to uninstall it (Step 2 in my previous post)?
 

Panzer4

Thread Starter
Joined
Nov 25, 2003
Messages
1,717
Yes. I ran it following your instructions. I will run it again now.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,654
I don't want you to run the fix again. I just asked if you uninstalled Core as instructed in Step 2, before running the FRST Scan again.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,654
Try this fixlist:

1. FRST fix
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{48CD9577-944F-496C-B8AE-F6150240C2D1}
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

2. Revo Uninstaller
  • Open the program.
  • Write in the search area, on the top left, the following program:
Code:
Webroot
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the Sophos Anti-Virus items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.
Repeat the above procedure for the following: Core


3. Fresh FRST logs

Scan with FRST tool and provide fresh logs (FRST and Addition).


In your next reply please post:
  1. The fixlog.txt
  2. What happened with Revo
  3. Fresh FRST logs (FRST and Addition)
 

Panzer4

Thread Starter
Joined
Nov 25, 2003
Messages
1,717
Revouninstaller said 0 files were found. I looked on the list and of course it wasn't there.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,654
Good.

Now please give me fresh FRST logs (FRST and Addition), please. :)
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
1,654
Thank you.

Let's see if we have better luck in Safe mode now.

1. Restart with Safe mode
  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {232B58FA-9FBE-4147-93F1-5D62A391B033} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [149224 2020-08-05] (Webroot Inc. -> Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [58304 2020-08-05] (Webroot, Inc -> Webroot)
U1 aswbdisk; no ImagePath
2021-05-15 01:59 - 2021-05-15 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2021-05-13 02:50 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2021-05-13 02:45 - 2021-05-13 02:45 - 004585424 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael McDonald\Downloads\avira_en_sptl1_f8dc36737754b924__prtz1.exe
2021-05-12 09:46 - 2021-05-12 09:46 - 000000000 ____D C:\Users\Michael McDonald\AppData\LocalLow\IObit
2021-05-12 09:45 - 2021-05-12 09:45 - 019578824 _____ (IObit ) C:\Users\Michael McDonald\Downloads\db-installer.exe
2021-05-12 04:26 - 2021-05-12 04:26 - 000000000 ____D C:\Users\Michael McDonald\AppData\Local\O&O_Software_GmbH
2021-05-12 04:26 - 2021-05-12 04:26 - 000000000 ____D C:\Users\Michael McDonald\AppData\Local\O&O
2021-05-12 04:24 - 2021-05-12 04:36 - 000000000 ____D C:\WINDOWS\system32\oodag
2021-05-12 04:24 - 2021-05-12 04:24 - 000000000 ____D C:\ProgramData\OO Software
2021-05-12 04:21 - 2021-05-12 04:21 - 027330616 _____ (O&O Software GmbH) C:\Users\Michael McDonald\Downloads\OODefrag24Professional64Enu.exe
2021-05-10 20:55 - 2021-05-12 12:24 - 000000000 ____D C:\ProgramData\IObit
2021-05-10 20:54 - 2021-05-12 12:24 - 000000000 ____D C:\Users\Michael McDonald\AppData\Roaming\IObit
2021-05-10 20:54 - 2021-05-10 16:43 - 050038216 _____ (IObit ) C:\Users\Michael McDonald\Downloads\asc-trial-setup - Copy.exe
2021-05-04 13:24 - 2021-05-04 13:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-04-26 12:25 - 2021-05-15 02:00 - 000000000 ____D C:\Program Files (x86)\Avira
2021-04-26 12:25 - 2021-05-15 01:35 - 000000000 ____D C:\ProgramData\Avira
2021-04-26 12:24 - 2021-04-26 12:24 - 004564000 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release(1).exe
2021-04-26 12:23 - 2021-04-26 12:23 - 004564000 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release.exe
2021-04-18 11:52 - 2021-05-12 04:50 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2021-04-18 11:50 - 2021-04-18 11:50 - 002810752 _____ (Kaspersky) C:\Users\Michael McDonald\Downloads\ks4.021.3.10.391en_es_25350.exe
2021-04-17 11:50 - 2021-05-10 02:26 - 000000000 ____D C:\Users\Michael McDonald\AppData\Local\AVAST Software
2021-04-17 11:41 - 2021-05-11 23:31 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-17 11:39 - 2021-04-17 11:39 - 000220392 _____ (AVAST Software) C:\Users\Michael McDonald\Downloads\avast_free_antivirus_setup_online.exe
2021-04-16 15:28 - 2021-04-16 15:28 - 056114992 _____ C:\Users\Michael McDonald\Downloads\TotalAV_Setup(1).exe
2021-04-16 12:54 - 2021-04-16 12:54 - 000000000 ____D C:\ProgramData\TotalAV
2021-04-16 12:51 - 2021-04-16 12:51 - 056114992 _____ C:\Users\Michael McDonald\Downloads\TotalAV_Setup.exe
2021-05-15 01:59 - 2020-08-05 12:18 - 000000000 ____D C:\Program Files\Webroot
2021-05-14 12:03 - 2020-05-24 13:41 - 000000000 ____D C:\Users\Michael McDonald\AppData\Roaming\Easeware
2021-05-04 21:25 - 2017-02-08 02:42 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-05-04 21:25 - 2017-02-08 02:34 - 000000000 ____D C:\ProgramData\McAfee
2021-05-04 13:28 - 2018-11-11 03:54 - 000000000 ____D C:\Program Files\McAfee
2021-04-17 09:06 - 2017-05-11 07:59 - 000000000 ____D C:\Ranulph
AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
C:\Program Files\Webroot
C:\WINDOWS\System32\drivers\WRkrn.sys 
C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys
C:\Program Files\Common Files\Webroot
C:\Program Files (x86)\Common Files\Webroot
CustomCLSID: HKU\S-1-5-21-1034979164-3765340690-1298794446-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Michael McDonald\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\Microsoft.Nucleus.exe" => No File
CustomCLSID: HKU\S-1-5-21-1034979164-3765340690-1298794446-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Michael McDonald\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\Microsoft.Nucleus.exe" => No File
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top