Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Computer runs more and more slowly

Solved 
13K views 223 replies 2 participants last post by  DR.M 
#1 ·
I bought this computer about a year and a half ago as an interim measure between the death of my last self-built gaming machine and the birth of my next one. I must say that I have been surprised that it runs games as seamlessly and smoothly as it does. In other functions, though, it has slowed considerably, gradually over time. I have used several freeware apps to keep it relatively healthy, though I fear that I might not have helped as much as I might have hindered. I know that it needs to go through the cleaning process if someone is just willing to take me through it. Thanks.



Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19041, Installed 20200929042102.000000-480
Processor: AMD FX(tm)-6350 Six-Core Processor, AMD64 Family 21 Model 2 Stepping 0, CPU Count: 6
Total Physical RAM: 8 GB
Graphics Card: AMD Radeon (TM) R7 360 Series
Hard Drives: C: 930 GB (685 GB Free); F: 269 GB (199 GB Free); G: 195 GB (166 GB Free);
Motherboard: ASUSTeK Computer INC. M5A78L-M/USB3, ver Rev X.0x, s/n 160674283300355
System: American Megatrends Inc., ver 120214 - 20141202, s/n System Serial Number
Antivirus: Avira Antivirus, Enabled and Updated
 

Attachments

See less See more
#30 ·
Thank you.

Let's see if we have better luck in Safe mode now.

1. Restart with Safe mode
  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {232B58FA-9FBE-4147-93F1-5D62A391B033} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [149224 2020-08-05] (Webroot Inc. -> Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [58304 2020-08-05] (Webroot, Inc -> Webroot)
U1 aswbdisk; no ImagePath
2021-05-15 01:59 - 2021-05-15 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2021-05-13 02:50 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2021-05-13 02:45 - 2021-05-13 02:45 - 004585424 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael McDonald\Downloads\avira_en_sptl1_f8dc36737754b924__prtz1.exe
2021-05-12 09:46 - 2021-05-12 09:46 - 000000000 ____D C:\Users\Michael McDonald\AppData\LocalLow\IObit
2021-05-12 09:45 - 2021-05-12 09:45 - 019578824 _____ (IObit ) C:\Users\Michael McDonald\Downloads\db-installer.exe
2021-05-12 04:26 - 2021-05-12 04:26 - 000000000 ____D C:\Users\Michael McDonald\AppData\Local\O&O_Software_GmbH
2021-05-12 04:26 - 2021-05-12 04:26 - 000000000 ____D C:\Users\Michael McDonald\AppData\Local\O&O
2021-05-12 04:24 - 2021-05-12 04:36 - 000000000 ____D C:\WINDOWS\system32\oodag
2021-05-12 04:24 - 2021-05-12 04:24 - 000000000 ____D C:\ProgramData\OO Software
2021-05-12 04:21 - 2021-05-12 04:21 - 027330616 _____ (O&O Software GmbH) C:\Users\Michael McDonald\Downloads\OODefrag24Professional64Enu.exe
2021-05-10 20:55 - 2021-05-12 12:24 - 000000000 ____D C:\ProgramData\IObit
2021-05-10 20:54 - 2021-05-12 12:24 - 000000000 ____D C:\Users\Michael McDonald\AppData\Roaming\IObit
2021-05-10 20:54 - 2021-05-10 16:43 - 050038216 _____ (IObit ) C:\Users\Michael McDonald\Downloads\asc-trial-setup - Copy.exe
2021-05-04 13:24 - 2021-05-04 13:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-04-26 12:25 - 2021-05-15 02:00 - 000000000 ____D C:\Program Files (x86)\Avira
2021-04-26 12:25 - 2021-05-15 01:35 - 000000000 ____D C:\ProgramData\Avira
2021-04-26 12:24 - 2021-04-26 12:24 - 004564000 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release(1).exe
2021-04-26 12:23 - 2021-04-26 12:23 - 004564000 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release.exe
2021-04-18 11:52 - 2021-05-12 04:50 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2021-04-18 11:50 - 2021-04-18 11:50 - 002810752 _____ (Kaspersky) C:\Users\Michael McDonald\Downloads\ks4.021.3.10.391en_es_25350.exe
2021-04-17 11:50 - 2021-05-10 02:26 - 000000000 ____D C:\Users\Michael McDonald\AppData\Local\AVAST Software
2021-04-17 11:41 - 2021-05-11 23:31 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-17 11:39 - 2021-04-17 11:39 - 000220392 _____ (AVAST Software) C:\Users\Michael McDonald\Downloads\avast_free_antivirus_setup_online.exe
2021-04-16 15:28 - 2021-04-16 15:28 - 056114992 _____ C:\Users\Michael McDonald\Downloads\TotalAV_Setup(1).exe
2021-04-16 12:54 - 2021-04-16 12:54 - 000000000 ____D C:\ProgramData\TotalAV
2021-04-16 12:51 - 2021-04-16 12:51 - 056114992 _____ C:\Users\Michael McDonald\Downloads\TotalAV_Setup.exe
2021-05-15 01:59 - 2020-08-05 12:18 - 000000000 ____D C:\Program Files\Webroot
2021-05-14 12:03 - 2020-05-24 13:41 - 000000000 ____D C:\Users\Michael McDonald\AppData\Roaming\Easeware
2021-05-04 21:25 - 2017-02-08 02:42 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-05-04 21:25 - 2017-02-08 02:34 - 000000000 ____D C:\ProgramData\McAfee
2021-05-04 13:28 - 2018-11-11 03:54 - 000000000 ____D C:\Program Files\McAfee
2021-04-17 09:06 - 2017-05-11 07:59 - 000000000 ____D C:\Ranulph
AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
C:\Program Files\Webroot
C:\WINDOWS\System32\drivers\WRkrn.sys 
C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys
C:\Program Files\Common Files\Webroot
C:\Program Files (x86)\Common Files\Webroot
CustomCLSID: HKU\S-1-5-21-1034979164-3765340690-1298794446-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Michael McDonald\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\Microsoft.Nucleus.exe" => No File
CustomCLSID: HKU\S-1-5-21-1034979164-3765340690-1298794446-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Michael McDonald\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\Microsoft.Nucleus.exe" => No File
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 
#32 ·
It seems that we will need some work here, more than expected.

Normal mode now.

Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot).

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
  • Please post the result you got (a screenshot).
 
#38 ·
Let's try to run the fix from the Recovery Environment.

You will need a USB drive.

1. Preparation
  • Download FRST64 tool from here and save it in the USB drive.
  • Open a notepad window (Start > All Programs > Accessories > Notepad), copy and paste the following code in it, and name it as fixlist.txt. Change the Save as Type to All Files and save it in the USB drive where the FRST64 is. Be careful to select the whole content of the code below.
    Code:
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
    GroupPolicy-Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
    Task: {232B58FA-9FBE-4147-93F1-5D62A391B033} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
    R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [5555632 2021-05-04] (Webroot Inc. -> Webroot)
    R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [149224 2020-08-05] (Webroot Inc. -> Webroot)
    R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [58304 2020-08-05] (Webroot, Inc -> Webroot)
    U1 aswbdisk; no ImagePath
    2021-05-15 01:59 - 2021-05-15 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
    2021-05-13 02:50 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
    2021-05-13 02:45 - 2021-05-13 02:45 - 004585424 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael McDonald\Downloads\avira_en_sptl1_f8dc36737754b924__prtz1.exe
    2021-05-12 09:46 - 2021-05-12 09:46 - 000000000 ____D C:\Users\Michael McDonald\AppData\LocalLow\IObit
    2021-05-12 09:45 - 2021-05-12 09:45 - 019578824 _____ (IObit ) C:\Users\Michael McDonald\Downloads\db-installer.exe
    2021-05-12 04:26 - 2021-05-12 04:26 - 000000000 ____D C:\Users\Michael McDonald\AppData\Local\O&O_Software_GmbH
    2021-05-12 04:26 - 2021-05-12 04:26 - 000000000 ____D C:\Users\Michael McDonald\AppData\Local\O&O
    2021-05-12 04:24 - 2021-05-12 04:36 - 000000000 ____D C:\WINDOWS\system32\oodag
    2021-05-12 04:24 - 2021-05-12 04:24 - 000000000 ____D C:\ProgramData\OO Software
    2021-05-12 04:21 - 2021-05-12 04:21 - 027330616 _____ (O&O Software GmbH) C:\Users\Michael McDonald\Downloads\OODefrag24Professional64Enu.exe
    2021-05-10 20:55 - 2021-05-12 12:24 - 000000000 ____D C:\ProgramData\IObit
    2021-05-10 20:54 - 2021-05-12 12:24 - 000000000 ____D C:\Users\Michael McDonald\AppData\Roaming\IObit
    2021-05-10 20:54 - 2021-05-10 16:43 - 050038216 _____ (IObit ) C:\Users\Michael McDonald\Downloads\asc-trial-setup - Copy.exe
    2021-05-04 13:24 - 2021-05-04 13:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
    2021-04-26 12:25 - 2021-05-15 02:00 - 000000000 ____D C:\Program Files (x86)\Avira
    2021-04-26 12:25 - 2021-05-15 01:35 - 000000000 ____D C:\ProgramData\Avira
    2021-04-26 12:24 - 2021-04-26 12:24 - 004564000 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release(1).exe
    2021-04-26 12:23 - 2021-04-26 12:23 - 004564000 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael McDonald\Downloads\avira_en_sptl1_8d6cb677dffb2ecd__pfsws-spotlight-release.exe
    2021-04-18 11:52 - 2021-05-12 04:50 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2021-04-18 11:50 - 2021-04-18 11:50 - 002810752 _____ (Kaspersky) C:\Users\Michael McDonald\Downloads\ks4.021.3.10.391en_es_25350.exe
    2021-04-17 11:50 - 2021-05-10 02:26 - 000000000 ____D C:\Users\Michael McDonald\AppData\Local\AVAST Software
    2021-04-17 11:41 - 2021-05-11 23:31 - 000000000 ____D C:\ProgramData\Avast Software
    2021-04-17 11:39 - 2021-04-17 11:39 - 000220392 _____ (AVAST Software) C:\Users\Michael McDonald\Downloads\avast_free_antivirus_setup_online.exe
    2021-04-16 15:28 - 2021-04-16 15:28 - 056114992 _____ C:\Users\Michael McDonald\Downloads\TotalAV_Setup(1).exe
    2021-04-16 12:54 - 2021-04-16 12:54 - 000000000 ____D C:\ProgramData\TotalAV
    2021-04-16 12:51 - 2021-04-16 12:51 - 056114992 _____ C:\Users\Michael McDonald\Downloads\TotalAV_Setup.exe
    2021-05-15 01:59 - 2020-08-05 12:18 - 000000000 ____D C:\Program Files\Webroot
    2021-05-14 12:03 - 2020-05-24 13:41 - 000000000 ____D C:\Users\Michael McDonald\AppData\Roaming\Easeware
    2021-05-04 21:25 - 2017-02-08 02:42 - 000000000 ____D C:\Program Files\Common Files\McAfee
    2021-05-04 21:25 - 2017-02-08 02:34 - 000000000 ____D C:\ProgramData\McAfee
    2021-05-04 13:28 - 2018-11-11 03:54 - 000000000 ____D C:\Program Files\McAfee
    2021-04-17 09:06 - 2017-05-11 07:59 - 000000000 ____D C:\Ranulph
    AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}
    BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
    BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-08-05] (Webroot Inc. -> Webroot)
    C:\Program Files\Webroot
    C:\WINDOWS\System32\drivers\WRkrn.sys
    C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys
    C:\Program Files\Common Files\Webroot
    C:\Program Files (x86)\Common Files\Webroot
    CustomCLSID: HKU\S-1-5-21-1034979164-3765340690-1298794446-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Michael McDonald\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\Microsoft.Nucleus.exe" => No File
    CustomCLSID: HKU\S-1-5-21-1034979164-3765340690-1298794446-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Michael McDonald\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\Microsoft.Nucleus.exe" => No File

After that:

2. Enter System Recovery Options from the Advanced Boot Options
  • Start by shutting down your computer.
  • Press on the power button on the case to turn it on.
  • After the computer is about 3 - 5 seconds into the boot-up process, hold down the power button to shut down the computer.
  • Repeat the above process once again.
  • For the third time, turn on the computer and allow it to boot up.
  • If you completed the process correctly, a message saying Preparing Automatic Repair should appear.
  • In a few seconds, another message will appear stating Diagnosing your PC and Automatic Repair will open.
  • When you reach the Automatic Repair screen, click on Advanced Options.
  • At the next screen, select Troubleshoot.
  • When you see the next screen, select Advanced Options.
  • You will get the following options:
    • Startup Repair
    • Startup Settings
    • Command Prompt
    • Uninstall Updates
    • System Restore
    • System Image Recovery
  • Select Command Prompt.

Apply FRST fix from the Command Prompt
  1. In the black window that will open, called command prompt, type notepad and press on Enter.
  2. Notepad will open. Click on the File menu and select Open.
  3. Click on Computer, find the letter for your USB Flash Drive, then close the window and Notepad.
  4. In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe) and press on Enter. As I told you before, run both of them if you are unsure about the architecture (x32 or x64) of your computer. Only the right one will run. IMPORTANT: Replace the letter e with the drive letter of your USB Flash Drive.
  5. FRST will open.
  6. Click on Yes to accept the disclaimer.
  7. Click on the Fix button and wait for the scan to complete.
  8. A log called fixlog.txt will be saved on your USB Flash Drive.

Please post the fixlog in your next reply.
 
#42 ·
Sorry to be responding so late, but I had to wait for my wife to get home to push the switch as I am disabled and can't reach the computer. I completed the first step just fine, but try as we might, in about twenty tries, we were unable to get the desired result in the second step. Now what?
 
#45 ·
Were you able to reach the Advance Boot Options screen?

Please give me more information about what happened and what do you mean by the following:

it would just go ahead with the boot sequence until it was fully on. Then that was it. The computer just sat there running.
 
#47 ·
Thank you.

Please try this to go to the Advanced Boot Options:
  • Start normally and log in Windows.
  • Press the Windows icon on the keyboard together with the letter i, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Command Prompt.
Continue with the rest of the instructions, under the green title here.
 
#49 · (Edited)
Not sure what you did and the script inside the fixlist appears in such a mess. However, let's hope that the "Not found" indication shows that the specific items were removed.

Please now start in normal mode and make another scan with FRST tool. I would like to see fresh logs, FRST and Addition.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top