Why my Dell Precision T3500 has Slow Performance/Sluggish?

Dell / Precision t 3500
September 18, 2019 at 13:15:35
Specs: Windows 7 Professional, 4.00 GB Dual Channel DDR3

Hello,

Recently I have noticed my computer taking longer then expected to responding occurring from the time when it boots up all the way until it is time to shut down. It has gradually become slower and/or suddenly stopped working. CPU, RAM Processes seem to be running good. Recently, I opened the case did a dust cleaning, changed and put in a new hard drive, Seagate Barracuda 1TB 3.5 Internal Deskstop ST1000DM010, replaced the motherboard battery. I download HijackThis. The Log is posted below. As to why it is experiencing a system performance issue, could be a variety of reasons. Your feedback would be much appreciated.

Thank you,
Chris

DELL Precision T3500
Dell Motherboard Intel X58
Intel Xeon W3565
RAM 4.00 GB
Windows 7 Professional
64-bit Operating System

Seagate Barracuda 1TB 3.5 Internal Desktop 7200 RPM EDO DRAM HDD SATA 6Gb/s ST1000DM010

256 MB NVIDIA Quadro NVS 295
256 MB NVIDIA Quadro NVS 295

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:05:13 PM, on 9/18/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19463)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Users\CHRIS\Desktop\IQFeed\iqconnect.exe
C:\Program Files (x86)\Forex.com CA\terminal.exe
C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Client\XtuUiLauncher.exe
C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Client\PerfTune.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\LastPass\LastPassBroker.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\CHRIS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86CLHYMV\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?L...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?L...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Captain Cooks Casino - {6B275E8B-CB38-45EE-90A9-16EF075DE131} - C:\Microgaming\Casino\captaincooks\casinogame.exe (file missing) (HKCU)
O9 - Extra button: Captain Cooks Casino - {8BB79B89-4A80-4609-9DBA-03FD62AA786E} - C:\Microgaming\Casino\captaincooks\casinogame.exe (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qs...
O18 - Protocol: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - (no file)
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA WMI Provider (NVWMI) - Unknown owner - C:\Windows\system32\nvwmi64.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility Service (XTU3SERVICE) - Intel(R) Corporation - C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\XtuService.exe

--
End of file - 10171 bytes


See More: Why my Dell Precision T3500 has Slow Performance/Sluggish?

Reply ↓  Report •

#1
September 18, 2019 at 14:09:02
My guess is to at least double your ram to 8gb

Davidw


Reply ↓  Report •

#2
September 18, 2019 at 15:09:59
More RAM would definitely be helpful. There are also some questionable programs listed, plus HiJackThis, Spybot, & SuperAntiSpyware? I haven't heard those programs mentioned in quite some time. Most have moved on to AdwCleaner & MalwareBytes. Did you see this warning when you posted the log?

"DO NOT post a HiJackThis log here unless an expert has requested it."

I suspect you have numerous background programs sucking the life out of your PC. Open CCleaner, click Tools > Startup & see what's listed. Click "save to text file.." then post the list.

message edited by riider


Reply ↓  Report •

#3
September 18, 2019 at 15:54:41
Hello riider,

Sorry for posting a HijackThis Log. I didn't see the "do not post HijackThis" warning that was posted. Let me know any other information that you need. I will follow the ccleaner instructions.

Thank you,
Chris

message edited by ChrisH5


Reply ↓  Report •

Related Solutions

#4
September 18, 2019 at 16:06:23
You can edit your initial post to remove the hijackthis content

Reply ↓  Report •

#5
September 18, 2019 at 16:16:41
"I opened the case did a dust cleaning"
Did you do the power supply?
Suck & blow, loosen the 2 or 3 outside vents dust with a brush.
https://www.pcsteps.com/16112-safel...

Reply ↓  Report •

#6
September 18, 2019 at 16:19:26
"Sorry for posting a HijackThis Log. I didn't see the "do not post HijackThis" warning that was posted"
It's Ok Chris, I can use it.

Reply ↓  Report •

#7
September 18, 2019 at 21:05:19
While JohnW is looking it over it would be a good idea to run these and post their logs in separate replies:
ADWCleaner
Malwarebytes
Remove all they find and copy/paste logs.

I suspect also that the list of start up programs will be long and will need to be trimmed down.

More memory is almost always a good idea. Today Windows 7 64bit runs best on 8GB to 16GB RAM.

You have to be a little bit crazy to keep you from going insane.


Reply ↓  Report •

#8
September 19, 2019 at 06:41:54
Hello Fingers,

Below I've posted the log for AdwCleaner.

Thank you,
Chris

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-09-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-18-2019
# Duration: 00:00:27
# OS: Windows 7 Professional
# Cleaned: 13
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\CHRIS\AppData\Local\StormFall
Deleted C:\Users\CHRIS\AppData\Roaming\StormFall

***** [ Files ] *****

Deleted C:\Users\CHRIS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\AppDataLow\Software\adawarebp
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [15939 octets] - [18/09/2019 16:17:34]
AdwCleaner[S00].txt - [2666 octets] - [18/09/2019 16:20:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

message edited by ChrisH5


Reply ↓  Report •

#9
September 19, 2019 at 07:42:50

Hello Fingers,

Below I've posted the log for Malwarebytes.

Thank you,
Chris

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/19/19
Scan Time: 9:48 AM
Log File: 1e35fa52-dae4-11e9-a0c4-d4ae52bbf9fc.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.625
Update Package Version: 1.0.12559
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: CHRIS-PC\CHRIS

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 315221
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 46 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.BundleInstaller, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\CAP9022.TMP, No Action By User, [468], [309975],1.0.12559

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


Reply ↓  Report •

#10
September 19, 2019 at 09:50:07

Hello riider,

Below I've posted the startup log for ccleaner.

Thank you,
Chris

Yes HKCU:Run CCleaner Smart Cleaning Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run MultiScreen C:\Program Files (x86)\MultiScreen\MultiScreen.exe
Yes HKCU:Run SpybotPostWindows10UpgradeReInstall Safer-Networking Ltd. "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SoundMAXPnP C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe


Reply ↓  Report •

#11
September 19, 2019 at 14:36:49
Next step Chris

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using this. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php
https://i.imgur.com/7UiiqWr.gif
https://i.imgur.com/6N1gfOj.gif.


Reply ↓  Report •

#12
September 19, 2019 at 17:35:19
Hello Johnw,

I downloaded Farber. I scanned, it produced two logs.

The link contains the logs:

http://www.fileconvoy.com/dfl.php?i...

Chris

message edited by ChrisH5


Reply ↓  Report •

#13
September 19, 2019 at 17:37:59
No joy Chris, click on your link & test please. Didn't work for me.

Reply ↓  Report •

#14
September 19, 2019 at 17:40:41
Hello Johnw,

Try the link now..

http://www.fileconvoy.com/dfl.php?i...

message edited by ChrisH5


Reply ↓  Report •

#15
September 19, 2019 at 17:47:48
Ok, got them Chris, on my way out, back in about 6 hrs.

Reply ↓  Report •

#16
September 19, 2019 at 19:42:45

Cool, sounds good. See ya..

Reply ↓  Report •

#17
September 19, 2019 at 23:07:06
Chris, you didn't run Farbar ( FRST64 ) from the desktop, you now need to move it, as per my post #11.

Copy & Paste only the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [108]
AlternateDataStreams: C:\Users\CHRIS\Desktop\Allied Med Miriam Arcilla T4 2018.jpg: 3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\CHRIS\Desktop\Allied Med Miriam Arcilla T4 2018.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\CHRIS\Documents\RBC Direct Deposit Form.jpg: 3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\CHRIS\Documents\RBC Direct Deposit Form.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1FB76A3C-AE5D-45AB-91D3-C39E94FC6ABA} - \StormFall W2 -> No File <==== ATTENTION
Task: {88DB7A4C-D3A8-4149-9F3A-A016407760C7} - \StormFall TM -> No File <==== ATTENTION
Task: {A6E229C9-DE6B-492C-BF0A-AF33E243E808} - \StormFall TW1 -> No File <==== ATTENTION
Task: {D36B6295-1D9D-4502-B304-588781C7F0A1} - \StormFall TW2 -> No File <==== ATTENTION
Task: {DED0C08B-DA30-4683-A277-92D1D17B8910} - System32\Tasks\{120C2371-2AB5-452F-8453-5791F62103C6} => C:\Windows\system32\pcalua.exe -a C:\Users\CHRIS\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {F15FCE5C-282A-4EA4-B9C3-1ECDE3C20653} - \StormFall W1 -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-2240059126-3600479083-713201222-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - No File
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Reply ↓  Report •

#18
September 19, 2019 at 23:11:14
Chis, you haven't responded to my post #5, I can't assume anything.

Reply ↓  Report •

#19
September 20, 2019 at 10:05:01

Hello Johnw,

Yes, I did clean and dusted the power supply and the outside vents.

Chris


Reply ↓  Report •

#20
September 20, 2019 at 15:19:49

Hello Johnw,


Below is the log that was generated from FRST from Post #17. Let me know if I missed anything.

Chris


Fix result of Farbar Recovery Scan Tool (x64) Version: 18-09-2019 01
Ran by CHRIS (20-09-2019 17:56:26) Run:1
Running from C:\Users\CHRIS\Desktop
Loaded Profiles: CHRIS (Available Profiles: CHRIS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [108]
AlternateDataStreams: C:\Users\CHRIS\Desktop\Allied Med Miriam Arcilla T4 2018.jpg: 3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\CHRIS\Desktop\Allied Med Miriam Arcilla T4 2018.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\CHRIS\Documents\RBC Direct Deposit Form.jpg: 3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\CHRIS\Documents\RBC Direct Deposit Form.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1FB76A3C-AE5D-45AB-91D3-C39E94FC6ABA} - \StormFall W2 -> No File <==== ATTENTION
Task: {88DB7A4C-D3A8-4149-9F3A-A016407760C7} - \StormFall TM -> No File <==== ATTENTION
Task: {A6E229C9-DE6B-492C-BF0A-AF33E243E808} - \StormFall TW1 -> No File <==== ATTENTION
Task: {D36B6295-1D9D-4502-B304-588781C7F0A1} - \StormFall TW2 -> No File <==== ATTENTION
Task: {DED0C08B-DA30-4683-A277-92D1D17B8910} - System32\Tasks\{120C2371-2AB5-452F-8453-5791F62103C6} => C:\Windows\system32\pcalua.exe -a C:\Users\CHRIS\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {F15FCE5C-282A-4EA4-B9C3-1ECDE3C20653} - \StormFall W1 -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-2240059126-3600479083-713201222-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - No File
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully
C:\Users\CHRIS\Desktop\Allied Med Miriam Arcilla T4 2018.jpg => ": 3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\CHRIS\Desktop\Allied Med Miriam Arcilla T4 2018.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\CHRIS\Documents\RBC Direct Deposit Form.jpg => ": 3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\CHRIS\Documents\RBC Direct Deposit Form.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FB76A3C-AE5D-45AB-91D3-C39E94FC6ABA} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FB76A3C-AE5D-45AB-91D3-C39E94FC6ABA} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W2 => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88DB7A4C-D3A8-4149-9F3A-A016407760C7} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88DB7A4C-D3A8-4149-9F3A-A016407760C7} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TM => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6E229C9-DE6B-492C-BF0A-AF33E243E808} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6E229C9-DE6B-492C-BF0A-AF33E243E808} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW1 => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D36B6295-1D9D-4502-B304-588781C7F0A1} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D36B6295-1D9D-4502-B304-588781C7F0A1} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW2 => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DED0C08B-DA30-4683-A277-92D1D17B8910}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DED0C08B-DA30-4683-A277-92D1D17B8910}" => removed successfully
C:\Windows\System32\Tasks\{120C2371-2AB5-452F-8453-5791F62103C6} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{120C2371-2AB5-452F-8453-5791F62103C6}" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F15FCE5C-282A-4EA4-B9C3-1ECDE3C20653} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15FCE5C-282A-4EA4-B9C3-1ECDE3C20653} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W1 => not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\S-1-5-21-2240059126-3600479083-713201222-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => removed successfully
HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\intu-tt2015 => removed successfully
HKLM\Software\Classes\CLSID\{5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} => not found
HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@lastpass.com/NPLastPass => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19993102 B
Java, Flash, Steam htmlcache => 1155 B
Windows/system/drivers => 181073946 B
Edge => 0 B
Chrome => 437677797 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 492855 B
LocalService => 33058 B
NetworkService => 42356 B
CHRIS => 259903584 B

RecycleBin => 46574413 B
EmptyTemp: => 910 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:58:53 ====


Reply ↓  Report •

#21
September 20, 2019 at 15:27:35
"Below is the log that was generated from FRST from Post #17. Let me know if I missed anything"
Is the comp still slow?

Reply ↓  Report •

#22
September 20, 2019 at 18:40:03

Hello John.

No, it is much better. Thank you very much for your help.

Chris


Reply ↓  Report •

#23
September 20, 2019 at 19:09:46
Good news Chris.
I would use CCleaner to disable this startup > Yes HKLM:Run ShadowPlay Microsoft Corporation

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
https://www.softpedia.com/get/Syste...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Reply ↓  Report •

#24
September 21, 2019 at 09:07:23
Hello John,

Going forward, what actions and/or things should I do to prevent my computer again from having performance-related problems?

P.S. I followed the instructions for post #23.

Thank you,
Chris

message edited by ChrisH5


Reply ↓  Report •

#25
September 21, 2019 at 16:48:25
"performance-related problems"

I also have CCleaner installed, but rarely use it, I have been using the Wise tools for many, many years.

Run both of these, in this order.
1: Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
https://www.softpedia.com/get/Syste...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/ImAsNPL.gif
https://i.imgur.com/ad7SEKM.gif

2: Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
https://www.softpedia.com/get/Tweak...
http://www.freewarefiles.com/Wise-R...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...

Extract from your log.
"AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"
That is to use once you have a problem, for realtime protection, I use MSE.
Microsoft Security Essentials ( MSE )
https://www.softpedia.com/get/Antiv...
http://windows.microsoft.com/en-us/...


Reply ↓  Report •

#26
September 22, 2019 at 13:47:32
Hello John,

I followed the instructions/download procedures for wise disk cleaner and wise registry cleaner for which you had given me below.

“I also have CCleaner installed, but rarely use it, I have been using the Wise tools for many, many years.
Run both of these, in this order.
1: Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
https://www.softpedia.com/get/Syste...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/ImAsNPL.gif
https://i.imgur.com/ad7SEKM.gif
2: Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
https://www.softpedia.com/get/Tweak...
http://www.freewarefiles.com/Wise-R...


I’m sorry to ask but I don’t know what you mean by this >>> “

Extract from your log.
"AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"
That is to use once you have a problem, for realtime protection, I use MSE.
Microsoft Security Essentials ( MSE )
https://www.softpedia.com/get/Antiv...
http://windows.microsoft.com/en-us/...

Thank you,
Chris

message edited by ChrisH5


Reply ↓  Report •

#27
September 22, 2019 at 18:18:01
"I’m sorry to ask"
That means you do not have an anti-virus installed & you should install MSE.

Reply ↓  Report •

Ask Question