PowerShell 64-bit hanging on new machine

I recently got a new computer with plenty of horsepower and its works very fast everywhere except PowerShell.

Environment:

• Dell XPS 8930 (i7-8700K, 32GB RAM, 1TB NVMe SSD)
• Windows 10 Pro with latest updates (1809/10.0.17763)
• PowerShell 5.1.17763.316 and PowerShell Core 6.1.1
• I have plenty of memory left (>16GB) and CPU is near idle while it's hanging.
• Only Windows Defender (no other antivirus)

Some of the symptoms, which seem to be consistent:

• Opening PowerShell shows the copyright info and hangs there for 2 minutes before showing the prompt.
• I start typing a command and it takes almost a minute for the text to appear
• Once the text appears I can modify the command and it's responsive.
• I enter a simple command such as echo 'hello' and hit enter, it takes about 45 seconds for 'hello' to appear on the screen and another 45 seconds to return to the prompt.
• Once at the prompt typing a command is responsive, but the running it is slow again.
• Run the dir command in my home directory (few files/folders): about 2:30 before listing the directory, another 15 seconds to go back to the prompt.

Some attempted troubleshooting:

• PowerShell ISE: Takes about 5 minutes to get to prompt.
• PowerShell ISE (x86): It works fast!
• PowerShell (x86): Also works fast!
• PowerShell Core: Also very slow.
• PowerShell legacy console: No change.
• Opening up a regular command line and running powershell -NoProfile: No change.
• sfc /scannow: No problems found, rebooting doesn't help.
• Disable network connections: No change.
• Run Sysinternals procmon: Nothing obvious, but it always seems to hang right after some of the "Thread Exit" operations.
• Look at thread stacks in Sysinternals procexp: When it's hanging the main thread is always at ntdll.dll ZwWaitForMultipleObjects.
• Uninstall WSL/Hyper-V: No change.
• Ran "Microsoft .NET Framework Repair Tool" and rebooted, no change.
• Check C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline, only one 4KB file.
• $PSModuleAutoloadingPreference = 'none': no change. I wouldn't imagine running one of the basic commands such as echo multiple times would always try to load modules.
• netsh http show iplist:

IP addresses present in the IP listen list:

127.0.0.1

• Enable WinRM (winrm quickconfig): The service starts, but then it can't connect.
  • I can see port 5985 is being listened to by PID 4 when the service is started.
  • The Windows Firewall has the two "Windows Remote Management (HTTP-In)" entries for port 5985 (allow any remote address when in a private network/profile).
  • I can successfully telnet localhost 5985
  • After the WinRM service starts it takes about 7 minutes for it to respond with:

WSManFault ...

Error number: -2144108250 0x80338126 WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

The consistency in the delays makes me think there is some type of attempted connection and timeout, but I'm at a loss as to what that may be. Any gurus out there with ideas?

Thanks for the suggestion, but unfortunately it didn't make a difference. I had already tried disconnecting from all networks which I assumed would work in a similar way and any network requests would immediately fail.

I added a recommendation to reset.

Sure, reinstalling/resetting Windows would probably work. I'm dreading having to do that but it may just be the last option. If I do go ahead with that I'm going to open PowerShell every step of the way so that if it slows down again I know the cause. I've even considered opening a ticket with Microsoft since I'd like to understand what is causing it, but I think I'd reinstall first.

On second thought, before reinstalling I could try removing some lower-level software I have that is more likely to cause the issues. For example, I have Acronis True Image with ransomware protection. I've found True Image to be somewhat buggy/unreliable so it wouldn't surprise me if that's the culprit.

I removed the entry and PowerShell is still slow. However, it did allow me to install WinRM without any error, though that also didn't help with the slowness.

I was addressing the error, to many variables, with regards to the speed issue.

You were right, Acronis was not the culprit.

I tried regular safe mode (no networking/command prompt) and it didn't work, but that was a great idea! I'll look into Process Explorer some more tomorrow.

Bingo! Just looking at the 64-bit list I saw a McAfee DLL which was suspicious since Dell had it preinstalled but I had uninstalled. I still compared the two lists and nothing else seemed out of place. Add/Remove Programs didn't have anything so I used the McAfee Consumer Product Removal tool, rebooted and now everything's fast again. Chrome also no longer pauses after a download. Now I need to figure out how to get you the bounty since I think it just expired. :( I may need to gain more rep and then restart one.

Specifically, the culprit McAfee DLL was AMSIExt.dll which was located at C:\Program Files\mcafee\mfeav\amsiext.dll.

And thanks for sticking with me! I know a few days you said "Absolutely last ideas" but still gave me a few more.

@NelsonRothermel - It’s not the culprit

@Ramhound: Software doesn't always behave the same for everyone, but you were right. I had McAfee remnants interfering.