Fake virus popups and running extremely slowly

I am trying to cleanup an HP ProBook for a friend.  It runs extremely slowly, taking up to 40 minutes to boot up.  I ran a MalwareBytes scan which ran for 10 hours on a 500 GB disk and did no good.

 

 

Greetings and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

• First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
• It is important to not run any tools or take any steps other than those I will provide for you.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please copy and paste all logs into your post unless otherwise requested.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

Greetings.

The system is about 13 years old so there is only so much we can expect from it. There are some issues we can address but we can only get so far when it comes to performance.

Let's start with this.
 

==================== Memory info ===========================

BIOS: Hewlett-Packard 68ICE Ver. F.42 05/20/2013
Motherboard: Hewlett-Packard 17AB
Processor: Intel® Core i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 77%
Total physical RAM: 3975.48 MB
Available physical RAM: 894.56 MB
Total Virtual: 8071.48 MB
Available Virtual: 3231.26 MB

This is very little available RAM to efficiently run the operating system

===================================================

GSmartControl for Windows - Portable

-------------------

• Download GSmartControl for Windows - Portable and save it to your desktop
• Right click on gsmartcontrol.zip icon and select Extract All... then Extract
• Double click on the gsmartcontrol folder
• Right click on gsmartcontrol (not .manifest) and select Run as administrator
• Allow the program to search for and list your hard drive(s)
• Double click your drive C: drive
• Go to the Self-tests tab
• Make sure that the Test Type is set to Short Self-test
• Click the Execute button
• After the test completes, click the View Output button and copy and paste the contents in your reply

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

• Download Revo Uninstaller Free Portable and save it to your Desktop
• Right click on the folder and select Extract All..., then click Extract
• Double click on the RevoUninstaller-Portable folder
• Right click on RevoUPort and select Run as administrator
• Click OK on the License Agreement
• From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

SSOption

• If the program's uninstaller appears work through the steps to remove the program(s)
• Be sure the Advanced option is selected then click Scan
• For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
• Once done click Finish
• Reboot your computer

===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST64 icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://74ng76qecrpaf3.webmotion.co.in; hxxps://amgreatness.com; hxxps://cvggq81029pc73dalvu0.visolabala.co.in; hxxps://d10e1r8ko90s73e7e9l0.gms-adguard.co.in; hxxps://d2u8n8ghubcc7389bv70.webmotion.co.in; hxxps://radio.foxnews.com; hxxps://www.accuweather.com; hxxps://www.bandsintown.com; hxxps://www.cbssports.com; hxxps://www.facebook.com; hxxps://www.iheart.com; hxxps://www.usatoday.com
CHR Notifications: Default -> hxxps://odesclub.com; hxxps://www.cbssports.com; hxxps://www.dodgersnation.com; hxxps://www.facebook.com; hxxps://www.newsbreak.com; hxxps://www.pinterest.co.uk; hxxps://www.pinterest.ie
2025-10-06 04:15 - 2025-10-06 04:15 - 000000000 ____D C:\Users\gsegebade\AppData\LocalLow\Temp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
S3 hsstap; \SystemRoot\System32\drivers\hsstap.sys [X] 
Task: {04121FF1-519F-41B5-9086-CB08CCEAEB44} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
Task: {29817316-6EED-4776-9481-98BEC6DF328D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION 
Task: {322E5C15-9BEE-46C0-A1F7-D3B00BBC2F16} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION 
Task: {45905824-29C3-4D6B-AC4B-650612DCA01A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION 
Task: {61809F96-8261-4DC1-A055-E3BC2B0DC19C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION 
Task: {6EC1A5FA-2592-43E9-B043-17FBD61947FD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {6F6410F5-F0C4-495C-9673-1CEE391102BE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION 
Task: {7C6F5CB8-DB8C-4E10-ACBF-F9283B0F01CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
Task: {B3BDCB84-A553-40F5-8BAB-94EAC862E720} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION 
Task: {BADBDD3D-8D7D-47CF-A0C7-58C88FC3DFEE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION 
Task: {CBD402D7-A169-4365-B415-977BB64BF3C0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION 
Task: {D613EB01-2625-4FD7-979D-2AA9D00B0238} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {EA3528D4-B37F-40FD-98AE-E80B1D68CB20} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION 
Task: {FC4C1DF5-39BA-4A3E-9346-B46ED71EFC34} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION 
Task: {06ACB895-08FC-44D1-A41F-E552F9329ED5} - System32\Tasks\AdwCleaner_onReboot => C:\Users\gsegebade\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\adwcleaner_8.0.2 (1).exe  /r (No File) 
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File) 
Task: {AB3285F2-ECE6-43C9-AF8D-45C405C505B7} - System32\Tasks\Opera scheduled Autoupdate 1636817210 => C:\Users\gsegebade\AppData\Local\Programs\Opera\launcher.exe  --scheduledautoupdate $(Arg0) (No File) 
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) 
FirewallRules: [{DCE6836F-C7D7-4326-887A-16AE2D5D41AC}] => (Allow) C:\Users\gsegebade\AppData\Roaming\Zoom\bin\airhost.exe => No File 
FirewallRules: [{C30E7774-CA37-4121-9F28-4F1EFF5B9F25}] => (Allow) C:\Users\gsegebade\AppData\Local\Programs\Opera\82.0.4227.33\opera.exe => No File 
FirewallRules: [{3B06537B-C647-4A6E-8695-7B5DC92CE617}] => (Allow) C:\Users\gsegebade\AppData\Local\Programs\Opera\82.0.4227.43\opera.exe => No File 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• GSmart report
• Program removed?
• Fixlog
• Pop up gone?

Thank you very much for your help and your quick response.

I have a similar HP laptop of similar vintage that I use daily. While is isn't super fast by current standards, it has none if the issues this one does, booting up or response time.

I am running the requested apps and will post results; but, for example, the GSmartControl scan, with ETA of 2 min had to be restarted once and took about 50 minutes.

Revo Uninstaller run

SSOption Uninstalled

 

Advanced scan run, no leftover items found.  

 

System rebooted. Boot was much quicker.  No popups so far.

 

Starting FRST64

Please be sure to copy and paste the Fixlog.txt report that is created after running the FRST64 in your reply.

Thank you for your effort.
 

Beginning system scan. This process will take some time.
There is a system repair pending which requires reboot to complete. Restart
Windows and run sfc again.

Please run the below to see if the previous reboot resolved the pending repair.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST64 icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CloseProcesses:
cmd: sfc /scannow
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Fixlog

Thank you for your help.  Scan completed.  Reboot took about two minutes, so much faster.  No popups.