Slow Laptop

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by amateur09, Dec 8, 2025 at 6:47 PM.

  1. amateur09

    amateur09 Private E-2

    My sons laptop runs real slow to start and shut down as well as opening and closing apps after it's started. I know he previously had similar issues with this laptop, but I don't know the specifics as he died about 3 years ago and has had very limited usage since his passing. If I bring up task manager, the disc usage stays at 100%. Attached are the logs I ran about a month ago. The battery was shot after only a year and I just replaced it yesterday. I'm guessing the battery issue isn't related to these problems but rather a bad battery. Thanks in advance for your help.
     

    Attached Files:

    amateur09, Dec 8, 2025 at 6:47 PM
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome back to the Major Geeks Malware Forum.

    I am so sorry to hear about your son. I can't even imagine how difficult that would be.

    While I review things please do this.

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download FRST64 and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================

    Things I would like to see in your next reply.
    • Attached reports
     
    Oh My!, Dec 8, 2025 at 9:01 PM
    #2
  3. amateur09

    amateur09 Private E-2

    Attached is the requested reports.
     

    Attached Files:

    amateur09, Dec 9, 2025 at 8:11 AM
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for your patience.

    There is no evidence of malicious software on the system but let's see what we can do.

    Please start with this.

    ===================================================

    Rerun AdwCleaner and select the option to remove all Preinstalled software. Copy and paste the report in your reply.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CreateRestorePoint:
CloseProcesses:
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
Edge HKLM-x32\...\Edge\Extension: [fphgeikpdcdcheaochkhldmnfblfogla]
2025-11-03 20:41 - 2025-11-03 20:41 - 000135168 _____ C:\Users\twron\Downloads\MGtools.3-vkHVAF.exe.part
2020-03-18 18:57 - 2020-11-05 21:31 - 000000081 _____ () C:\Users\twron\AppData\Local\.bidstack.fault
HKU\S-1-5-21-1942162625-1406552919-4237404059-1005\...\StartupApproved\Run: => "NordVPN"
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {18405566-0481-49A4-A65D-1CC7CAF2276A} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => %WINDIR%\system32\SecureBootEncodeUEFI.exe  (No File)
Task: {DB607E7D-7179-4ECA-BC0C-B046A83D214F} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => %ProgramFiles%\rempl\remsh.exe  /RunUsoScanOnly (No File)
Task: {0BB36A32-0D9E-4297-AFD7-6BD7B5DB4C9B} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe  (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe  Reboot (No File)
Task: {1C8CB2FE-56D5-4457-B4B3-9C6753B62AAF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
Task: {98F8B1E5-776E-4E44-A484-47B1D3B8418E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
Task: {CFC2C4F4-EEA5-4B91-96F2-A16C1BBDA4BF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe  Display (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
CustomCLSID: HKU\S-1-5-21-1942162625-1406552919-4237404059-1005_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\twron\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
    • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • AdwCleaner report
    • Fixlog
     
    Oh My!, Dec 9, 2025 at 4:42 PM
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds