Pc Apps Slow/freezing/crashing

wayne k · Nov 12, 2025 at 10:35 AM

On around Oct 15, I went to a site

***Link removed***

After a few seconds, it produced a prompt - one of those Captcha things with a message something like "Click Allow if you are not a robot." I clicked it a couple times. Then I realized that I shouldn’t have clicked it. The “Click Allow” prompt is no longer on that website.

Now the problem I’m having is after a few hours, up to a day or two, apps on my PC start getting slow, then freezing, then crashing. The screen goes black, then eventually comes back. I Restart and the cycle begins again.

I have attached all the logs you requested, except:
Every time I try to download MGTools in Firefox, I get a file with 0 bytes. I temporarily disabled real time protection in Malwarebytes and Windows Security during the attempted download. I uninstalled Malwarebytes. No help. I tried Edge - I get “MGtools (3).exe can't be downloaded securely”.

wayne k · Nov 12, 2025 at 8:18 AM

AdwCleaner log

Oh My! · Nov 12, 2025 at 10:16 AM

Greetings and welcome to the Major Geeks Malware Forum.

Please allow me some time to review what you have posted.

Oh My! · Nov 12, 2025 at 12:26 PM

Greetings.

I would recommend running AdwCleaner and removing all of the Preinstalled Software.

I would recommend running Malwarebytes and Windows Security in Side-by-Side mode.

GlanceGuest version 4.17.1.19
Click to expand...

Are you aware of this program on your computer?

Please do this.

===================================================

Running Malwarebytes Premium in Side-by-Side Mode

--------------------

Click Start, type Malwarebytes, then select Run as administrator

Click Settings

Under Windows Security Center turn off Always register Malwarebytes in the Windows Security Center

Close Malwarebytes then reboot your computer

Click Start, type Windows Security, then click Open

Check to see if Windows Defender is Enabled

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
CreateRestorePoint:
CloseProcesses:
c:\program files\mcafee
c:\program files\common files\mcafee
c:\program files (x86)\mcafee
c:\program files (x86)\common files\mcafee
C:\DELL\FD09N'c:\programdata\mcafee
Task: {6BCE9944-2FA3-4045-A9B3-C2310110D4DC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\wayne\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-03-26] (ESET, spol. s r.o. -> ESET)
Task: {CD574D96-4203-4790-A03E-AADFAA90514D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\wayne\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-03-26] (ESET, spol. s r.o. -> ESET)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File) 
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File) 
Task: {E8114F7C-0859-4760-A058-5700C923874F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File) 
Task: {14F2313E-F130-40CB-A579-81F64B5A7FD0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File) 
Task: {72829A4B-1A4E-4414-B303-6D00ACB037A5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File) 
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File] 
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File] 
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File] 
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File] 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION 
2025-11-10 22:09 - 2025-11-10 22:09 - 000377344 _____ C:\Users\wayne\Documents\~WRD1985.tmp 
2020-01-29 19:46 - 2020-01-29 19:46 - 000000171 _____ () C:\Users\wayne\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f 
2020-01-29 19:46 - 2020-01-29 19:46 - 000000304 _____ () C:\Users\wayne\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf 
2020-02-18 11:58 - 2020-02-18 11:58 - 000000171 _____ () C:\Users\wayne\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0 
2020-01-29 19:46 - 2020-01-29 19:46 - 000000175 _____ () C:\Users\wayne\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388 
C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\callobklhcbilhphinckomhgkigmfocg
C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\banocneifbhefcbiiahbjdaaciccmjke
C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\callobklhcbilhphinckomhgkigmfocg
SearchScopes: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001 -> DefaultScope {567FB402-7351-428E-B932-86AAF28B5D92} URL =
SearchScopes: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001 -> {567FB402-7351-428E-B932-86AAF28B5D92} URL =
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.

Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

Upon automatic reboot check your computer performance.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Aware of GlanceGuest?

Fixlog

Computer performance?

wayne k · Nov 12, 2025 at 3:42 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-11-2025
Ran by wayne (12-11-2025 15:05:18) Run:1
Running from C:\Users\wayne\Desktop
Loaded Profiles: wayne & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
c:\program files\mcafee
c:\program files\common files\mcafee
c:\program files (x86)\mcafee
c:\program files (x86)\common files\mcafee
C:\DELL\FD09N'c:\programdata\mcafee
Task: {6BCE9944-2FA3-4045-A9B3-C2310110D4DC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\wayne\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-03-26] (ESET, spol. s r.o. -> ESET)
Task: {CD574D96-4203-4790-A03E-AADFAA90514D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\wayne\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-03-26] (ESET, spol. s r.o. -> ESET)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {E8114F7C-0859-4760-A058-5700C923874F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {14F2313E-F130-40CB-A579-81F64B5A7FD0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {72829A4B-1A4E-4414-B303-6D00ACB037A5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
2025-11-10 22:09 - 2025-11-10 22:09 - 000377344 _____ C:\Users\wayne\Documents\~WRD1985.tmp
2020-01-29 19:46 - 2020-01-29 19:46 - 000000171 _____ () C:\Users\wayne\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2020-01-29 19:46 - 2020-01-29 19:46 - 000000304 _____ () C:\Users\wayne\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2020-02-18 11:58 - 2020-02-18 11:58 - 000000171 _____ () C:\Users\wayne\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2020-01-29 19:46 - 2020-01-29 19:46 - 000000175 _____ () C:\Users\wayne\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\callobklhcbilhphinckomhgkigmfocg
C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\banocneifbhefcbiiahbjdaaciccmjke
C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\callobklhcbilhphinckomhgkigmfocg
SearchScopes: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001 -> DefaultScope {567FB402-7351-428E-B932-86AAF28B5D92} URL =
SearchScopes: HKU\S-1-5-21-3409315567-1698705800-1941238463-1001 -> {567FB402-7351-428E-B932-86AAF28B5D92} URL =
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"c:\program files\mcafee" => not found
"c:\program files\common files\mcafee" => not found
"c:\program files (x86)\mcafee" => not found
"c:\program files (x86)\common files\mcafee" => not found
"C:\DELL\FD09N'c:\programdata\mcafee" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6BCE9944-2FA3-4045-A9B3-C2310110D4DC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BCE9944-2FA3-4045-A9B3-C2310110D4DC}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD574D96-4203-4790-A03E-AADFAA90514D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD574D96-4203-4790-A03E-AADFAA90514D}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8114F7C-0859-4760-A058-5700C923874F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8114F7C-0859-4760-A058-5700C923874F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14F2313E-F130-40CB-A579-81F64B5A7FD0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14F2313E-F130-40CB-A579-81F64B5A7FD0}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72829A4B-1A4E-4414-B303-6D00ACB037A5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72829A4B-1A4E-4414-B303-6D00ACB037A5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
C:\Users\wayne\Documents\~WRD1985.tmp => moved successfully
C:\Users\wayne\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f => moved successfully
C:\Users\wayne\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf => moved successfully
C:\Users\wayne\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0 => moved successfully
C:\Users\wayne\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388 => moved successfully

"C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\callobklhcbilhphinckomhgkigmfocg" Folder move:

C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\callobklhcbilhphinckomhgkigmfocg => moved successfully

"C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\banocneifbhefcbiiahbjdaaciccmjke" Folder move:

C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\banocneifbhefcbiiahbjdaaciccmjke => moved successfully

"C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\callobklhcbilhphinckomhgkigmfocg" Folder move:

C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\callobklhcbilhphinckomhgkigmfocg => moved successfully
"HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{567FB402-7351-428E-B932-86AAF28B5D92} => removed successfully

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========

The operation completed successfully.

========= End of Reg: =========

C:\Firewall.reg => moved successfully

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3409315567-1698705800-1941238463-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3409315567-1698705800-1941238463-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3409315567-1698705800-1941238463-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3409315567-1698705800-1941238463-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3409315567-1698705800-1941238463-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.26100.5074

Image Version: 10.0.26200.7171

The component store is repairable.
The operation completed successfully.

========= End of CMD: =========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 553702380 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 57656161 B
Edge => 0 B
Chrome => 112822882 B
Firefox => 534731791 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 9216 B
ProgramData => 9216 B
Public => 9216 B
systemprofile => 9216 B
systemprofile32 => 9216 B
LocalService => 71260 B
NetworkService => 459162 B
wayne => 190281726 B
defaultuser100000.DESKTOP-3BLPTLN => 190288894 B
Administrator.DESKTOP-3BLPTLN => 190313860 B

RecycleBin => 9291957336 B
EmptyTemp: => 10.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:10:07 ====

wayne k · Nov 12, 2025 at 3:44 PM

I would recommend running AdwCleaner and removing all of the Preinstalled Software….Those programs appeared to be Dell Support tools. Since my PC is out of warranty, I clicked Quarantine.

GlanceGuest version 4.17.1.19
Are you aware of this program on your computer?.......The only screen sharing I’ve ever done is with Dell Support using their console. Could this be their back-end program?

Check to see if Windows Defender is Enabled……..Looks like all protection is on, including Real Time protection. “Security at a glance” page shows all icons with “No action needed”. Is that what you mean?

Upon automatic reboot check your computer performance………It’s good now, but too soon to tell. I should know for sure in four days.

I keep getting ads popping up on your site. Is that typical?

Oh My! · Nov 12, 2025 at 4:52 PM

GlanceGuest might have been used by Dell. We should remove it since it was installed for a temporary purpose.

Windows Defender settings are good.

Ads are common, I receive them as well.

We need to run another command to correct some system errors.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

Download Revo Uninstaller Free Portable and save it to your Desktop

Right click on the folder and select Extract All..., then click Extract

Double click on the RevoUninstaller-Portable folder

Right click on RevoUPort and select Run as administrator

Click OK on the License Agreement

From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Code:
GlanceGuest
If the program's uninstaller appears work through the steps to remove the program(s)

Be sure the Advanced option is selected then click Scan

For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion

Once done click Finish

Reboot your computer

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
cmd: DISM /Online /Cleanup-Image /RestoreHealth
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

GlanceGuest removed?

Fixlog

wayne k · Nov 12, 2025 at 6:38 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-11-2025
Ran by wayne (12-11-2025 18:26:57) Run:2
Running from C:\Users\wayne\Desktop
Loaded Profiles: wayne
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
cmd: DISM /Online /Cleanup-Image /RestoreHealth
End::
*****************

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.26100.5074

Image Version: 10.0.26200.7171

[== 3.8% ]

[== 4.8% ]

[=== 5.7% ]

[=== 6.7% ]

[==== 7.7% ]

[===== 8.7% ]

[===== 9.7% ]

[====== 10.6% ]

[====== 11.6% ]

[======= 12.6% ]

[======= 13.6% ]

[======== 14.6% ]

[========= 15.5% ]

[========= 16.5% ]

[========== 17.5% ]

[========== 18.5% ]

[=========== 19.0% ]

[=========== 19.5% ]

[=========== 19.7% ]

[=========== 20.5% ]

[============ 21.5% ]

[============= 22.5% ]

[============= 23.5% ]

[============== 24.5% ]

[============== 25.4% ]

[=============== 26.4% ]

[=============== 27.4% ]

[================ 28.3% ]

[================ 28.4% ]

[================ 28.4% ]

[================ 29.1% ]

[================= 29.7% ]

[================= 30.4% ]

[================= 31.0% ]

[================== 31.4% ]

[================== 32.2% ]

[=================== 33.2% ]

[=================== 34.2% ]

[==================== 35.2% ]

[==================== 35.5% ]

[===================== 36.3% ]

[===================== 36.4% ]

[===================== 37.3% ]

[===================== 37.4% ]

[====================== 38.1% ]

[====================== 39.1% ]

[======================= 40.1% ]

[======================= 40.8% ]

[======================== 41.7% ]

[======================== 42.0% ]

[======================== 42.5% ]

[======================== 43.0% ]

[========================= 43.6% ]

[========================= 44.6% ]

[========================== 45.5% ]

[========================== 45.8% ]

[========================== 46.2% ]

[===========================47.2% ]

[===========================48.2% ]

[===========================49.1% ]

[===========================50.1% ]

[===========================51.1% ]

[===========================52.1% ]

[===========================53.0% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.2% ]

[===========================53.5% ]

[===========================53.6% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================53.8% ]

[===========================53.9% ]

[===========================53.9% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.2% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.5% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================54.7% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.0% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================56.0% ]

[===========================56.2% ]

[===========================56.2% ]

[===========================56.3% ]

[===========================56.5% ]

[===========================56.5% ]

[===========================56.5% ]

[===========================56.6% ]

[===========================57.1%= ]

[===========================58.0%= ]

[===========================59.0%== ]

[===========================59.4%== ]

[===========================59.5%== ]

[===========================59.5%== ]

[===========================60.0%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========

==== End of Fixlog 18:29:25 ====

wayne k · Nov 12, 2025 at 6:42 PM

GlanceGuest removed?.....Yes.

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”.....I agree.

Oh My! · Nov 12, 2025 at 7:06 PM

Thanks, that last system repair was successful.

He is the reason I do this.

Please run Windows Update until there are no more updates available or you receive an error message. If your receive an error, provide the error information in your reply.

wayne k · Nov 12, 2025 at 8:17 PM

He is the reason I do this....God “will repay each person according to what they have done.” Romans 2:6

Please run Windows Update ...I have my PC set for Get the latest updates as soon as they're available. Top banner states: "You're up to date."

Oh My! · Nov 12, 2025 at 8:35 PM

Great.

Let's monitor things for a few days to see how we are doing. Touch base then, or sooner if something comes up.

wayne k · Nov 12, 2025 at 8:51 PM

Will do. Thank you.

wayne k · Nov 12, 2025 at 9:05 PM

I just thought: I have an external drive that I plug in once a week to do a backup. Should we scan that for malware? I always leave it unplugged unless I'm doing the backup, at which time all other apps are closed.

Log in or Sign up

Pc Apps Slow/freezing/crashing

wayne k Private E-2

Attached Files:

Addition.txt

FRST.txt

Malwarebytes Scan Report 2025-11-11 022158.txt

HitmanPro_20251110_2109.log

Roguekiller log.txt

wayne k Private E-2

Attached Files:

AdwCleaner[S00].txt

Oh My! Malware Expert Staff Member

Oh My! Malware Expert Staff Member

wayne k Private E-2

wayne k Private E-2

Oh My! Malware Expert Staff Member

wayne k Private E-2

wayne k Private E-2

Oh My! Malware Expert Staff Member

wayne k Private E-2

Oh My! Malware Expert Staff Member

wayne k Private E-2

wayne k Private E-2

Log in or Sign up

Pc Apps Slow/freezing/crashing

wayne k Private E-2

Attached Files:

Addition.txt

FRST.txt

Malwarebytes Scan Report 2025-11-11 022158.txt

HitmanPro_20251110_2109.log

Roguekiller log.txt

wayne k Private E-2

Attached Files:

AdwCleaner[S00].txt

Oh My! Malware Expert Staff Member

Oh My! Malware Expert Staff Member

wayne k Private E-2

wayne k Private E-2

Oh My! Malware Expert Staff Member

wayne k Private E-2

wayne k Private E-2

Oh My! Malware Expert Staff Member

wayne k Private E-2

Oh My! Malware Expert Staff Member

wayne k Private E-2

wayne k Private E-2

Useful Searches