[icotonev]

Farbar Recovery Scan Tool - Fix
 

• Highlight the contents of the below code box and press Ctrl + C on your keyboard:

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-259350032-3561555504-2751918716-1001\...\MountPoints2: {5f571127-6f68-11ea-99fa-b05216366f28} - "E:\startme.exe" 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=MCFFD7245-7BC9-49DC-B424-F05055F63456&SearchSource=55&CUI=&UM=6&UP=SPA78BD1B1-1931-4ADE-8DDA-972D132E8B49&SSPV="
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <not found>
CHR HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>
2020-03-27 12:08 - 2020-03-27 12:07 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
AS: AVG Antivirus (Disabled - Out of date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FirewallRules: [{031844B1-5B4B-4DB0-B173-133C040D4159}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File
FirewallRules: [{6089B0DA-EA15-4C2E-92BB-1E3E2335EBE7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File
FirewallRules: [{966BF1A5-A91B-43E6-BA94-5F8F5C62B5E4}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D4A1DFA6-B891-49CB-8D3D-C1FF6537B91C}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File
FirewallRules: [{A1783E92-96B7-4DAF-A4C6-9F08D085D95A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File
FirewallRules: [{FA30F225-E0F4-469C-8071-7A5D28B71F7A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B743FC8D-08F0-4D31-A0CE-CC683B9A6E26}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File
FirewallRules: [{7D27C104-060E-4AB2-BEB7-2680D2F4CAED}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File
FirewallRules: [{578E924B-99EB-4966-A056-517A471901A7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File
FirewallRules: [{A62D9C6C-8958-4DFB-A52B-C1E360929F2D}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File
FirewallRules: [UDP Query User{CB432846-FB5D-4F26-BA9D-C6C34A931716}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File
FirewallRules: [TCP Query User{B5A299A4-BC03-4087-93D5-17960A886D52}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File
FirewallRules: [{711A1576-DBCB-44DE-AC34-7F75F765A71E}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{3324C49B-AF81-49E4-A65A-34D01E4AB967}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File
FirewallRules: [UDP Query User{AF782DA4-F34E-4617-80A6-48DA4E9686E2}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File
FirewallRules: [TCP Query User{AB58FED1-6473-4741-B888-21CEFF736010}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File
FirewallRules: [TCP Query User{324EE441-62F0-4718-9736-6713B9A3D840}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [UDP Query User{50C4BFAC-5581-4A69-A3E8-CDF9E3CD4DF2}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [TCP Query User{B56344F2-400C-4447-9DE8-EFC3A6CE8CBA}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
FirewallRules: [UDP Query User{14EEFBB1-31AC-42D4-8C68-E300793B2CA0}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
FirewallRules: [TCP Query User{A8EE502F-DB07-4825-B766-003381E8B1C6}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [UDP Query User{DA5A6993-B4E5-48CF-BA52-BFE848308991}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [TCP Query User{9BF470A1-FBA7-4B56-95DF-672EB8EA48CC}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
FirewallRules: [UDP Query User{C4C60CA7-3AA2-48C2-9EC0-9E4C20798007}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
EmptyTemp:
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• Double-click FRST.exe/FRST64.exe to run it.
• Press the Fix button just once and wait.
  Note: No need to paste the script into FRST.
• Restart the computer if prompted.
• When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
• Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:

• Fixlog.txt
• Let me know how the computer is doing.

[Advertisements]

Couldn't hear it on startup! I've tentavively opened a few programs and windows and I still can't hear it. Fixlog.txt below. Please let me know if you think this has cracked it. If this really is fixed, you have totally saved my sanity and I need to buy you a virtual beer, or a crate of it lol.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-03-2020

Ran by BETH (27-03-2020 17:09:59) Run:1

Running from C:\Users\BETH\Desktop

Loaded Profiles: BETH (Available Profiles: BETH)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

SystemRestore: On

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-259350032-3561555504-2751918716-1001\...\MountPoints2: {5f571127-6f68-11ea-99fa-b05216366f28} - "E:\startme.exe" 

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=MCFFD7245-7BC9-49DC-B424-F05055F63456&SearchSource=55&CUI=&UM=6&UP=SPA78BD1B1-1931-4ADE-8DDA-972D132E8B49&SSPV="

CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <not found>

CHR HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>

2020-03-27 12:08 - 2020-03-27 12:07 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe

AS: AVG Antivirus (Disabled - Out of date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

FirewallRules: [{031844B1-5B4B-4DB0-B173-133C040D4159}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File

FirewallRules: [{6089B0DA-EA15-4C2E-92BB-1E3E2335EBE7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File

FirewallRules: [{966BF1A5-A91B-43E6-BA94-5F8F5C62B5E4}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File

FirewallRules: [{D4A1DFA6-B891-49CB-8D3D-C1FF6537B91C}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File

FirewallRules: [{A1783E92-96B7-4DAF-A4C6-9F08D085D95A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File

FirewallRules: [{FA30F225-E0F4-469C-8071-7A5D28B71F7A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File

FirewallRules: [{B743FC8D-08F0-4D31-A0CE-CC683B9A6E26}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File

FirewallRules: [{7D27C104-060E-4AB2-BEB7-2680D2F4CAED}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File

FirewallRules: [{578E924B-99EB-4966-A056-517A471901A7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File

FirewallRules: [{A62D9C6C-8958-4DFB-A52B-C1E360929F2D}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File

FirewallRules: [UDP Query User{CB432846-FB5D-4F26-BA9D-C6C34A931716}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File

FirewallRules: [TCP Query User{B5A299A4-BC03-4087-93D5-17960A886D52}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File

FirewallRules: [{711A1576-DBCB-44DE-AC34-7F75F765A71E}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File

FirewallRules: [{3324C49B-AF81-49E4-A65A-34D01E4AB967}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File

FirewallRules: [UDP Query User{AF782DA4-F34E-4617-80A6-48DA4E9686E2}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File

FirewallRules: [TCP Query User{AB58FED1-6473-4741-B888-21CEFF736010}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File

FirewallRules: [TCP Query User{324EE441-62F0-4718-9736-6713B9A3D840}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File

FirewallRules: [UDP Query User{50C4BFAC-5581-4A69-A3E8-CDF9E3CD4DF2}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File

FirewallRules: [TCP Query User{B56344F2-400C-4447-9DE8-EFC3A6CE8CBA}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File

FirewallRules: [UDP Query User{14EEFBB1-31AC-42D4-8C68-E300793B2CA0}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File

FirewallRules: [TCP Query User{A8EE502F-DB07-4825-B766-003381E8B1C6}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File

FirewallRules: [UDP Query User{DA5A6993-B4E5-48CF-BA52-BFE848308991}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File

FirewallRules: [TCP Query User{9BF470A1-FBA7-4B56-95DF-672EB8EA48CC}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File

FirewallRules: [UDP Query User{C4C60CA7-3AA2-48C2-9EC0-9E4C20798007}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File

EmptyTemp:

 

*****************

 

SystemRestore: On => completed

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f571127-6f68-11ea-99fa-b05216366f28} => removed successfully

HKLM\SOFTWARE\Policies\Mozilla => removed successfully

"Chrome StartupUrls" => removed successfully

HKLM\SOFTWARE\Google\Chrome\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo => removed successfully

HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Google\Chrome\Extensions\hdkdmoacnkphoadmfidlhfdobieblphn => removed successfully

C:\WINDOWS\system32\avgremoverx.exe => moved successfully

"AS: AVG Antivirus (Disabled - Out of date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}" => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{031844B1-5B4B-4DB0-B173-133C040D4159}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6089B0DA-EA15-4C2E-92BB-1E3E2335EBE7}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{966BF1A5-A91B-43E6-BA94-5F8F5C62B5E4}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4A1DFA6-B891-49CB-8D3D-C1FF6537B91C}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1783E92-96B7-4DAF-A4C6-9F08D085D95A}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA30F225-E0F4-469C-8071-7A5D28B71F7A}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B743FC8D-08F0-4D31-A0CE-CC683B9A6E26}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D27C104-060E-4AB2-BEB7-2680D2F4CAED}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{578E924B-99EB-4966-A056-517A471901A7}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A62D9C6C-8958-4DFB-A52B-C1E360929F2D}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CB432846-FB5D-4F26-BA9D-C6C34A931716}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B5A299A4-BC03-4087-93D5-17960A886D52}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{711A1576-DBCB-44DE-AC34-7F75F765A71E}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3324C49B-AF81-49E4-A65A-34D01E4AB967}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AF782DA4-F34E-4617-80A6-48DA4E9686E2}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AB58FED1-6473-4741-B888-21CEFF736010}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{324EE441-62F0-4718-9736-6713B9A3D840}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{50C4BFAC-5581-4A69-A3E8-CDF9E3CD4DF2}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B56344F2-400C-4447-9DE8-EFC3A6CE8CBA}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{14EEFBB1-31AC-42D4-8C68-E300793B2CA0}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A8EE502F-DB07-4825-B766-003381E8B1C6}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DA5A6993-B4E5-48CF-BA52-BFE848308991}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BF470A1-FBA7-4B56-95DF-672EB8EA48CC}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C4C60CA7-3AA2-48C2-9EC0-9E4C20798007}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 10510336 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45375312 B

Java, Flash, Steam htmlcache => 1144 B

Windows/system/drivers => 272788 B

Edge => 1558068 B

Chrome => 1358710391 B

Firefox => 26259874 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Default => 6656 B

Users => 6656 B

ProgramData => 6656 B

Public => 6656 B

systemprofile => 6656 B

systemprofile32 => 6656 B

LocalService => 40732 B

NetworkService => 43800 B

BETH => 56156352 B

 

RecycleBin => 123034065 B

EmptyTemp: => 1.5 GB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 17:19:02 ====

[zclesa]

Couldn't hear it on startup! I've tentavively opened a few programs and windows and I still can't hear it. Fixlog.txt below. Please let me know if you think this has cracked it. If this really is fixed, you have totally saved my sanity and I need to buy you a virtual beer, or a crate of it lol.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-03-2020

Ran by BETH (27-03-2020 17:09:59) Run:1

Running from C:\Users\BETH\Desktop

Loaded Profiles: BETH (Available Profiles: BETH)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

SystemRestore: On

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-259350032-3561555504-2751918716-1001\...\MountPoints2: {5f571127-6f68-11ea-99fa-b05216366f28} - "E:\startme.exe" 

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=MCFFD7245-7BC9-49DC-B424-F05055F63456&SearchSource=55&CUI=&UM=6&UP=SPA78BD1B1-1931-4ADE-8DDA-972D132E8B49&SSPV="

CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <not found>

CHR HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>

2020-03-27 12:08 - 2020-03-27 12:07 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe

AS: AVG Antivirus (Disabled - Out of date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

FirewallRules: [{031844B1-5B4B-4DB0-B173-133C040D4159}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File

FirewallRules: [{6089B0DA-EA15-4C2E-92BB-1E3E2335EBE7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File

FirewallRules: [{966BF1A5-A91B-43E6-BA94-5F8F5C62B5E4}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File

FirewallRules: [{D4A1DFA6-B891-49CB-8D3D-C1FF6537B91C}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File

FirewallRules: [{A1783E92-96B7-4DAF-A4C6-9F08D085D95A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File

FirewallRules: [{FA30F225-E0F4-469C-8071-7A5D28B71F7A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File

FirewallRules: [{B743FC8D-08F0-4D31-A0CE-CC683B9A6E26}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File

FirewallRules: [{7D27C104-060E-4AB2-BEB7-2680D2F4CAED}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File

FirewallRules: [{578E924B-99EB-4966-A056-517A471901A7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File

FirewallRules: [{A62D9C6C-8958-4DFB-A52B-C1E360929F2D}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File

FirewallRules: [UDP Query User{CB432846-FB5D-4F26-BA9D-C6C34A931716}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File

FirewallRules: [TCP Query User{B5A299A4-BC03-4087-93D5-17960A886D52}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File

FirewallRules: [{711A1576-DBCB-44DE-AC34-7F75F765A71E}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File

FirewallRules: [{3324C49B-AF81-49E4-A65A-34D01E4AB967}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File

FirewallRules: [UDP Query User{AF782DA4-F34E-4617-80A6-48DA4E9686E2}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File

FirewallRules: [TCP Query User{AB58FED1-6473-4741-B888-21CEFF736010}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File

FirewallRules: [TCP Query User{324EE441-62F0-4718-9736-6713B9A3D840}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File

FirewallRules: [UDP Query User{50C4BFAC-5581-4A69-A3E8-CDF9E3CD4DF2}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File

FirewallRules: [TCP Query User{B56344F2-400C-4447-9DE8-EFC3A6CE8CBA}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File

FirewallRules: [UDP Query User{14EEFBB1-31AC-42D4-8C68-E300793B2CA0}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File

FirewallRules: [TCP Query User{A8EE502F-DB07-4825-B766-003381E8B1C6}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File

FirewallRules: [UDP Query User{DA5A6993-B4E5-48CF-BA52-BFE848308991}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File

FirewallRules: [TCP Query User{9BF470A1-FBA7-4B56-95DF-672EB8EA48CC}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File

FirewallRules: [UDP Query User{C4C60CA7-3AA2-48C2-9EC0-9E4C20798007}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File

EmptyTemp:

 

*****************

 

SystemRestore: On => completed

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f571127-6f68-11ea-99fa-b05216366f28} => removed successfully

HKLM\SOFTWARE\Policies\Mozilla => removed successfully

"Chrome StartupUrls" => removed successfully

HKLM\SOFTWARE\Google\Chrome\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo => removed successfully

HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Google\Chrome\Extensions\hdkdmoacnkphoadmfidlhfdobieblphn => removed successfully

C:\WINDOWS\system32\avgremoverx.exe => moved successfully

"AS: AVG Antivirus (Disabled - Out of date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}" => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{031844B1-5B4B-4DB0-B173-133C040D4159}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6089B0DA-EA15-4C2E-92BB-1E3E2335EBE7}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{966BF1A5-A91B-43E6-BA94-5F8F5C62B5E4}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4A1DFA6-B891-49CB-8D3D-C1FF6537B91C}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1783E92-96B7-4DAF-A4C6-9F08D085D95A}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA30F225-E0F4-469C-8071-7A5D28B71F7A}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B743FC8D-08F0-4D31-A0CE-CC683B9A6E26}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D27C104-060E-4AB2-BEB7-2680D2F4CAED}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{578E924B-99EB-4966-A056-517A471901A7}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A62D9C6C-8958-4DFB-A52B-C1E360929F2D}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CB432846-FB5D-4F26-BA9D-C6C34A931716}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B5A299A4-BC03-4087-93D5-17960A886D52}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{711A1576-DBCB-44DE-AC34-7F75F765A71E}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3324C49B-AF81-49E4-A65A-34D01E4AB967}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AF782DA4-F34E-4617-80A6-48DA4E9686E2}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AB58FED1-6473-4741-B888-21CEFF736010}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{324EE441-62F0-4718-9736-6713B9A3D840}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{50C4BFAC-5581-4A69-A3E8-CDF9E3CD4DF2}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B56344F2-400C-4447-9DE8-EFC3A6CE8CBA}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{14EEFBB1-31AC-42D4-8C68-E300793B2CA0}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A8EE502F-DB07-4825-B766-003381E8B1C6}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DA5A6993-B4E5-48CF-BA52-BFE848308991}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BF470A1-FBA7-4B56-95DF-672EB8EA48CC}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C4C60CA7-3AA2-48C2-9EC0-9E4C20798007}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 10510336 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45375312 B

Java, Flash, Steam htmlcache => 1144 B

Windows/system/drivers => 272788 B

Edge => 1558068 B

Chrome => 1358710391 B

Firefox => 26259874 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Default => 6656 B

Users => 6656 B

ProgramData => 6656 B

Public => 6656 B

systemprofile => 6656 B

systemprofile32 => 6656 B

LocalService => 40732 B

NetworkService => 43800 B

BETH => 56156352 B

 

RecycleBin => 123034065 B

EmptyTemp: => 1.5 GB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 17:19:02 ====

[icotonev]

Hello zclesa ..! Wonderfully...!  To control ..:

 

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

---------------------------------------------------

In your next reply, please include:

 

• ESET log

 

 

[zclesa]

Whew, finally done.

 

Eset txt log below

 

27/03/2020 22:53:48

Files scanned: 731175

Detected files: 9

Cleaned files: 9

Total scan time 04:56:32

Scan status: Finished

 

 

C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-blockchain-export.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting

C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-blockchain-import.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting

C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-cli.exe a variant of Win64/CoinMiner.GH potentially unwanted application cleaned by deleting

C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe a variant of Win64/CoinMiner.KD potentially unwanted application cleaned by deleting

C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-rpc.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting

C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monerod.exe a variant of Win64/CoinMiner.GG potentially unwanted application cleaned by deleting

C:\Program Files (x86)\VirtualDub-1.10.4\plugins32\FFDSHOW.exe Win32/InstallCore.Gen.A potentially unwanted application cleaned by deleting

C:\Windows\Installer\9cbfe17.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted

C:\Windows.old\WINDOWS\Temp\asw.c8d542ed6d89c2cb\New_14010c28\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted

[icotonev]

Hello zclesa ..! Let me know how the computer is doing...?

[zclesa]

Hey Icotonev. The weird noise which was driving me mad still hasn't reappeared!   So far everything else seems cool as well. Thank you sooooo much! Is this fixed now? Anything else I should do? Apart from thank you a thousand times....

[icotonev]

If all is well..:

 

The following will remove the tools we used as well as reset system restore points:

 

KpRm

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• When the tool opens, ensure all boxes are checked, and select Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

 

Observe your computer for a while ... and if you have something to write ..!   Safe surfing ..! 

[zclesa]

# Run at 28/03/2020 09:21:20

# KpRm (Kernel-panik) version 2.8

# Website https://kernel-panik.me/tool/kprm/

# Run by BETH from C:\Users\BETH\Desktop

# Computer Name: DESKTOP-RRNF5R7

# OS: Windows 10 X64 (18363) 

# Number of passes: 1

 

- Checked options -

 

    ~ Registry Backup

    ~ Delete Tools

    ~ Restore System Settings

    ~ UAC Restore

    ~ Delete Restore Points

    ~ Create Restore Point

    ~ Delete Quarantines

 

- Create Registry Backup -

 

   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up

   ~ [OK] Hive C:\Users\BETH\NTUSER.dat backed up

 

     [OK] Registry Backup: C:\KPRM\backup\2020-03-28-09-21-19

 

- Delete Tools -

 

 

  ## Autoruns

     [OK] C:\Users\BETH\Desktop\autoruns.exe deleted

 

  ## ESET Online Scanner

     [OK] C:\Users\BETH\Desktop\ESET Online Scanner.lnk deleted

     [OK] C:\Users\BETH\Desktop\esetonlinescanner_enu.exe deleted

     [R] C:\Users\BETH\AppData\Local\ESET\ESETOnlineScanner deleted

 

  ## FRST

     [OK] C:\Users\BETH\Desktop\Addition.txt deleted

     [OK] C:\Users\BETH\Desktop\Fixlog.txt deleted

     [OK] C:\Users\BETH\Desktop\FRST-OlderVersion deleted

     [OK] C:\Users\BETH\Desktop\FRST.txt deleted

     [OK] C:\Users\BETH\Desktop\FRST64.exe deleted

     [OK] C:\FRST deleted

 

- Restore System Settings -

 

     [OK] Reset WinSock

     [OK] FLUSHDNS

     [OK] Hide Hidden file.

     [OK] Show Extensions for known file types

     [OK] Hide protected operating system files

 

- Restore UAC -

 

     [OK] Set EnableLUA with default (1) value

     [OK] Set ConsentPromptBehaviorAdmin with default (5) value

     [OK] Set ConsentPromptBehaviorUser with default (3) value

     [OK] Set EnableInstallerDetection with default (0) value

     [OK] Set EnableSecureUIAPaths with default (1) value

     [OK] Set EnableUIADesktopToggle with default (0) value

     [OK] Set EnableVirtualization with default (1) value

     [OK] Set FilterAdministratorToken with default (0) value

     [OK] Set PromptOnSecureDesktop with default (1) value

     [OK] Set ValidateAdminCodeSignatures with default (0) value

 

- Clear Restore Points -

 

     [I] No system recovery points were found

 

- Create Restore Point -

 

     [OK] System Restore Point created

 

- Display System Restore Point -

 

   ~ [I] RP named KpRm created at 03/28/2020 09:21:54

 

-- KPRM finished in 53.48s --

 

 

- Need to Restart -

[zclesa]

All good, yes? Thank you so much. I can't believe how incredibly helpful you've been. 

[icotonev]

Thank you so much ..!

[icotonev]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.