[Yisroel]

Hi moondog830,

All is going in a great direction. We've cleaned up all the stuff, let's do some additional scans to make sure we're good and then we could declare it all clean!

1 - Scan with Malwarebytes

• Download Malwarebytes to your Desktop
• Double-click the file to open it. Install the program.
• Follow the instruction given on screen.
• Once installed, launch Malwarebytes from your Desktop.
• Click Settings>Protection
• Make sure that "scan for rootkits" option under Scan Options is On
  
• Go back to Dashboard and click the big, blue Scan Now button.
• Wait for Malwarebytes to finish the scan
• If the program will detect anything it will list it in the Scan Results window. Click Quarantine Selected. The program might want to reboot the system. Allow it if it wants to.
• Once the deletion is done (or after reboot) go to Reports, select the latest Scan Log.
• Click View Report, then click Export then click Copy to Clipboard.
• Paste (CTRL+V) the log into your next reply.

2 - Scan with ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

• Temporarily disable your antivrus protection: Right-click on the avast! icon in system tray, Select avast! shields control and choose the option to disable avast permenetly.
• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Re-enable the Avast antivrus by Right-clicking on the avast! icon in system tray and in the avast! shields control choose to enable.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

[Advertisements]

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 9/15/19

Scan Time: 10:03 AM

Log File: 9a158906-d7c1-11e9-a7d8-2c59e5a50239.json

 

-Software Information-

Version: 3.8.3.2965

Components Version: 1.0.625

Update Package Version: 1.0.12485

License: Trial

 

-System Information-

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Newman-HP-2000\Harvey

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 230786

Threats Detected: 14

Threats Quarantined: 14

Time Elapsed: 14 min, 59 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 4

PUP.Optional.Jawego, HKLM\SOFTWARE\QXV0by1QQy1DbGVhbmVyMjAxOQ==, Quarantined, [629], [534889],1.0.12485

PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Empire0, Quarantined, [3893], [597957],1.0.12485

PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Empire1, Quarantined, [3893], [597957],1.0.12485

PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Empire2, Quarantined, [3893], [597957],1.0.12485

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 10

Generic.Malware/Suspicious, C:\USERS\HARVEY\DOWNLOADS\HPSET_2017.11.14.02.EXE, Quarantined, [0], [392686],1.0.12485

PUP.Optional.WinZipMalwareProtector, C:\USERS\HARVEY\DOWNLOADS\WZMP_24 (1).EXE, Quarantined, [12885], [627246],1.0.12485

PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (2).EXE, Quarantined, [4223], [462815],1.0.12485

Generic.Malware/Suspicious, C:\USERS\HARVEY\APPDATA\LOCAL\YAHOO\YSET\WEBEXT_DL.EXE, Quarantined, [0], [392686],1.0.12485

PUP.Optional.MindSpark, C:\USERS\HARVEY\DESKTOP\TRACE, Quarantined, [649], [301125],1.0.12485

PUP.Optional.WinZipMalwareProtector, C:\USERS\HARVEY\DOWNLOADS\WZMP_24.EXE, Quarantined, [12885], [627246],1.0.12485

PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (3).EXE, Quarantined, [4223], [462815],1.0.12485

Generic.Malware/Suspicious, C:\USERS\HARVEY\DOWNLOADS\HPSET_2018.06.28.01.EXE, Quarantined, [0], [392686],1.0.12485

PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (1).EXE, Quarantined, [4223], [462815],1.0.12485

PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4.EXE, Quarantined, [4223], [462815],1.0.12485

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

 

9/15/2019 19:41:35 PM

Files scanned: 224895

Infected files: 29

Cleaned threats: 27

Total scan time 01:55:46

Scan status: Finished

C:\AdwCleaner\Quarantine\v1\20190911.204017\25\WinZip Driver Updater\trz2051.tmp#A4472C1BCB3DE19F a variant of Win64/DriverReviver.A potentially unwanted application cleaned by deleting

 

C:\AdwCleaner\Quarantine\v1\20190911.204017\38\AUTO-PC-CLEANER2019 FOR NEWMAN-HP-2000\offers\a_p_t.exe#290F1B6600FB1A53 a variant of MSIL/GT32SupportGeeks.O potentially unwanted application cleaned by deleting

 

C:\AdwCleaner\Quarantine\v1\20190911.204017\54\RelevantKnowledge\rlservice.exe#08C012A6341A81BC a variant of Win32/Adware.RK application cleaned by deleting

 

C:\FRST\Quarantine\C\Program Files (x86)\DigitalTrailEHF\ie.exe a variant of Win32/Adware.OpenSUpdater.DQ application cleaned by deleting

 

C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-954.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

C:\Program Files (x86)\Internet Explorer\00003467.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Program Files (x86)\Internet Explorer\00021963.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Program Files (x86)\Internet Explorer\00025953.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00000805.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00001313.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00004801.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00005824.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00007022.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00008516.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00010943.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00015911.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00017444.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00018643.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00018701.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00018721.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00018853.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00020228.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00020670.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00026114.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00027537.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00028251.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Yahoo\yset\YSearchUtil.dll a variant of Win32/YahooSearch.C potentially unwanted application cleaned by deleting

 

C:\Users\Harvey\Downloads\hpset_2017.09.01.01.exe a variant of Win32/YahooSearch.C potentially unwanted application cleaned by deleting

 

[moondog830]

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 9/15/19

Scan Time: 10:03 AM

Log File: 9a158906-d7c1-11e9-a7d8-2c59e5a50239.json

 

-Software Information-

Version: 3.8.3.2965

Components Version: 1.0.625

Update Package Version: 1.0.12485

License: Trial

 

-System Information-

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Newman-HP-2000\Harvey

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 230786

Threats Detected: 14

Threats Quarantined: 14

Time Elapsed: 14 min, 59 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 4

PUP.Optional.Jawego, HKLM\SOFTWARE\QXV0by1QQy1DbGVhbmVyMjAxOQ==, Quarantined, [629], [534889],1.0.12485

PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Empire0, Quarantined, [3893], [597957],1.0.12485

PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Empire1, Quarantined, [3893], [597957],1.0.12485

PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Empire2, Quarantined, [3893], [597957],1.0.12485

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 10

Generic.Malware/Suspicious, C:\USERS\HARVEY\DOWNLOADS\HPSET_2017.11.14.02.EXE, Quarantined, [0], [392686],1.0.12485

PUP.Optional.WinZipMalwareProtector, C:\USERS\HARVEY\DOWNLOADS\WZMP_24 (1).EXE, Quarantined, [12885], [627246],1.0.12485

PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (2).EXE, Quarantined, [4223], [462815],1.0.12485

Generic.Malware/Suspicious, C:\USERS\HARVEY\APPDATA\LOCAL\YAHOO\YSET\WEBEXT_DL.EXE, Quarantined, [0], [392686],1.0.12485

PUP.Optional.MindSpark, C:\USERS\HARVEY\DESKTOP\TRACE, Quarantined, [649], [301125],1.0.12485

PUP.Optional.WinZipMalwareProtector, C:\USERS\HARVEY\DOWNLOADS\WZMP_24.EXE, Quarantined, [12885], [627246],1.0.12485

PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (3).EXE, Quarantined, [4223], [462815],1.0.12485

Generic.Malware/Suspicious, C:\USERS\HARVEY\DOWNLOADS\HPSET_2018.06.28.01.EXE, Quarantined, [0], [392686],1.0.12485

PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (1).EXE, Quarantined, [4223], [462815],1.0.12485

PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4.EXE, Quarantined, [4223], [462815],1.0.12485

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

 

9/15/2019 19:41:35 PM

Files scanned: 224895

Infected files: 29

Cleaned threats: 27

Total scan time 01:55:46

Scan status: Finished

C:\AdwCleaner\Quarantine\v1\20190911.204017\25\WinZip Driver Updater\trz2051.tmp#A4472C1BCB3DE19F a variant of Win64/DriverReviver.A potentially unwanted application cleaned by deleting

 

C:\AdwCleaner\Quarantine\v1\20190911.204017\38\AUTO-PC-CLEANER2019 FOR NEWMAN-HP-2000\offers\a_p_t.exe#290F1B6600FB1A53 a variant of MSIL/GT32SupportGeeks.O potentially unwanted application cleaned by deleting

 

C:\AdwCleaner\Quarantine\v1\20190911.204017\54\RelevantKnowledge\rlservice.exe#08C012A6341A81BC a variant of Win32/Adware.RK application cleaned by deleting

 

C:\FRST\Quarantine\C\Program Files (x86)\DigitalTrailEHF\ie.exe a variant of Win32/Adware.OpenSUpdater.DQ application cleaned by deleting

 

C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-954.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

C:\Program Files (x86)\Internet Explorer\00003467.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Program Files (x86)\Internet Explorer\00021963.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Program Files (x86)\Internet Explorer\00025953.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00000805.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00001313.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00004801.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00005824.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00007022.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00008516.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00010943.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00015911.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00017444.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00018643.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00018701.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00018721.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00018853.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00020228.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00020670.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00026114.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00027537.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Facebook\Games\00028251.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting

 

C:\Users\Harvey\AppData\Local\Yahoo\yset\YSearchUtil.dll a variant of Win32/YahooSearch.C potentially unwanted application cleaned by deleting

 

C:\Users\Harvey\Downloads\hpset_2017.09.01.01.exe a variant of Win32/YahooSearch.C potentially unwanted application cleaned by deleting

 

[Yisroel]

Congratulations! You now appear to be clean

Now let's do some housekeeping... I will remove my tools and give some safety recommendations, which you should share with the computer owner...

Tools Removal and Creation of a clean restore point

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• When the tool opens, ensure all boxes are checked and select Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

• If present, delete any other .bat, .log, .reg, .txt, and any other files created or downloaded during this process, and left on the desktop.
• I recommend keeping Malwarebytes Anti-Malware installed, it is a great addition to a normal antivirus program. Make sure to update it and run it from time to time. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a Trojan, come see us.

Tips, Information, and Optional Installations

• For general information about computer security and how to protect yourself when on the internet, I recommend you to read this guide Best Practices for Safe Computing
• Use an efficient multi-purpose blocker that is lightweight on RAM and CPU usage like uBlock Origin (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera, and most Chromium and Firefox-based browsers)
• Make sure to use strong passwords (see How to create a strong password. There are password managers (for example, LastPass) that can help you use secure passwords, and keep track of them.

Keeping Programs Updated

Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep the software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.

Unchecky

Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along with search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

• Download Unchecky to your desktop
• Right click on the Unchecky_setup and choose to Run as Administrator.
• Once open click the Install button.
• Then click on Finish

Unchecky is now installed and will help you keep unwanted check boxes unchecked


In your next post

KpRm Log

[moondog830]

will get this done tonight ... took my wife out to dinner last night for a change 

[Yisroel]

will get this done tonight ... took my wife out to dinner last night for a change

Family always comes before friends!   

Thanks for letting us know.

[moondog830]

# Run at 9/18/2019 7:46:54 PM

# KpRm (Kernel-panik) version 1.9

# Website https://kernel-panik.me/tool/kprm/

# Run by Harvey from C:\Users\Harvey\Desktop

# Computer Name: NEWMAN-HP-2000

# OS: Windows 8.1 X64 (9600) 

 

- Create Registry Backup -

 

  [OK] Registry Backup: C:\KPRM\backup\2019-09-18-19-46

 

- Search Tools -

 

 

  ## AdwCleaner

     [OK] C:\Users\Harvey\Desktop\adwcleaner_7.4.1.exe deleted (1)

     [OK] C:\AdwCleaner deleted (1)

 

  ## ESET Online Scanner

     [OK] C:\Users\Harvey\Desktop\esetonlinescanner_enu.exe deleted (1)

 

  ## FRST

     [OK] C:\Users\Harvey\Desktop\Addition.txt deleted (1)

     [OK] C:\Users\Harvey\Desktop\Fixlog.txt deleted (1)

     [OK] C:\Users\Harvey\Desktop\FRST-OlderVersion deleted (1)

     [OK] C:\Users\Harvey\Desktop\FRST.txt deleted (1)

     [OK] C:\Users\Harvey\Desktop\FRST64.exe deleted (1)

     [OK] C:\FRST deleted (1)

 

- Restore Default System Settings -

 

  [OK] Flush DNS

  [OK] Reset WinSock

  [OK] Hide Hidden file.

  [OK] Show Extensions for known file types

  [OK] Hide protected operating system files

 

- Restore UAC Default Value -

 

  [OK] Set ConsentPromptBehaviorAdmin with default (5) value

  [OK] Set ConsentPromptBehaviorUser with default (3) value

  [OK] Set EnableInstallerDetection with default (0) value

  [OK] Set EnableLUA with default (1) value

  [OK] Set EnableSecureUIAPaths with default (1) value

  [OK] Set EnableUIADesktopToggle with default (0) value

  [OK] Set EnableVirtualization with default (1) value

  [OK] Set FilterAdministratorToken with default (0) value

  [OK] Set PromptOnSecureDesktop with default (1) value

  [OK] Set ValidateAdminCodeSignatures with default (0) value

 

- Clear All System Restore Points -

 

    ~ [OK] RP named Windows Update created at 08/19/2019 20:13:53 deleted

    ~ [OK] RP named Windows Update created at 09/01/2019 15:56:47 deleted

    ~ [OK] RP named Removed DriverUpdate created at 09/08/2019 13:40:37 deleted

    ~ [OK] RP named Restore Point Created by FRST created at 09/08/2019 17:37:55 deleted

    ~ [OK] RP named Windows Update created at 09/15/2019 17:30:29 deleted

 

  [OK] All system restore points have been successfully deleted

 

- Create New System Restore Point -

 

  [OK] Enable System Restore

  [OK] System Restore Point created

 

- Display All System Restore Point -

 

    ~ [I] RP named KpRm created at 09/18/2019 23:53:29 found

 

 

will get Unchecky for my friend ... most older people tend to click on things they shouldn't

 

AGAIN ... thank you so much for your help

[moondog830]

# Run at 9/18/2019 7:46:54 PM

# KpRm (Kernel-panik) version 1.9

# Website https://kernel-panik.me/tool/kprm/

# Run by Harvey from C:\Users\Harvey\Desktop

# Computer Name: NEWMAN-HP-2000

# OS: Windows 8.1 X64 (9600) 

 

- Create Registry Backup -

 

  [OK] Registry Backup: C:\KPRM\backup\2019-09-18-19-46

 

- Search Tools -

 

 

  ## AdwCleaner

     [OK] C:\Users\Harvey\Desktop\adwcleaner_7.4.1.exe deleted (1)

     [OK] C:\AdwCleaner deleted (1)

 

  ## ESET Online Scanner

     [OK] C:\Users\Harvey\Desktop\esetonlinescanner_enu.exe deleted (1)

 

  ## FRST

     [OK] C:\Users\Harvey\Desktop\Addition.txt deleted (1)

     [OK] C:\Users\Harvey\Desktop\Fixlog.txt deleted (1)

     [OK] C:\Users\Harvey\Desktop\FRST-OlderVersion deleted (1)

     [OK] C:\Users\Harvey\Desktop\FRST.txt deleted (1)

     [OK] C:\Users\Harvey\Desktop\FRST64.exe deleted (1)

     [OK] C:\FRST deleted (1)

 

- Restore Default System Settings -

 

  [OK] Flush DNS

  [OK] Reset WinSock

  [OK] Hide Hidden file.

  [OK] Show Extensions for known file types

  [OK] Hide protected operating system files

 

- Restore UAC Default Value -

 

  [OK] Set ConsentPromptBehaviorAdmin with default (5) value

  [OK] Set ConsentPromptBehaviorUser with default (3) value

  [OK] Set EnableInstallerDetection with default (0) value

  [OK] Set EnableLUA with default (1) value

  [OK] Set EnableSecureUIAPaths with default (1) value

  [OK] Set EnableUIADesktopToggle with default (0) value

  [OK] Set EnableVirtualization with default (1) value

  [OK] Set FilterAdministratorToken with default (0) value

  [OK] Set PromptOnSecureDesktop with default (1) value

  [OK] Set ValidateAdminCodeSignatures with default (0) value

 

- Clear All System Restore Points -

 

    ~ [OK] RP named Windows Update created at 08/19/2019 20:13:53 deleted

    ~ [OK] RP named Windows Update created at 09/01/2019 15:56:47 deleted

    ~ [OK] RP named Removed DriverUpdate created at 09/08/2019 13:40:37 deleted

    ~ [OK] RP named Restore Point Created by FRST created at 09/08/2019 17:37:55 deleted

    ~ [OK] RP named Windows Update created at 09/15/2019 17:30:29 deleted

 

  [OK] All system restore points have been successfully deleted

 

- Create New System Restore Point -

 

  [OK] Enable System Restore

  [OK] System Restore Point created

 

- Display All System Restore Point -

 

    ~ [I] RP named KpRm created at 09/18/2019 23:53:29 found

 

 

will get Unchecky for my friend ... most older people tend to click on things they shouldn't

 

AGAIN ... thank you so much for your help

[Yisroel]

AGAIN ... thank you so much for your help

You're very welcome! Happy to help 

[iMacg3]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.