Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Such a weird one with random unkown music playing on my PC [Solved]

youtube music volume bing

  • This topic is locked This topic is locked

#16
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 135 posts

Farbar Recovery Scan Tool - Fix
 

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-259350032-3561555504-2751918716-1001\...\MountPoints2: {5f571127-6f68-11ea-99fa-b05216366f28} - "E:\startme.exe" 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=MCFFD7245-7BC9-49DC-B424-F05055F63456&SearchSource=55&CUI=&UM=6&UP=SPA78BD1B1-1931-4ADE-8DDA-972D132E8B49&SSPV="
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <not found>
CHR HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>
2020-03-27 12:08 - 2020-03-27 12:07 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
AS: AVG Antivirus (Disabled - Out of date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FirewallRules: [{031844B1-5B4B-4DB0-B173-133C040D4159}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File
FirewallRules: [{6089B0DA-EA15-4C2E-92BB-1E3E2335EBE7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File
FirewallRules: [{966BF1A5-A91B-43E6-BA94-5F8F5C62B5E4}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D4A1DFA6-B891-49CB-8D3D-C1FF6537B91C}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File
FirewallRules: [{A1783E92-96B7-4DAF-A4C6-9F08D085D95A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File
FirewallRules: [{FA30F225-E0F4-469C-8071-7A5D28B71F7A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B743FC8D-08F0-4D31-A0CE-CC683B9A6E26}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File
FirewallRules: [{7D27C104-060E-4AB2-BEB7-2680D2F4CAED}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File
FirewallRules: [{578E924B-99EB-4966-A056-517A471901A7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File
FirewallRules: [{A62D9C6C-8958-4DFB-A52B-C1E360929F2D}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File
FirewallRules: [UDP Query User{CB432846-FB5D-4F26-BA9D-C6C34A931716}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File
FirewallRules: [TCP Query User{B5A299A4-BC03-4087-93D5-17960A886D52}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File
FirewallRules: [{711A1576-DBCB-44DE-AC34-7F75F765A71E}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{3324C49B-AF81-49E4-A65A-34D01E4AB967}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File
FirewallRules: [UDP Query User{AF782DA4-F34E-4617-80A6-48DA4E9686E2}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File
FirewallRules: [TCP Query User{AB58FED1-6473-4741-B888-21CEFF736010}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File
FirewallRules: [TCP Query User{324EE441-62F0-4718-9736-6713B9A3D840}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [UDP Query User{50C4BFAC-5581-4A69-A3E8-CDF9E3CD4DF2}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [TCP Query User{B56344F2-400C-4447-9DE8-EFC3A6CE8CBA}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
FirewallRules: [UDP Query User{14EEFBB1-31AC-42D4-8C68-E300793B2CA0}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
FirewallRules: [TCP Query User{A8EE502F-DB07-4825-B766-003381E8B1C6}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [UDP Query User{DA5A6993-B4E5-48CF-BA52-BFE848308991}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [TCP Query User{9BF470A1-FBA7-4B56-95DF-672EB8EA48CC}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
FirewallRules: [UDP Query User{C4C60CA7-3AA2-48C2-9EC0-9E4C20798007}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
EmptyTemp:
End::


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:

  • Fixlog.txt
  • Let me know how the computer is doing.

  • 0

Advertisements


#17
zclesa

zclesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Couldn't hear it on startup! I've tentavively opened a few programs and windows and I still can't hear it. :) Fixlog.txt below. Please let me know if you think this has cracked it. If this really is fixed, you have totally saved my sanity and I need to buy you a virtual beer, or a crate of it lol.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-03-2020
Ran by BETH (27-03-2020 17:09:59) Run:1
Running from C:\Users\BETH\Desktop
Loaded Profiles: BETH (Available Profiles: BETH)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-259350032-3561555504-2751918716-1001\...\MountPoints2: {5f571127-6f68-11ea-99fa-b05216366f28} - "E:\startme.exe" 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=MCFFD7245-7BC9-49DC-B424-F05055F63456&SearchSource=55&CUI=&UM=6&UP=SPA78BD1B1-1931-4ADE-8DDA-972D132E8B49&SSPV="
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <not found>
CHR HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>
2020-03-27 12:08 - 2020-03-27 12:07 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
AS: AVG Antivirus (Disabled - Out of date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FirewallRules: [{031844B1-5B4B-4DB0-B173-133C040D4159}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File
FirewallRules: [{6089B0DA-EA15-4C2E-92BB-1E3E2335EBE7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS4616\HPDiagnosticCoreUI.exe No File
FirewallRules: [{966BF1A5-A91B-43E6-BA94-5F8F5C62B5E4}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D4A1DFA6-B891-49CB-8D3D-C1FF6537B91C}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2F17\HPDiagnosticCoreUI.exe No File
FirewallRules: [{A1783E92-96B7-4DAF-A4C6-9F08D085D95A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File
FirewallRules: [{FA30F225-E0F4-469C-8071-7A5D28B71F7A}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS2E32\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B743FC8D-08F0-4D31-A0CE-CC683B9A6E26}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File
FirewallRules: [{7D27C104-060E-4AB2-BEB7-2680D2F4CAED}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS18C7\HPDiagnosticCoreUI.exe No File
FirewallRules: [{578E924B-99EB-4966-A056-517A471901A7}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File
FirewallRules: [{A62D9C6C-8958-4DFB-A52B-C1E360929F2D}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS17F9\HPDiagnosticCoreUI.exe No File
FirewallRules: [UDP Query User{CB432846-FB5D-4F26-BA9D-C6C34A931716}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File
FirewallRules: [TCP Query User{B5A299A4-BC03-4087-93D5-17960A886D52}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe] => (Allow) C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe No File
FirewallRules: [{711A1576-DBCB-44DE-AC34-7F75F765A71E}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{3324C49B-AF81-49E4-A65A-34D01E4AB967}] => (Allow) C:\Users\BETH\AppData\Local\Temp\7zS059C\HPDiagnosticCoreUI.exe No File
FirewallRules: [UDP Query User{AF782DA4-F34E-4617-80A6-48DA4E9686E2}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File
FirewallRules: [TCP Query User{AB58FED1-6473-4741-B888-21CEFF736010}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\beth\appdata\roaming\sky\sky go\sky go.exe No File
FirewallRules: [TCP Query User{324EE441-62F0-4718-9736-6713B9A3D840}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [UDP Query User{50C4BFAC-5581-4A69-A3E8-CDF9E3CD4DF2}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [TCP Query User{B56344F2-400C-4447-9DE8-EFC3A6CE8CBA}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
FirewallRules: [UDP Query User{14EEFBB1-31AC-42D4-8C68-E300793B2CA0}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
FirewallRules: [TCP Query User{A8EE502F-DB07-4825-B766-003381E8B1C6}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [UDP Query User{DA5A6993-B4E5-48CF-BA52-BFE848308991}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe No File
FirewallRules: [TCP Query User{9BF470A1-FBA7-4B56-95DF-672EB8EA48CC}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
FirewallRules: [UDP Query User{C4C60CA7-3AA2-48C2-9EC0-9E4C20798007}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe] => (Allow) F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe No File
EmptyTemp:
 
*****************
 
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f571127-6f68-11ea-99fa-b05216366f28} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"Chrome StartupUrls" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo => removed successfully
HKU\S-1-5-21-259350032-3561555504-2751918716-1001\SOFTWARE\Google\Chrome\Extensions\hdkdmoacnkphoadmfidlhfdobieblphn => removed successfully
C:\WINDOWS\system32\avgremoverx.exe => moved successfully
"AS: AVG Antivirus (Disabled - Out of date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{031844B1-5B4B-4DB0-B173-133C040D4159}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6089B0DA-EA15-4C2E-92BB-1E3E2335EBE7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{966BF1A5-A91B-43E6-BA94-5F8F5C62B5E4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4A1DFA6-B891-49CB-8D3D-C1FF6537B91C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1783E92-96B7-4DAF-A4C6-9F08D085D95A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA30F225-E0F4-469C-8071-7A5D28B71F7A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B743FC8D-08F0-4D31-A0CE-CC683B9A6E26}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D27C104-060E-4AB2-BEB7-2680D2F4CAED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{578E924B-99EB-4966-A056-517A471901A7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A62D9C6C-8958-4DFB-A52B-C1E360929F2D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CB432846-FB5D-4F26-BA9D-C6C34A931716}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B5A299A4-BC03-4087-93D5-17960A886D52}C:\users\beth\desktop\sdio_update\sdio_x64_r701.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{711A1576-DBCB-44DE-AC34-7F75F765A71E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3324C49B-AF81-49E4-A65A-34D01E4AB967}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AF782DA4-F34E-4617-80A6-48DA4E9686E2}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AB58FED1-6473-4741-B888-21CEFF736010}C:\users\beth\appdata\roaming\sky\sky go\sky go.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{324EE441-62F0-4718-9736-6713B9A3D840}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{50C4BFAC-5581-4A69-A3E8-CDF9E3CD4DF2}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B56344F2-400C-4447-9DE8-EFC3A6CE8CBA}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{14EEFBB1-31AC-42D4-8C68-E300793B2CA0}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A8EE502F-DB07-4825-B766-003381E8B1C6}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DA5A6993-B4E5-48CF-BA52-BFE848308991}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monerod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BF470A1-FBA7-4B56-95DF-672EB8EA48CC}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C4C60CA7-3AA2-48C2-9EC0-9E4C20798007}F:\documents\crypto\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45375312 B
Java, Flash, Steam htmlcache => 1144 B
Windows/system/drivers => 272788 B
Edge => 1558068 B
Chrome => 1358710391 B
Firefox => 26259874 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 40732 B
NetworkService => 43800 B
BETH => 56156352 B
 
RecycleBin => 123034065 B
EmptyTemp: => 1.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:19:02 ====

  • 0

#18
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 135 posts

Hello zclesa ..! Wonderfully...!  :) To control ..:

 

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

---------------------------------------------------

In your next reply, please include:

 

  • ESET log

 

 


  • 0

#19
zclesa

zclesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Whew, finally done.

 

Eset txt log below

 

27/03/2020 22:53:48
Files scanned: 731175
Detected files: 9
Cleaned files: 9
Total scan time 04:56:32
Scan status: Finished
 
 
C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-blockchain-export.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting
C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-blockchain-import.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting
C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-cli.exe a variant of Win64/CoinMiner.GH potentially unwanted application cleaned by deleting
C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-gui.exe a variant of Win64/CoinMiner.KD potentially unwanted application cleaned by deleting
C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monero-wallet-rpc.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting
C:\Program Files (x86)\monero-gui-win-x64-v0.10.3.1\monero-gui-0.10.3.1-beta2\monerod.exe a variant of Win64/CoinMiner.GG potentially unwanted application cleaned by deleting
C:\Program Files (x86)\VirtualDub-1.10.4\plugins32\FFDSHOW.exe Win32/InstallCore.Gen.A potentially unwanted application cleaned by deleting
C:\Windows\Installer\9cbfe17.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
C:\Windows.old\WINDOWS\Temp\asw.c8d542ed6d89c2cb\New_14010c28\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted

  • 0

#20
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 135 posts

Hello zclesa ..! Let me know how the computer is doing...?


  • 0

#21
zclesa

zclesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hey Icotonev. The weird noise which was driving me mad still hasn't reappeared!  :yeah: So far everything else seems cool as well. Thank you sooooo much! Is this fixed now? Anything else I should do? Apart from thank you a thousand times....


  • 0

#22
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 135 posts

If all is well..:

 

The following will remove the tools we used as well as reset system restore points:

 

KpRm


Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

 

Observe your computer for a while ... and if you have something to write ..!   Safe surfing ..!  :)


  • 0

#23
zclesa

zclesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
# Run at 28/03/2020 09:21:20
# KpRm (Kernel-panik) version 2.8
# Run by BETH from C:\Users\BETH\Desktop
# Computer Name: DESKTOP-RRNF5R7
# OS: Windows 10 X64 (18363) 
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\BETH\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2020-03-28-09-21-19
 
- Delete Tools -
 
 
  ## Autoruns
     [OK] C:\Users\BETH\Desktop\autoruns.exe deleted
 
  ## ESET Online Scanner
     [OK] C:\Users\BETH\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\BETH\Desktop\esetonlinescanner_enu.exe deleted
     [R] C:\Users\BETH\AppData\Local\ESET\ESETOnlineScanner deleted
 
  ## FRST
     [OK] C:\Users\BETH\Desktop\Addition.txt deleted
     [OK] C:\Users\BETH\Desktop\Fixlog.txt deleted
     [OK] C:\Users\BETH\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\BETH\Desktop\FRST.txt deleted
     [OK] C:\Users\BETH\Desktop\FRST64.exe deleted
     [OK] C:\FRST deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
     [I] No system recovery points were found
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 03/28/2020 09:21:54
 
-- KPRM finished in 53.48s --
 
 
- Need to Restart -

  • 0

#24
zclesa

zclesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

All good, yes? Thank you so much. I can't believe how incredibly helpful you've been. 


  • 0

#25
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 135 posts

Thank you so much ..! :)


  • 1

Advertisements


#26
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 135 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: youtube, music, volume, bing

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP