What happened was, it had written the file to the LocalAdmin account that had given permission for it to run. So I copied it from the LocalAdmin desktop to the Limited account I use for almost everything. Those other tools, the ones we used (I don't think Adwcleaner?) everything on my Limited desktop is totally normal and FRST and KpRm are there, I don't see Eset? but I think I ran it online. The logs were there but I think maybe got cleaned up?
# Run at 5/12/2024 9:37:47 AM
# KpRm (Kernel-panik) version 2.17.0
# Website
https://kernel-panik.me/tool/kprm/
# Run by localAdmin from C:\Users\lim1\Desktop
# Computer Name: HP2024
# OS: Windows 11 X64 (22631) (10.0.22631.3447)
# Number of passes: 1
- Checked options -
~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines
- Create Registry Backup -
~ [OK] Hive C:\windows\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\localAdmin\NTUSER.dat backed up
[OK] Registry Backup: \KPRM\backup\2024-05-12-09-37-47
- Delete Tools -
## ESET Online Scanner
[OK] C:\Users\localAdmin\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\localAdmin\Downloads\esetonlinescanner.exe deleted
[OK] C:\Users\localAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
[OK] C:\Users\localAdmin\AppData\Local\ESET\ESETOnlineScanner deleted
## FRST
[OK] C:\Users\localAdmin\Desktop\Fixlog.txt deleted
[OK] C:\Users\localAdmin\Desktop\FRST64.exe deleted
[OK] \FRST deleted
- Restore System Settings -
[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files
- Restore UAC -
[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value
- Clear Restore Points -
~ [OK] RP named Windows Update created at 04/24/2024 01:34:27 deleted
~ [OK] RP named Windows Update created at 05/07/2024 17:23:56 deleted
~ [OK] RP named Restore Point Created by FRST created at 05/07/2024 17:31:51 deleted
~ [OK] RP named Windows Modules Installer created at 05/07/2024 19:27:57 deleted
~ [OK] RP named Restore Point Created by FRST created at 05/08/2024 20:38:51 deleted
~ [OK] RP named Windows Update created at 05/12/2024 13:21:11 deleted
[OK] All system restore points have been successfully deleted
- Create Restore Point -
[OK] System Restore Point created
- Display System Restore Point -
~
RP named KpRm created at 05/12/2024 13:38:43
-- KPRM finished in 86.63s --