Jump to content

[-was- corrupted TEMP + TMP env variables] KMSpico Temp Folder?

BubblyBread
 Share
Go to solution Solved by Maurice Naggar,

Recommended Posts

  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Maurice Naggar
Maurice Naggar

Look on the Downloads folder. If you see a file-named Fixlist.txt then delete it. NOTE-1: The main goal here is to set the proper & correct 'windows' 'TEMP' + 'TMP' environment settings.

Maurice Naggar
Maurice Naggar

Thank you !! here is the 'before' information on the 2 environment settings for temporary areas. Name : TEMP Value : C:\Program Files\KMSpico\temp Name : TMP Value : C:\Program Files\KMSpico\tem

Maurice Naggar
Maurice Naggar

The "kmspico" term was used as part of a name of 2 areas where Windows keeps its temporary work folders. I would not call that a virus. I would call it a corruption or a bad glitch. I cant determine j

Posted Images

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please get us a new set of logs @BubblyBread

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here:   https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
  • Save Autoruns.zip to your computer. Then locate it and extract it to a new folder where you can find and run it.
  • Once it starts you may not be able to easily stop the scan but you can try to press the Escape key on your keyboard.
  • Once scanning is stopped, click on the Options menu at the top of the program and select Scan Options... 
  • Then place a check mark on the following items Verify Code Signatures, Check VirusTotal.com, and Submit Unknown Images
  • image.png
  • Then click the Rescan button. Agree to the VirusTotal EULA
  • Once the new scan has been completed, please click on the File button at the top of the program and select Save, or use the Save icon, and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right-click on the Autoruns.arn file (it will typically be the name of your computer) on your desktop or where you save it, and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder (your computer name.zip) you just created to your next reply.
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thanks. I will review that & get back with you. At this point ( it being Sunday 21 May) I would like to re-run a fresh new report.

Your machine has the FRST64 report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRST64 and select  

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  •  
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thanks. One thing I suggest you do as soon as you can, get the latest Mozialla Firefox release / update 

Firefox Version 113.0.1


Click the menu button at the right side of the Firefox toolbar, go to Help, and select About Firefox.

After that update, if you would, only use Firefox for rest of duration of this case.
I will be focusing on the next custom run.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

There are many files in the root of the C drive 

c:\

that just simply should not be there at all. The next procedure will attempt to get rid of them. Why and how they got there is a mystery. The .dll files & the many api-ms-  do not belong there . This will remove them. Just lets keep in mind they may not be malicious.

Please run the following custom script. Read all of this before you start. Please Close all open work.

Farbar program :  is FRST64.exe is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt<-- - - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRST64 and select 

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will also do targeted cleanups. Depending on the speed of your computer this fix may take 50-55 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera + Brave caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin
  • It will also remove all pre-existing Windows Firewall rules so that this machine will be as if a new one. You may later need to allow some applications to have your permission to access the internet.

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. Just let me know how this goes. I will later guide you for more steps. I do not need screen grabs of folder contents.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Delete any old copies of Fixlist.txt that may now be on your computer.

Try again, using Edge browser in my link above, do a RIGHT-click on the link and then select SAVE AS and direct the save to the Downloads folder. Please confirm that. Then do the procedure as I listed before. Need that fixlist script saved to DOWNLOADS

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

This last script run seems a success in that it accomplished what I had intended to do & cleanup.
The main concern is that yet again, the folder c:\program files\kmspico was found. It has been removed (this makes at least the 2nd or 3rd time).
IF in the past couple of weeks or so, you got & installed some d-o-d-g-y game or app then consider to uninstall it.  Maybe it was some sort of no-cost game or app.
"Kmspico" is not a normal home-user thing. We see it a lot when someone got hold of some sort of enticing or no-cost "freebie"


What I would like to do is to ask you to insure that Malwarebytes Browser Guard is setup on each one of the web browsers.
Edge, Brave, Vivaldi & Chrome will each take the same one as the Chrome version.
There is a separate version for Firefox.
See Support article how-to

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard

See Support article how-to for Firefox
https://support.malwarebytes.com/hc/en-us/articles/4413298841747--Install-Malwarebytes-Browser-Guard-on-Firefox-browser

For the EDGE browser https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser

Note: If the pc also has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate).

(  2  )


Next, I would like you to do one new Scan with Malwarebytes.

(  3  )


The Malwarebytes support tool is already on this machine, mb-support-1.8.7.918.exe on the Downloads folder.
Please find it,
With your mouse, RIGHT-click on it, and select "Run as Administrator".

  • In the User Account Control pop-up window, click Yes to continue the installation
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file on your next reply
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

The repeat re-appearances of "KMSPICO" folder is very disturbing. You should consider doing a wipe / erase and clean fresh clean install of Windows. Doing that will take much less time overall than the many days we have already expended to date.

(  1  )


Open an elevated Powershell window i.e. run Powershell Prompt as an administrator .

On the Taskbar Search box, type in 

powershell.exe


click the line for "run as administrator"


It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is
On that Powershell prompt,  Copy & Paste this command 

Remove-Item -Path "c:\program files\kmspico" -recurse –Force

press Enter-key on keyboard   and watch the result

(  2  )

Your machine has the FRST64 report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRST64 and select  

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  •  
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.

(  3  )

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here:   https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
  • Save Autoruns.zip to your computer. Then locate it and extract it to a new folder where you can find and run it.
  • Once it starts you may not be able to easily stop the scan but you can try to press the Escape key on your keyboard.
  • Once scanning is stopped, click on the Options menu at the top of the program and select Scan Options... 
  • Then place a check mark on the following items Verify Code Signatures, Check VirusTotal.com, and Submit Unknown Images
  • image.png
  • Then click the Rescan button. Agree to the VirusTotal EULA
  • Once the new scan has been completed, please click on the File button at the top of the program and select Save, or use the Save icon, and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right-click on the Autoruns.arn file (it will typically be the name of your computer) on your desktop or where you save it, and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder (your computer name.zip) you just created to your next reply.

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Look on the Downloads folder. If you see a file-named Fixlist.txt then delete it.

NOTE-1: The main goal here is to get a report on all environment variables set for this Windows system. There is a possibility that one of the TEMP variables is messed up ( which if true, may explain the odd placement of some files.). The smaller goal of this script is to do some cleanups.

Please run the following custom script. Read all of this before you start. Please Close all open work.

Farbar program :  is FRST64.exe is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt<-- - - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. 

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRST64 and select 

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

It appears that Microsoft indicates a failure to activate the license on this Windows installtion. I am pasting a section from the FRST report ( which lists a section of Windows system event log of today.
==================== Event log errors: ========================

Application errors:
==================
Error: (05/22/2023 04:33:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Pls hold on. I have found the source of all the pain. The TEMP & TMP settings were corrupted such that 'kmspico' was part of the name of those temp variables. I will have a new script foe you soon. o.m.g. This was the most obscure ever corruption I ever encountered.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Look on the Downloads folder. If you see a file-named Fixlist.txt then delete it.

NOTE-1: The main goal here is to set the proper & correct 'windows' 'TEMP' + 'TMP' environment settings.

Please run the following custom script. Read all of this before you start. Please Close all open work.

Farbar program :  is FRST64.exe is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt<-- - - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. 

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRST64 and select 

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply

  • Like 1
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.