Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Newly upgraded to Windows 10; not sure if infected


  • This topic is locked This topic is locked
6 replies to this topic

#1 tronk

tronk

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 13 January 2017 - 04:52 PM

I built my dad a computer about 6 years ago and it's still working, but running a bit slowly.  I checked the hardware and fixed a few things, but not much has changed.  It doesn't seem to be running as well as it used to, and I'm not sure why.  I'm attaching the FRST log file and Addition.txt, and  hoping someone can take a look at them and help me out.  Thanks!

-Tronk

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 16 January 2017 - 09:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this programs in bold via the Control Panel > Programs > Programs and Features.
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3512981294-4164042997-689501047-1001\...\Run: [Google Update] => C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3512981294-4164042997-689501047-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4D8CFED5-789A-47D7-907C-3C3D10967669}&mid=4aa9516e85fa47cca126d16c645653e1-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-11-25 18:57:58&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3512981294-4164042997-689501047-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3512981294-4164042997-689501047-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4D8CFED5-789A-47D7-907C-3C3D10967669}&mid=4aa9516e85fa47cca126d16c645653e1-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-11-25 18:57:58&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3512981294-4164042997-689501047-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Forrest Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Forrest Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {2F8B859F-8939-4BFB-BC3F-55A4F3FF2369} - System32\Tasks\avastBCLRestartS-1-5-21-3512981294-4164042997-689501047-1001 => Chrome.exe
Task: {B25E3B84-E2B7-4ED9-BB7E-3D251CFD3E13} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [496]
FirewallRules: [{BD695A9F-E97B-4462-BDC2-13A88E7EAA22}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{7DAF9E8D-2E94-4377-B005-270C79639F1A}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{DAAA9879-74CA-4A2C-B597-77C83B056B1C}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{75C43F2D-8F86-49B8-A0F2-133C7F5B52FD}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0171857B-7E55-40E3-8599-AF9088A7565A}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{2A00AF99-D8E0-4007-B3B8-DFAF4D58FF5A}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E2C705F0-10AE-43B7-AC9F-0A8134A79E70}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{AE73C3F4-2AAE-44F4-BF18-1CD3DB06BEBA}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E1930E31-E827-49A9-8863-DC96DE540CFA}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C3DB964A-EC3C-4021-BFDD-D7826952A5D1}] => C:\Program Files\KMSpico\KMSELDI.exe
C:\Program Files\KMSpico
C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 22 January 2017 - 08:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 23 January 2017 - 10:56 AM

Quoted from a PM message.
Hello, Nasdaq. I opened a topic earlier this month, and forgot to check back for a response until this morning, just after you closed it.

I have followed your instructions and now have a fixlog.txt file for you to look at. I would appreciate it if you could reopen my topic. The contents of the fixlog are below:

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Forrest Wells (22-01-2017 15:42:01) Run:2
Running from C:\Users\Forrest Wells\Desktop\malware spyware rootkit removers
Loaded Profiles: Forrest Wells (Available Profiles: Forrest Wells & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3512981294-4164042997-689501047-1001\...\Run: [Google Update] => C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3512981294-4164042997-689501047-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4D8CFED5-789A-47D7-907C-3C3D10967669}&mid=4aa9516e85fa47cca126d16c645653e1-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-11-25 18:57:58&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3512981294-4164042997-689501047-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3512981294-4164042997-689501047-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4D8CFED5-789A-47D7-907C-3C3D10967669}&mid=4aa9516e85fa47cca126d16c645653e1-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-11-25 18:57:58&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3512981294-4164042997-689501047-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Forrest Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Forrest Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {2F8B859F-8939-4BFB-BC3F-55A4F3FF2369} - System32\Tasks\avastBCLRestartS-1-5-21-3512981294-4164042997-689501047-1001 => Chrome.exe
Task: {B25E3B84-E2B7-4ED9-BB7E-3D251CFD3E13} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [496]
FirewallRules: [{BD695A9F-E97B-4462-BDC2-13A88E7EAA22}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{7DAF9E8D-2E94-4377-B005-270C79639F1A}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{DAAA9879-74CA-4A2C-B597-77C83B056B1C}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{75C43F2D-8F86-49B8-A0F2-133C7F5B52FD}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0171857B-7E55-40E3-8599-AF9088A7565A}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{2A00AF99-D8E0-4007-B3B8-DFAF4D58FF5A}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E2C705F0-10AE-43B7-AC9F-0A8134A79E70}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{AE73C3F4-2AAE-44F4-BF18-1CD3DB06BEBA}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E1930E31-E827-49A9-8863-DC96DE540CFA}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C3DB964A-EC3C-4021-BFDD-D7826952A5D1}] => C:\Program Files\KMSpico\KMSELDI.exe
C:\Program Files\KMSpico
C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
C:\Users\Forrest Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
C:\Users\Forrest Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep => key not found.
Service KMSELDI => service not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found.
HKU\S-1-5-21-3512981294-4164042997-689501047-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F8B859F-8939-4BFB-BC3F-55A4F3FF2369} => key not found.
C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3512981294-4164042997-689501047-1001 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-3512981294-4164042997-689501047-1001 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B25E3B84-E2B7-4ED9-BB7E-3D251CFD3E13} => key not found.
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found.
"C:\ProgramData\TEMP" => ":0FF263E8" ADS not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD695A9F-E97B-4462-BDC2-13A88E7EAA22} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DAF9E8D-2E94-4377-B005-270C79639F1A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DAAA9879-74CA-4A2C-B597-77C83B056B1C} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75C43F2D-8F86-49B8-A0F2-133C7F5B52FD} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0171857B-7E55-40E3-8599-AF9088A7565A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A00AF99-D8E0-4007-B3B8-DFAF4D58FF5A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E2C705F0-10AE-43B7-AC9F-0A8134A79E70} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE73C3F4-2AAE-44F4-BF18-1CD3DB06BEBA} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1930E31-E827-49A9-8863-DC96DE540CFA} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3DB964A-EC3C-4021-BFDD-D7826952A5D1} => value not found.
"C:\Program Files\KMSpico" => not found.
"C:\Users\Forrest Wells\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 1393732 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6416534 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 26960 B
Edge => 0 B
Chrome => 12023137 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
Forrest Wells => 66213 B
Guest => 0 B

RecycleBin => 0 B
EmptyTemp: => 19 MB temporary data Removed.

================================

 

 

Please let me know what problem persists.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 29 January 2017 - 09:26 AM

Are you still with me?

#6 tronk

tronk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 29 January 2017 - 04:25 PM

Yes, sorry for not responding.  I have been waiting  to let my dad use the computer for a few days and he states that he is not experiencing any problems.  I guess it was an easy fix.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:53 PM

Posted 30 January 2017 - 07:26 AM

Glad we could help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users