Jump to content

Don't know how to get rid of this.


Torroth
 Share

Recommended Posts

so the past few days I seem to be having an issue of some type. First it started as wierd processes in my task manager. The programs would be like khgljyg.exe or dyhbjb.exe and so on. I traced them back to the sysWOW64 folder. So I tried to disable them and get rid of them but I needed permission from something called trustedinstaller. I'm boggled because I'm running my comp in admin mode and I don't have permission? So I found a way to give myself permission but there are so many wierd programs to take back permission that I said forget it. Then I used malwarebytes and the scan said I had over 600 infected items. So I clicked remove and rebooted as the program said. After about 5 or 10 min I was right back to where I was.I thought I got hit with a particularly nasty virus. So I went through and reformatted. I deleted the partitions including the 100mb one that windows uses. Cleaned everything I could. After I got everything reinstalled (bare minimum that is) I am now right back to the wierd programs again. This time they seem to be coming from the roaming folder and the security center. Keep in mind that i'm currently running of a newly reformatted hard drive. Some other things that are happening is hat windows help center is opening on it's own plus I have programs asking for permission to run and I get multiple browsers opening if I go afk for awhile. Also explorer keeps crashing and restarting.

 

I've included the following: A pic of malwarebytes scan and a pic of my roaming folder. Below is what is in the attach.txt file but dds did not create a dds.txt file anywhere. if you need anymore information let me know.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2013 8:59:55 AM
System Uptime: 12/20/2013 5:26:58 AM (3 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | Z77X-UP7
Processor: Intel® Core i7-3770K CPU @ 3.50GHz | Intel® Core i7-3770K CPU @ 3.50GHz | 3901/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 372.588 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 213.861 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 1863 GiB total, 825.986 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 926.654 GiB free.
H: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Officejet 4500 G510g-m
Device ID: USB\VID_03F0&PID_2D12&MI_00\7&16CC438&0&0000
Manufacturer:
Name: Officejet 4500 G510g-m
PNP Device ID: USB\VID_03F0&PID_2D12&MI_00\7&16CC438&0&0000
Service:
.
Class GUID:
Description: Officejet 4500 G510g-m
Device ID: USB\VID_03F0&PID_2D12&MI_02\7&16CC438&0&0002
Manufacturer:
Name: Officejet 4500 G510g-m
PNP Device ID: USB\VID_03F0&PID_2D12&MI_02\7&16CC438&0&0002
Service:
.
==== System Restore Points ===================
.
RP12: 12/19/2013 10:36:56 AM - Windows Update
RP13: 12/19/2013 10:57:42 AM - Windows Update
RP14: 12/19/2013 11:08:36 AM - Installed Java 7 Update 45
RP15: 12/19/2013 11:48:47 AM - Device Driver Package Install: DT Soft Ltd System devices
RP16: 12/19/2013 11:50:50 AM - Installed Microsoft Office Professional Plus 2010
RP17: 12/19/2013 12:12:40 PM - Installed Microsoft Office Language Pack 2010 - English
RP19: 12/19/2013 12:27:17 PM - Windows Defender Checkpoint
RP20: 12/19/2013 3:20:39 PM - Installed DirectX
RP21: 12/19/2013 3:26:56 PM - Installed DirectX
RP22: 12/19/2013 3:52:14 PM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP23: 12/19/2013 4:03:35 PM - Installed DirectX
RP24: 12/19/2013 6:25:23 PM - Windows Update
RP25: 12/19/2013 7:08:06 PM - Windows Update
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 

post-152971-0-71226000-1387550862_thumb.

post-152971-0-40068200-1387550871_thumb.

Link to post
Share on other sites

Welcome to the forum.

I need to see the DDS log and also......

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Well now I'm a little confused. I did mention that DDS only created 1 file and that was the attach.exe. It did not create a dds.exe file. So unless I'm missing an option somewhere then I've done all that I can. Also am I suppose to be getting a file of some type from roguekiller? all I got from that was an ini that said I accepted the EULA.

Link to post
Share on other sites

OK, do this instead:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

I have to stop here because there's evidence of illegal software on your system.
The software is MS Office and the crack is your AutoKMS.exe, it allows you to activate MS office illegally.
 

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe

 


Read the policy on Piracy here: (There's also a warning in my initial post)
http://forums.malwarebytes.org/index.php?showtopic=97700

This topic will be closed.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.