Jump to content

Recommended Posts

  • 2 weeks later...

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Can you explain why the following illegal process runs on your system?

 

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe

 

Next,

 

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x

Follow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes.

 

When reinstalling the program please try the latest version from here:

http://www.malwarebytes.org/mwb-download/

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Kevin....

Link to post
Share on other sites

Here is the scan log that you requested:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/12/2014
Scan Time: 3:39:11 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.12.03
Rootkit Database: v2014.08.04.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: rsi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367489
Time Elapsed: 42 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Please note:

As you have a "Premium" license for Malwarebytes you have privileged access to the help desk at Consumer Support for professional help. If you choose this option to get help please let me know and we can close out this thread....

 

If you wish to continue run the following:

 

Run the MGA Diagnostic Tool and post back the report it creates:

 

  •  

     

  • Download MGADiag from here: http://go.microsoft.com/fwlink/?linkid=52012 and save it to your desktop.

     

     

  • Double-click on MGADiag.exe to launch the program

     

     

  • Click "Continue"

     

     

  • Ensure that the "Windows" tab is selected (it should be by default).

     

     

  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard. (Do not worry about any errors at this point, paste will still work)

     

     

  • Paste the MGA Diagnostic Report back here in your next reply.

     

     

 

 

Next,

 

Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

Important - Save it to your desktop.

Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).

Give permission if necessary, and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file saved. Please run the program once only.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

 

Thank you,

 

Kevin

Link to post
Share on other sites

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Genuine

Validation Code: 0

Cached Validation Code: N/A

Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT

Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=

Windows Product ID: 76487-OEM-2211906-00102

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 5.1.2600.2.00010100.3.0.pro

ID: {694DA4E4-7A4D-4A8D-A10A-EC8EAC52573E}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: Registered, 1.9.40.0

Signed By: Microsoft

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1

Resolution Status: N/A

 

Vista WgaER Data-->

ThreatID(s): N/A

Version: N/A

 

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80004005

File Exists: Yes

Version: 1.9.40.0

WgaTray.exe Signed By: N/A, hr = 0x80004005

WgaLogon.dll Signed By: Microsoft

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

 

File Scan Data-->

 

Other data-->

Manufacturer>Dell Inc.                </Manufacturer><Model>OptiPlex 320                 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.                </Manufacturer><Version>1.1.5 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070327000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>7BE23B5F01842076</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll"

 

Licensing Data-->

N/A

 

Windows Activation Technologies-->

N/A

 

HWID Data-->

N/A

 

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 1AD6A:Dell Inc|1AD6A:Microsoft Corporation

Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

 

OEM Activation 2.0 Data-->

N/A

 

 

 

 

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.QALBP0
 ----- EOF -----

Link to post
Share on other sites

I have been chasing this problem for a month and a half.  At the advise or suggestions of malwarebytes forums I have tried 10+ software programs in order to resolve this issue.  The programs that I remember are:

 

MBAM-Clean.exe

Farbar Recovery Scan Tool

TDSSkiller

Rkill

ERUNT

Rogue Killer

 

Is it possible that I ran CKscanner in the past?  Possibly.

 

The information that I provided is the first time that I ran the program since YOU asked me.

Link to post
Share on other sites

I`m a volunteer at this site and like any other user must follow forum protocol. As a moderator did re-open your thread after you confirmed removal of illegal software I will take your word for the explanation regarding CKScanner.

 

Give an update on any remaining issues or concerns that you have, also run the following and post both logs....

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7/8 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Close out all browsers and turn off Security.
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

thanks,

 

Kevin..

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.