Jump to content

Remove Kms-r@1n, AutoKMS and all that comes with it


Recommended Posts

Hello,

I need Your help to remove KMS-r@1n from my system, having Win10 installed with KMS activator and Win10 pro licence I have bought recently, I've decide to use my original key.
I would be very grateful if You guys could help me with this.

I have downloaded Farbar Recovery Scan Tool and did a search, it generated files that I have attached.
Please help me with this, thank You.

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello Davorike and welcome to Malwarebytes,

To remove KMS activator run te following FRST fix...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me see that log, also tell me if there are any remaining issues or concerns..

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Hey kevinf80

Thank You for your help sir.
Here is the Fixlog.txt data below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.01.2019 01
Ran by davor_novoselac (16-01-2019 00:03:22) Run:1
Running from C:\Users\davor_novoselac\Desktop\FRST64
Loaded Profiles: davor_novoselac (Available Profiles: davor_novoselac)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-04-16] () [File not signed]
C:\Windows\KMS-R@1n.exe
C:\Users\davor_novoselac\AppData\Local\Tempzxpsign*
Task: {88AE5775-8086-44C6-BB42-508146305BF3} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
AlternateDataStreams: C:\Users\davor_novoselac\Dropbox:user.myxattr [0]
FirewallRules: [{94FB5BBD-DF9D-4846-BB68-2E765B0BF9F9}] => (Allow) C:\Windows\KMS-R@1n.exe ()
FirewallRules: [{0F7472E2-FB53-4471-985A-B7F95B1516EA}] => (Allow) C:\Windows\KMS-R@1n.exe ()
FirewallRules: [{C0797296-8AA2-4428-857E-D8F1799E9504}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D5444DB2-4356-46AC-A8B6-4CC4BDBA4C52}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
emptytemp:
end

*****************

Restore point was successfully created.
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
KMS-R@1n => Unable to stop service.
HKLM\System\CurrentControlSet\Services\KMS-R@1n => removed successfully
KMS-R@1n => service removed successfully
C:\Windows\KMS-R@1n.exe => moved successfully

=========== "C:\Users\davor_novoselac\AppData\Local\Tempzxpsign*" ==========

not found

========= End -> "C:\Users\davor_novoselac\AppData\Local\Tempzxpsign*" ========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88AE5775-8086-44C6-BB42-508146305BF3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88AE5775-8086-44C6-BB42-508146305BF3}" => removed successfully
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => removed successfully
C:\Users\davor_novoselac\Dropbox => ":user.myxattr" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94FB5BBD-DF9D-4846-BB68-2E765B0BF9F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F7472E2-FB53-4471-985A-B7F95B1516EA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0797296-8AA2-4428-857E-D8F1799E9504}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5444DB2-4356-46AC-A8B6-4CC4BDBA4C52}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 98351463 B
Java, Flash, Steam htmlcache => 350484384 B
Windows/system/drivers => 182638 B
Edge => 1631587 B
Chrome => 445262657 B
Firefox => 1116948423 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 58500 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 523372 B
NetworkService => 0 B
davor_novoselac => 255096308 B

RecycleBin => 0 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:06:02 ====

Link to post
Share on other sites

Hiya Davorike,

I assume all is ok for you now... Remove FRST and its files/folders:

Right click on FRST here: C:\Users\davor_novoselac\Desktop\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.