Niki007 Posted September 2, 2018 ID:1267206 Share Posted September 2, 2018 Hello, recently I searched my computer for malware and suspucious files. I found some using Malwarebytes and terminated them, but I saw 1 file KMS Connection Broken in the Task Manager which I checked online and they say it's a virus(malwarebytes doesn't detect it) and i can't stop it because it pops up again after few seconds. When I search the source it says that the source is SppExtComObj which is a technically a Windows file but it doesn't run as a Windows process, that brings even more suspusion. I'm not a computer specialist so i'll glad if anyone could help me out. Link to post Share on other sites More sharing options...
kevinf80 Posted September 3, 2018 ID:1267253 Share Posted September 3, 2018 Hello Niki007 and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
Niki007 Posted September 3, 2018 Author ID:1267295 Share Posted September 3, 2018 Hello Kevin,I've read your reply and did what you told me, here are the files. Addition.txt adwcleaner.txt FRST.txt Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/3/18 Scan Time: 3:06 PM Log File: ceed0a74-af71-11e8-a659-88d7f67f7955.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6625 License: Free -System Information- OS: Windows 10 (Build 17134.228) CPU: x64 File System: NTFS User: DESKTOP-Q6LB0PG\iamth -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 308857 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 15 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted September 3, 2018 ID:1267393 Share Posted September 3, 2018 Run the following and attach the requested file to your reply... Select the Windows key and X key together, from the menu select "Command prompt (Admin)" Copy/paste the following command at the prompt: Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab put cursor at the command prompt then Right click and select paste, hit enter. Two files will be saved to your Desktop. Attach the "report.txt" file to your reply. - you can ignore the repfiles.cab file, it's only backup data Thanks, Kevin Link to post Share on other sites More sharing options...
Niki007 Posted September 4, 2018 Author ID:1267523 Share Posted September 4, 2018 report.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 4, 2018 ID:1267629 Share Posted September 4, 2018 Hello Niki007, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Also let me know if there are any remaing issues or concern... Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 6, 2018 ID:1267970 Share Posted September 6, 2018 Do you still require assistance Niki007 Link to post Share on other sites More sharing options...
Niki007 Posted September 8, 2018 Author ID:1268411 Share Posted September 8, 2018 Hello Kevin, I want to thank you for the help and tell you that everything is working fine now. Here is the file Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 8, 2018 ID:1268435 Share Posted September 8, 2018 Thanks for the update Niki007, continue to clean up: Right click on FRST here: C:\Users\iamth\DownloadsFRST64.exe and rename to uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Link to post Share on other sites More sharing options...
kevinf80 Posted September 10, 2018 ID:1268695 Share Posted September 10, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts