Jump to content

smsvchost.exe


netmars
 Share

Recommended Posts

Hi :)

Sorry we've missed you, it sometimes just happens. We are overwhelmed with work here sometimes.


I need some fresh logs. Please do the following.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.



51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Hi :)

MalwarebytesAntiRootkit.png Scan with Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save the file to your desktop.

Note that the tool is still in its BETA stage, therefore not all functionalities may be added.

  • Right-click on MalwarebytesAntiRootkit.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you for an extraction place - make sure you will unpack it to your desktop.
  • After the extraction, the tool should start itself (no action required).
  • On the Introduction screen click Next.
  • On the Update screen click Update.
  • When prompted about the succesful update, click Next.
  • On the Scan System screen, make sure that all three options
    • Drivers
    • Sectors
    • System
    are checked for scanning and press Scan.
Wait patiently and don't do anything on your machine while MBAR goes through your system!
  • If no infection is found, just close the tool.
  • If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.
When finished (either with or without cleanup), please navigate to the MBAR directory.

Search there for these two files:

> mbar-log-date(time).txt

> system-log.txt

Please include the content of both files in your reply.

Link to post
Share on other sites

OK, let's have a look inside the AppData folder.

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;C:\Users\Netmars\AppData\Roaming;vsmsvchost.*;z
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Please tell me what other issues do you face currently?

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Let's deploy a second opinion scanner :)

herdprotect-logo-200x200.png Scan with HerdProtect

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on herdprotect-logo-200x200.png icon and select RunAsAdmin.jpg Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.
Please include the contens of that report in your next reply.

Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

Link to post
Share on other sites

It seems like there is some kind of problem.

I left scan run for more than 4 hours and it was still "scanning" files hanging in C:\Programdata\application data\.... it is as if scan was in some kind of loop (see scan.jpg).

When i viewed folders with option to show hidden system files, there were many shortcut folders but i was unable to open any of them, because of "access denied".

What is meaning of this?

post-177132-0-30339000-1415888667_thumb.

post-177132-0-73769400-1415888668_thumb.

Link to post
Share on other sites

OK, let's do this instead:

grayhitmanpro_16px.png Scan with HitmanPro

In any case don't remove on your own anything that Hitman Pro detects!

This scanner, as it is a really good for checking, has been known for deleting files instead od curing them, which in some cases may render the machine unbootable.

Any removals will be done manually after careful analysis of the scan results!

Please download HitmanPro by SurfRight and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on grayhitmanpro_16px.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button. You must agree with the terms of EULA (if asked).
  • Check the box beside No, I only want to perform a one-time scan to check this computer.
  • Click on the Next button.
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore.
    • If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!

      Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply.

  • Click on the Next button.
  • Click on the Save Log button.
  • Save that file to your desktop.
Please include that logfile in your next reply.

Don't forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

Yeah, nothing in particular.

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites

51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
Include it for my review.

Please also manually reboot your machine after posting your logfile.

Link to post
Share on other sites

You are ready to go :)

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:

icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.

icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:

icon_arrow.gif TFC - to clean unneeded temporary files.

icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

icon_arrow.gif McShield - to prevent infections spread by removable media.

icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.

All donations are to refund a new HDD to replace the old one, which recently passed away! btn_donate_SM.gif

Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.

Minion-Bye-smaller.jpg

Stay safe,

Naat :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.