Password reset and notification emails are now sending correctly.
If you recently requested a password reset, please check your inbox (and spam folder just in case).
You can now reset your password and log in as normal.
Welcome back to PCHF, and thank you for your patience during our migration process!
— The PCHF Team
Welcome to PC Help Forum!
You’re viewing our community as a guest.
That means you can browse posts, but can’t yet reply or start new topics.
Join us today — it's completely free!
As a member, you'll be able to:
✅ Get personalized tech support from trusted volunteers
🦠 Work one-on-one with our Malware Removal Specialists
Dell Studio XPS suspected virus. Help please . I’ve attached the FRST files FRST TXT and Additional txt.
Thank you in advance
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Steve (administrator) on STEVE-PC (23-07-2017 04:58:10)
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available Profiles: Steve & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-05 16:59
==================== End of FRST.txt ============================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Steve (23-07-2017 11:40:33)
Running from C:\Users\Steve\Downloads\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-17 09:06:01)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (07/23/2017 10:53:51 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/23/2017 07:58:21 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/23/2017 07:56:44 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/23/2017 05:11:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “C:\Users\Steve\Downloads\esetsmartinstaller_enu(1 ).exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151 e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.14393.953_none_89c25 55adb023171.manifest.
Error: (07/23/2017 05:11:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “C:\Users\Steve\Downloads\esetsmartinstaller_enu.e xe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151 e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.14393.953_none_89c25 55adb023171.manifest.
Error: (07/23/2017 05:07:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “C:\Users\Steve\Downloads\esetsmartinstaller_enu(1 ).exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151 e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.14393.953_none_89c25 55adb023171.manifest.
Error: (07/23/2017 05:07:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “C:\Users\Steve\Downloads\esetsmartinstaller_enu.e xe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151 e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.14393.953_none_89c25 55adb023171.manifest.
Error: (07/23/2017 04:45:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“ia64” ,publicKeyToken=“6595b64144ccf1df”,type=“win32”,ve rsion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/23/2017 04:25:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.14393.953_none_89c25 55adb023171.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151 e83c686086b.manifest.
Error: (07/21/2017 01:07:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DDVDataCollector.exe, version: 5.2.1.55, time stamp: 0x59497602
Faulting module name: DDVDataCollector.exe, version: 5.2.1.55, time stamp: 0x59497602
Exception code: 0xc0000409
Fault offset: 0x00000000001c886b
Faulting process id: 0xff7c
Faulting application start time: 0x01d3024396f71870
Faulting application path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Faulting module path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Report Id: 3cc144ff-9cb8-4f36-8ab0-634d468179c3
Faulting package full name:
Faulting package-relative application ID:
[HEADING=1]System errors:[/HEADING]
Error: (07/23/2017 10:46:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/23/2017 10:44:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/23/2017 03:36:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (07/23/2017 03:35:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Downloaded Maps Manager service terminated unexpectedly. It has done this 1 time(s).
Error: (07/23/2017 03:33:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Motorola Device Manager service.
Error: (07/23/2017 03:32:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/21/2017 01:11:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).
Error: (07/21/2017 01:11:01 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1053” attempting to start the service mcpltsvc with arguments “Unavailable” in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (07/21/2017 01:11:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/21/2017 01:11:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
==================== Memory info ===========================
Processor: Intel(R) Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 8182.92 MB
Available physical RAM: 4169.2 MB
Total Virtual: 16374.92 MB
Available Virtual: 11838.46 MB
Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:
Link 1
Link 2
[ul]
[li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
[li]After All items are checked then press Remove Selected.[/li]
[li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
[li]Copy the content of the report and paste it here in your next reply.[/li][/ul]
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
[ul]
[li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
Adware Cleaner Scan.
Please download AdwCleaner by Xplode onto your desktop.
[ul]
[li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]
ZHP Diag Scan
Download ZHP Diag to your desktop.
Right Click Run as Admin.
Click the Options button.
Click on Check All
Then Click Validate
Then click close.
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Steve [Administrator]
Started from : C:\Users\Steve\Downloads\RogueKiller_portable64.ex e
Mode : Delete – Date : 07/23/2017 20:10:28 (Duration : 01:03:15)
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Steve (Administrator) on Sun 07/23/2017 at 22:07:19.18
Deleted the following from C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Pro files\jor6jyfq.default\prefs.js
user_pref(browser.search.hiddenOneOffs, Secure Search);
[HEADING=1]AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 24 02:37:57 2017[/HEADING]
[HEADING=1]Updated on 2017/17/07 by Malwarebytes[/HEADING]
[HEADING=1]Running on Windows 10 Home (X64)[/HEADING]
[HEADING=1]Mode: clean[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
***** [ Services ] *****
~ ZHPDiag v2017.7.20.125 By Nicolas Coolman (2017/07/20)
~ Run by Steve (Administrator) (2017/07/23 22:45:45)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: ZHP
~ Certificate ZHPDiag: Legal
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Steve\Desktop\ZHPDiag.txt
~ Report: C:\Users\Steve\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393) =>.Microsoft Corporation
—\ Internet Browsers (4) - 0s
~ GCIE: Google Chrome v59.0.3071.115
~ MFIE: Mozilla Firefox 54.0.1 (x86 en-US)
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.1198.14393.0
—\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
—\ System protection software (3) - 10s
Malwarebytes Anti-Malware version 2.2.1.1043 (Protection)
McAfee AntiVirus Plus v16.0.1 (Protection)
Windows Defender (Deactivate)
—\ Surveillance software (2) - 13s
~ Adobe Flash Player 26 NPAPI (Surveillance)
~ Adobe Acrobat Reader DC (Surveillance)
—\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8379.312 MB (55% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 691 GB (73%) free of 941 GB : OK =>.Disk Space
—\ Connection to the system mode (3) - 0s
~ Computer Name: STEVE-PC
~ User Name: Steve
~ Logged in as Administrator
—\ Enumeration of the disk units (1) - 0s
~ Drive C: has 691 GB free of 941 GB (System)
—\ State of the Windows Security Center (8) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoFolderOptions: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
It will take me some time to look over the ZHP log. I’d like you to run the scans below. I will send you a script for a ZHP fix tomorrow after I return home from work.
Clean up temp files and reduce startup load with CCleaner.
Note: This tool will clean your browsing history as well.
[ul]
[li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine.[/li][/ul]
ZHP Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]
At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.
Zemana Deep Scan
[ul]
[li]
[/li][li]Right click on Zemana and run as admin.[/li][/ul]
[ul]
[li]Click the Cog/Sproket Wheel, at the top right of Zemana[/li][/ul]
[ul]
[li]Select Advanced - I have read the warning and wish to proceed.[/li][/ul]
[ul]
[li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][/ul]
[ul]
[li]Then click the house icon in Zemana.[/li][/ul]
[ul]
[li]Then hit your start button at the lower left hand corner of your desktop.[/li][/ul]
[ul]
[li]Then left click on Computer.[/li][/ul]
[ul]
[li]Drag Local Disk C: or whichever drive you decide to check first.[/li]
[li]Into the area of Zemana that reads Drag and drop files here to scan them.[/li][/ul]
[ul]
[li]http://i.imgur.com/bOVO6lY.png[/li][/ul]
[ul]
[li]Once the scan has completed click graph icon on the top right of the programs User interface.[/li][/ul]
[ul]
[li]Double click to open the latest log-file.[/li][/ul]
[ul]
[li]Copy it to your clipboard.[/li][/ul]
[ul]
[li]Post the log here in your next reply.[/li][/ul]
ZHP Fix [MEDIA=imgur]4bd9Ugb[/MEDIA]
[ul]
[li]Disable your antivirus prior to this fix![/li]
[li]Download ZHP-Fix from here.[/li][li]UnZip it to your desktop – Tool Here if needed… 7-Zip[/li]
[li]Install it.[/li][li]Click Suivant 5 Times.[/li][li]Then Installer.[/li][li]Then Terminer.[/li][li]Then right clcick the ZHP Fix icon Run as admin.[/li][li]Copy the entire content of the code box below, the next step will grab it from your clipboard.[/li]
[li]Then click on import.[/li][li]Then click GO.[/li][li]If you see any Prompts like the one below, select Oui. = Yes in French. [/li]
[li]https://pchelpforum.net/attachments/...7-40-png.2248/ [/li]
[li]Allow completion.[/li][li]A log file will appear on your desktop. [/li]
[li]Post it here in your next reply.[/li][/ul]
[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]
We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.
By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.
Tweet
Comment