Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> ) <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3499745600-2931015535-3666720081-1001\...\Run: [] => [X]
ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer Incorporated -> Acer) [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 MpKslac2650cd; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{589D3E7A-F8C4-4778-9A78-4D09EDD731AF}\MpKslDrv.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Mike D\AppData\Local\Temp\tmpBB30.tmp [X] <==== ATTENTION
FirewallRules: [TCP Query User{BEC813AC-EFBA-4492-83E8-AD921EF6BBC0}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [UDP Query User{EF54C9B9-0C04-40E6-ABC0-58C548C0475A}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [TCP Query User{1319C2AC-B13E-4CB9-BCF4-32F1FAAD6636}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [UDP Query User{0FAB3CF2-2EC3-4EF2-993F-3A74BD6A877E}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [TCP Query User{222EAF38-1278-4958-95BE-F0C99743CA6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed]
FirewallRules: [UDP Query User{B37A1E5F-8C59-4E40-BA3D-F0248681CC6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed]
C:\ProgramData\wDcLibs\uhelper.exe
C:\ProgramData\wDcLibs
C:\WINDOWS\Tasks\CCleanerCrashReporting.job
Unlock: C:\WINDOWS\System32\drivers\EUDCPOTG.sys
Unlock: C:\WINDOWS\system32\drivers\EUEDKOTG.sys
R0 EUDCPOTG; C:\WINDOWS\System32\drivers\EUDCPOTG.sys [83448 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKOTG; C:\WINDOWS\system32\drivers\EUEDKOTG.sys [30712 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
C:\WINDOWS\System32\drivers\EUDCPOTG.sys
C:\WINDOWS\system32\drivers\EUEDKOTG.sys
C:\Users\Mike D\AppData\Local\{8EB2DD6B-A97F-4098-8368-84D84A77C357}
C:\Users\Mike D\AppData\Local\{343C96CB-09B7-4CC3-BAA8-7FB38537364B}
C:\WINDOWS\system32\drivers\etc\hosts
Hosts:
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [71760 2022-03-09] (Cole Williams Software Limited -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2022-04-26]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
Folder: C:\Program Files\chrome_BITS_2440_1499467724
Folder: C:\WINDOWS\SysWOW64\Codecs
File: C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe
File: C:\Windows\SysWOW64\Codecs\TrayMenu.exe
Startbatch:
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "WsmUpdater" /f 2>nul
reg delete "HKU\S-1-5-21-3141314803-560412765-1815371881-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CCleaner Smart Cleaning" /f 2>nul
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Codec Settings UAC Manager" /f 2>nul
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "uupdate" /f 2>nul
schtasks /Change /TN "{661C5B01-37EA-48C8-B089-E6DDFA7C145C}" /Disable
schtasks /Change /TN "{906C23F2-05A5-4A48-9B79-BA735D43436A}" /Disable
schtasks /Change /TN "{A390AD8F-AD68-4848-8840-9F012BFF2630}" /Disable
schtasks /Change /TN "ALU" /Disable
schtasks /Change /TN "ALUAgent" /Disable
schtasks /Change /TN "CCleaner Update" /Disable
schtasks /Change /TN "CCleanerCrashReporting" /Disable
schtasks /Change /TN "CCleanerSkipUAC - Mike D" /Disable
schtasks /Change /TN "DeviceDetector" /Disable
schtasks /Change /TN "GoogleUpdateTaskMachineCore{3177BCBE-3C87-449E-91CB-A71FAD0BB266}" /Disable
schtasks /Change /TN "GoogleUpdateTaskMachineUA{FCD11B04-90E5-461C-94B4-FD1D23D9ACB3}" /Disable
schtasks /Change /TN "Mozilla\Firefox Background Update 308046B0AF4A39CB" /Disable
schtasks /Change /TN "Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" /Disable
del /f /q "%userprofile%\AppData\Local\Temp\*"
del /f /q "%userprofile%\AppData\Local\*.exe"
del /f /q C:\Windows\Temp\*.*
del /f /q C:\WINDOWS\system32\*.tmp
del /f /q C:\WINDOWS\system32\drivers\*.tmp
del /f /q C:\WINDOWS\syswow64\*.tmp
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
"C:\Windows\SysWOW64\lodctr.exe" /R
"C:\Windows\SYSTEM32\lodctr.exe" /R
ipconfig /flushdns
sfc /scannow
EndBatch:
emptytemp:
Reboot:
End::
wow, inundating. i will go over all this when i'm sober. thank you.Program Removal:
Uninstall these programs listed below:
With GeekUninstaller:
- Acer Remote
- Mozilla Maintenance Service
- TotalAV
Use Force Mode if one of the programs will not uninstall.
Total AV has been reported as a scam.
See here for yourself:
Link One
Link Two
You may as well use Avira, TotalAv uses their detection engines anyhow; but let's refrain from installing anything until we are done here.
FRST Fix:
Copy the content of the code box below.
Do not copy the word code:
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next post.
Code:Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> ) <==== ATTENTION HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3499745600-2931015535-3666720081-1001\...\Run: [] => [X] ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer Incorporated -> Acer) [File not signed] <==== ATTENTION GroupPolicy: Restriction ? <==== ATTENTION S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X] S3 MpKslac2650cd; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{589D3E7A-F8C4-4778-9A78-4D09EDD731AF}\MpKslDrv.sys [X] S3 WinRing0_1_2_0; \??\C:\Users\Mike D\AppData\Local\Temp\tmpBB30.tmp [X] <==== ATTENTION FirewallRules: [TCP Query User{BEC813AC-EFBA-4492-83E8-AD921EF6BBC0}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File FirewallRules: [UDP Query User{EF54C9B9-0C04-40E6-ABC0-58C548C0475A}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File FirewallRules: [TCP Query User{1319C2AC-B13E-4CB9-BCF4-32F1FAAD6636}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File FirewallRules: [UDP Query User{0FAB3CF2-2EC3-4EF2-993F-3A74BD6A877E}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [71760 2022-03-09] (Cole Williams Software Limited -> ) FirewallRules: [TCP Query User{222EAF38-1278-4958-95BE-F0C99743CA6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed] FirewallRules: [UDP Query User{B37A1E5F-8C59-4E40-BA3D-F0248681CC6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed] C:\ProgramData\wDcLibs\uhelper.exe C:\ProgramData\wDcLibs C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe C:\WINDOWS\Tasks\CCleanerCrashReporting.job Unlock: C:\WINDOWS\System32\drivers\EUDCPOTG.sys Unlock: C:\WINDOWS\system32\drivers\EUEDKOTG.sys R0 EUDCPOTG; C:\WINDOWS\System32\drivers\EUDCPOTG.sys [83448 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUEDKOTG; C:\WINDOWS\system32\drivers\EUEDKOTG.sys [30712 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\System32\drivers\EUDCPOTG.sys C:\WINDOWS\system32\drivers\EUEDKOTG.sys C:\Users\Mike D\AppData\Local\{8EB2DD6B-A97F-4098-8368-84D84A77C357} C:\Users\Mike D\AppData\Local\{343C96CB-09B7-4CC3-BAA8-7FB38537364B} C:\WINDOWS\system32\drivers\etc\hosts Hosts: File: C:\Program Files\chrome_BITS_2440_1499467724 Folder: C:\Program Files\chrome_BITS_2440_1499467724 Folder: C:\WINDOWS\SysWOW64\Codecs Startbatch: reg delete "HKU\S-1-5-21-3141314803-560412765-1815371881-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CCleaner Smart Cleaning" /f 2>nul schtasks /Change /TN "{661C5B01-37EA-48C8-B089-E6DDFA7C145C}" /Disable schtasks /Change /TN "{906C23F2-05A5-4A48-9B79-BA735D43436A}" /Disable schtasks /Change /TN "{A390AD8F-AD68-4848-8840-9F012BFF2630}" /Disable schtasks /Change /TN "ALU" /Disable schtasks /Change /TN "ALUAgent" /Disable schtasks /Change /TN "CCleaner Update" /Disable schtasks /Change /TN "CCleanerCrashReporting" /Disable schtasks /Change /TN "CCleanerSkipUAC - Mike D" /Disable schtasks /Change /TN "DeviceDetector" /Disable schtasks /Change /TN "GoogleUpdateTaskMachineCore{3177BCBE-3C87-449E-91CB-A71FAD0BB266}" /Disable schtasks /Change /TN "GoogleUpdateTaskMachineUA{FCD11B04-90E5-461C-94B4-FD1D23D9ACB3}" /Disable schtasks /Change /TN "Mozilla\Firefox Background Update 308046B0AF4A39CB" /Disable schtasks /Change /TN "Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" /Disable del /f /q "%userprofile%\AppData\Local\Temp\*" del /f /q "%userprofile%\AppData\Local\*.exe" del /f /q C:\Windows\Temp\*.* del /f /q C:\WINDOWS\system32\*.tmp del /f /q C:\WINDOWS\system32\drivers\*.tmp del /f /q C:\WINDOWS\syswow64\*.tmp "%WINDIR%\SYSTEM32\lodctr.exe" /R "%WINDIR%\SysWOW64\lodctr.exe" /R "C:\Windows\SysWOW64\lodctr.exe" /R "C:\Windows\SYSTEM32\lodctr.exe" /R ipconfig /flushdns sfc /scannow EndBatch: emptytemp: Reboot: End::
Shenzhen Yi Xing Investment Co., Ltd. is included in the fix due to you having already uninstalled, but residual files remain, as indicated by the task:
Task: {C1D3CAD8-4C8E-48BF-B1AC-848EE88FE81E} - System32\Tasks\{A390AD8F-AD68-4848-8840-9F012BFF2630} => C:\Windows\System32\pcalua.exe [13312 2012-10-23] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files\EaseUS\EaseUS Partition Master\bin\unins000.exe"
Also the absence of the program from your installed programs list.
Download Malwarebytes v.4 . Install and run.
- Once the MBAM dashboard opens, click on Settings (gear icon).
- Click on Security tab and make sure that all four Scan options are enabled.
- Close Settings and click on the Scan button on the dashboard.
- Once the scan is completed make sure you have it quarantine any detections it finds.
- If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
- If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other Location you can find and attach that log on your next reply.
- If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other
- Location you can find and include that log on your next reply.
Adware Cleaner
- Download AdwCleaner and save it to your Desktop
- Right-click on AdwCleaner.exeand select, Run as Administrator
- Accept the EULA (I accept), then click on Scan Now
- Let the scan complete
- Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
- Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
- Close all other open windows and allow it to restart
- After the restart, Notepad will open with the AdwCleaner cleaning log
- Please Attach the contents of that log into your next reply to me
In your next reply:
Fixlog.txt created by running FRST fix as instructed above
Malwarebytes log.
Adware Cleaner log.
i don't understand copy code but don't copy word code.Program Removal:
Uninstall these programs listed below:
With GeekUninstaller:
- Acer Remote
- Mozilla Maintenance Service
- TotalAV
Use Force Mode if one of the programs will not uninstall.
Total AV has been reported as a scam.
See here for yourself:
Link One
Link Two
You may as well use Avira, TotalAv uses their detection engines anyhow; but let's refrain from installing anything until we are done here.
FRST Fix:
Copy the content of the code box below.
Do not copy the word code:
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next post.
Code:Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> ) <==== ATTENTION HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3499745600-2931015535-3666720081-1001\...\Run: [] => [X] ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer Incorporated -> Acer) [File not signed] <==== ATTENTION GroupPolicy: Restriction ? <==== ATTENTION S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X] S3 MpKslac2650cd; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{589D3E7A-F8C4-4778-9A78-4D09EDD731AF}\MpKslDrv.sys [X] S3 WinRing0_1_2_0; \??\C:\Users\Mike D\AppData\Local\Temp\tmpBB30.tmp [X] <==== ATTENTION FirewallRules: [TCP Query User{BEC813AC-EFBA-4492-83E8-AD921EF6BBC0}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File FirewallRules: [UDP Query User{EF54C9B9-0C04-40E6-ABC0-58C548C0475A}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File FirewallRules: [TCP Query User{1319C2AC-B13E-4CB9-BCF4-32F1FAAD6636}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File FirewallRules: [UDP Query User{0FAB3CF2-2EC3-4EF2-993F-3A74BD6A877E}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File FirewallRules: [TCP Query User{222EAF38-1278-4958-95BE-F0C99743CA6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed] FirewallRules: [UDP Query User{B37A1E5F-8C59-4E40-BA3D-F0248681CC6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed] C:\ProgramData\wDcLibs\uhelper.exe C:\ProgramData\wDcLibs C:\WINDOWS\Tasks\CCleanerCrashReporting.job Unlock: C:\WINDOWS\System32\drivers\EUDCPOTG.sys Unlock: C:\WINDOWS\system32\drivers\EUEDKOTG.sys R0 EUDCPOTG; C:\WINDOWS\System32\drivers\EUDCPOTG.sys [83448 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUEDKOTG; C:\WINDOWS\system32\drivers\EUEDKOTG.sys [30712 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\System32\drivers\EUDCPOTG.sys C:\WINDOWS\system32\drivers\EUEDKOTG.sys C:\Users\Mike D\AppData\Local\{8EB2DD6B-A97F-4098-8368-84D84A77C357} C:\Users\Mike D\AppData\Local\{343C96CB-09B7-4CC3-BAA8-7FB38537364B} C:\WINDOWS\system32\drivers\etc\hosts Hosts: HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [71760 2022-03-09] (Cole Williams Software Limited -> ) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2022-04-26] ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> ) Folder: C:\Program Files\chrome_BITS_2440_1499467724 Folder: C:\WINDOWS\SysWOW64\Codecs File: C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe File: C:\Windows\SysWOW64\Codecs\TrayMenu.exe Startbatch: reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "WsmUpdater" /f 2>nul reg delete "HKU\S-1-5-21-3141314803-560412765-1815371881-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CCleaner Smart Cleaning" /f 2>nul reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Codec Settings UAC Manager" /f 2>nul reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "uupdate" /f 2>nul schtasks /Change /TN "{661C5B01-37EA-48C8-B089-E6DDFA7C145C}" /Disable schtasks /Change /TN "{906C23F2-05A5-4A48-9B79-BA735D43436A}" /Disable schtasks /Change /TN "{A390AD8F-AD68-4848-8840-9F012BFF2630}" /Disable schtasks /Change /TN "ALU" /Disable schtasks /Change /TN "ALUAgent" /Disable schtasks /Change /TN "CCleaner Update" /Disable schtasks /Change /TN "CCleanerCrashReporting" /Disable schtasks /Change /TN "CCleanerSkipUAC - Mike D" /Disable schtasks /Change /TN "DeviceDetector" /Disable schtasks /Change /TN "GoogleUpdateTaskMachineCore{3177BCBE-3C87-449E-91CB-A71FAD0BB266}" /Disable schtasks /Change /TN "GoogleUpdateTaskMachineUA{FCD11B04-90E5-461C-94B4-FD1D23D9ACB3}" /Disable schtasks /Change /TN "Mozilla\Firefox Background Update 308046B0AF4A39CB" /Disable schtasks /Change /TN "Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" /Disable del /f /q "%userprofile%\AppData\Local\Temp\*" del /f /q "%userprofile%\AppData\Local\*.exe" del /f /q C:\Windows\Temp\*.* del /f /q C:\WINDOWS\system32\*.tmp del /f /q C:\WINDOWS\system32\drivers\*.tmp del /f /q C:\WINDOWS\syswow64\*.tmp "%WINDIR%\SYSTEM32\lodctr.exe" /R "%WINDIR%\SysWOW64\lodctr.exe" /R "C:\Windows\SysWOW64\lodctr.exe" /R "C:\Windows\SYSTEM32\lodctr.exe" /R ipconfig /flushdns sfc /scannow EndBatch: emptytemp: Reboot: End::
Shenzhen Yi Xing Investment Co., Ltd. is included in the fix due to you having already uninstalled, but residual files remain, as indicated by the task:
Task: {C1D3CAD8-4C8E-48BF-B1AC-848EE88FE81E} - System32\Tasks\{A390AD8F-AD68-4848-8840-9F012BFF2630} => C:\Windows\System32\pcalua.exe [13312 2012-10-23] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files\EaseUS\EaseUS Partition Master\bin\unins000.exe"
Also the absence of the program from your installed programs list.
Download Malwarebytes v.4 . Install and run.
- Once the MBAM dashboard opens, click on Settings (gear icon).
- Click on Security tab and make sure that all four Scan options are enabled.
- Close Settings and click on the Scan button on the dashboard.
- Once the scan is completed make sure you have it quarantine any detections it finds.
- If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
- If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other Location you can find and attach that log on your next reply.
- If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other
- Location you can find and include that log on your next reply.
Adware Cleaner
- Download AdwCleaner and save it to your Desktop
- Right-click on AdwCleaner.exeand select, Run as Administrator
- Accept the EULA (I accept), then click on Scan Now
- Let the scan complete
- Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
- Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
- Close all other open windows and allow it to restart
- After the restart, Notepad will open with the AdwCleaner cleaning log
- Please Attach the contents of that log into your next reply to me
In your next reply:
Fixlog.txt created by running FRST fix as instructed above
Malwarebytes log.
Adware Cleaner log.
the only thing is i can't log into my frontier email after running FRST, all my auto addresses disappearedYou did it correct. 🙂
Now move to the Adware Cleaner and Malwarebytes scan please.
i hope this works. i'm entering my password that i know like the back o' me hand...inncorrect
tells me running windows ten, something about winzip.i hope this works. i'm entering my password that i know like the back o' me hand...inncorrect
pass protectedYeah I have never seen FRST delete passwords, maybe it's a bug in this latest version.
not showing in list. i've lost my main email. i know the password. incorrectpass protected
none of the passwords for my email address on that list work...incorrectHere it is.
We use essential cookies to make this site work, and optional cookies to enhance your experience.