In Progress FRST64 Txt Files for my Windows 8 PC
- Thread starter Manny Maniago
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Program Removal:
Uninstall these programs listed below:
- Acer Remote
- Mozilla Maintenance Service
- TotalAV
Use Force Mode if one of the programs will not uninstall.
Total AV has been reported as a scam.
See here for yourself:
Link One
Link Two
You may as well use Avira, TotalAv uses their detection engines anyhow; but let's refrain from installing anything until we are done here.
FRST Fix:
Copy the content of the code box below.
Do not copy the word code:
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next post.
Code:
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> ) <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3499745600-2931015535-3666720081-1001\...\Run: [] => [X]
ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer Incorporated -> Acer) [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 MpKslac2650cd; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{589D3E7A-F8C4-4778-9A78-4D09EDD731AF}\MpKslDrv.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Mike D\AppData\Local\Temp\tmpBB30.tmp [X] <==== ATTENTION
FirewallRules: [TCP Query User{BEC813AC-EFBA-4492-83E8-AD921EF6BBC0}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [UDP Query User{EF54C9B9-0C04-40E6-ABC0-58C548C0475A}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [TCP Query User{1319C2AC-B13E-4CB9-BCF4-32F1FAAD6636}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [UDP Query User{0FAB3CF2-2EC3-4EF2-993F-3A74BD6A877E}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [TCP Query User{222EAF38-1278-4958-95BE-F0C99743CA6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed]
FirewallRules: [UDP Query User{B37A1E5F-8C59-4E40-BA3D-F0248681CC6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed]
C:\ProgramData\wDcLibs\uhelper.exe
C:\ProgramData\wDcLibs
C:\WINDOWS\Tasks\CCleanerCrashReporting.job
Unlock: C:\WINDOWS\System32\drivers\EUDCPOTG.sys
Unlock: C:\WINDOWS\system32\drivers\EUEDKOTG.sys
R0 EUDCPOTG; C:\WINDOWS\System32\drivers\EUDCPOTG.sys [83448 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKOTG; C:\WINDOWS\system32\drivers\EUEDKOTG.sys [30712 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
C:\WINDOWS\System32\drivers\EUDCPOTG.sys
C:\WINDOWS\system32\drivers\EUEDKOTG.sys
C:\Users\Mike D\AppData\Local\{8EB2DD6B-A97F-4098-8368-84D84A77C357}
C:\Users\Mike D\AppData\Local\{343C96CB-09B7-4CC3-BAA8-7FB38537364B}
C:\WINDOWS\system32\drivers\etc\hosts
Hosts:
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [71760 2022-03-09] (Cole Williams Software Limited -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2022-04-26]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
Folder: C:\Program Files\chrome_BITS_2440_1499467724
Folder: C:\WINDOWS\SysWOW64\Codecs
File: C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe
File: C:\Windows\SysWOW64\Codecs\TrayMenu.exe
Startbatch:
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "WsmUpdater" /f 2>nul
reg delete "HKU\S-1-5-21-3141314803-560412765-1815371881-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CCleaner Smart Cleaning" /f 2>nul
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Codec Settings UAC Manager" /f 2>nul
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "uupdate" /f 2>nul
schtasks /Change /TN "{661C5B01-37EA-48C8-B089-E6DDFA7C145C}" /Disable
schtasks /Change /TN "{906C23F2-05A5-4A48-9B79-BA735D43436A}" /Disable
schtasks /Change /TN "{A390AD8F-AD68-4848-8840-9F012BFF2630}" /Disable
schtasks /Change /TN "ALU" /Disable
schtasks /Change /TN "ALUAgent" /Disable
schtasks /Change /TN "CCleaner Update" /Disable
schtasks /Change /TN "CCleanerCrashReporting" /Disable
schtasks /Change /TN "CCleanerSkipUAC - Mike D" /Disable
schtasks /Change /TN "DeviceDetector" /Disable
schtasks /Change /TN "GoogleUpdateTaskMachineCore{3177BCBE-3C87-449E-91CB-A71FAD0BB266}" /Disable
schtasks /Change /TN "GoogleUpdateTaskMachineUA{FCD11B04-90E5-461C-94B4-FD1D23D9ACB3}" /Disable
schtasks /Change /TN "Mozilla\Firefox Background Update 308046B0AF4A39CB" /Disable
schtasks /Change /TN "Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" /Disable
del /f /q "%userprofile%\AppData\Local\Temp\*"
del /f /q "%userprofile%\AppData\Local\*.exe"
del /f /q C:\Windows\Temp\*.*
del /f /q C:\WINDOWS\system32\*.tmp
del /f /q C:\WINDOWS\system32\drivers\*.tmp
del /f /q C:\WINDOWS\syswow64\*.tmp
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
"C:\Windows\SysWOW64\lodctr.exe" /R
"C:\Windows\SYSTEM32\lodctr.exe" /R
ipconfig /flushdns
sfc /scannow
EndBatch:
emptytemp:
Reboot:
End::Shenzhen Yi Xing Investment Co., Ltd. is included in the fix due to you having already uninstalled, but residual files remain, as indicated by the task:
Task: {C1D3CAD8-4C8E-48BF-B1AC-848EE88FE81E} - System32\Tasks\{A390AD8F-AD68-4848-8840-9F012BFF2630} => C:\Windows\System32\pcalua.exe [13312 2012-10-23] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files\EaseUS\EaseUS Partition Master\bin\unins000.exe"
Also the absence of the program from your installed programs list.
Download Malwarebytes v.4 . Install and run.
- Once the MBAM dashboard opens, click on Settings (gear icon).
- Click on Security tab and make sure that all four Scan options are enabled.
- Close Settings and click on the Scan button on the dashboard.
- Once the scan is completed make sure you have it quarantine any detections it finds.
- If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
- If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other Location you can find and attach that log on your next reply.
- If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other
- Location you can find and include that log on your next reply.
Adware Cleaner
- Download AdwCleaner and save it to your Desktop
- Right-click on AdwCleaner.exeand select, Run as Administrator
- Accept the EULA (I accept), then click on Scan Now
- Let the scan complete
- Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
- Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
- Close all other open windows and allow it to restart
- After the restart, Notepad will open with the AdwCleaner cleaning log
- Please Attach the contents of that log into your next reply to me
In your next reply:
Fixlog.txt created by running FRST fix as instructed above
Malwarebytes log.
Adware Cleaner log.
the only thing is i can't log into my frontier email after running FRST, all my auto addresses disappeared
FRST cleaned the temp files, it should not have deleted autocomplete form history: you will need to type in manually.
If you do not remember passwords for the sites.
Use this tool. WebPassView
If you do not remember passwords for the sites.
Use this tool. WebPassView
i hope this works. i'm entering my password that i know like the back o' me hand...inncorrect
not showing in list. i've lost my main email. i know the password. incorrect
I am not sure why FRST deleted autocomplete form history, I did not script that.. You can perform a system restore operation.