In Progress FRST64 Txt Files for my Windows 8 PC

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Well. There should have been no deletion of AutoComplete Form history, it was only scripted to remove temp files.
 
I have never seen FRST remove AutoComplete Form history. Nothing in my script targeted that.

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> ) <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3499745600-2931015535-3666720081-1001\...\Run: [] => [X]
ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer Incorporated -> Acer) [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 MpKslac2650cd; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{589D3E7A-F8C4-4778-9A78-4D09EDD731AF}\MpKslDrv.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Mike D\AppData\Local\Temp\tmpBB30.tmp [X] <==== ATTENTION
FirewallRules: [TCP Query User{BEC813AC-EFBA-4492-83E8-AD921EF6BBC0}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [UDP Query User{EF54C9B9-0C04-40E6-ABC0-58C548C0475A}C:\users\mike d\desktop\iputility.exe] => (Allow) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [TCP Query User{1319C2AC-B13E-4CB9-BCF4-32F1FAAD6636}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [UDP Query User{0FAB3CF2-2EC3-4EF2-993F-3A74BD6A877E}C:\users\mike d\desktop\iputility.exe] => (Block) C:\users\mike d\desktop\iputility.exe => No File
FirewallRules: [TCP Query User{222EAF38-1278-4958-95BE-F0C99743CA6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed]
FirewallRules: [UDP Query User{B37A1E5F-8C59-4E40-BA3D-F0248681CC6D}C:\program files (x86)\acer remote\arcserver.exe] => (Allow) C:\program files (x86)\acer remote\arcserver.exe (Acer Incorporated -> Acer) [File not signed]
C:\ProgramData\wDcLibs\uhelper.exe
C:\ProgramData\wDcLibs
C:\WINDOWS\Tasks\CCleanerCrashReporting.job
Unlock: C:\WINDOWS\System32\drivers\EUDCPOTG.sys
Unlock: C:\WINDOWS\system32\drivers\EUEDKOTG.sys
R0 EUDCPOTG; C:\WINDOWS\System32\drivers\EUDCPOTG.sys [83448 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKOTG; C:\WINDOWS\system32\drivers\EUEDKOTG.sys [30712 2023-07-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
C:\WINDOWS\System32\drivers\EUDCPOTG.sys
C:\WINDOWS\system32\drivers\EUEDKOTG.sys
C:\Users\Mike D\AppData\Local\{8EB2DD6B-A97F-4098-8368-84D84A77C357}
C:\Users\Mike D\AppData\Local\{343C96CB-09B7-4CC3-BAA8-7FB38537364B}
C:\WINDOWS\system32\drivers\etc\hosts
Hosts:
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [71760 2022-03-09] (Cole Williams Software Limited -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2022-04-26]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )


Folder: C:\Program Files\chrome_BITS_2440_1499467724
Folder: C:\WINDOWS\SysWOW64\Codecs
File: C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe
File: C:\Windows\SysWOW64\Codecs\TrayMenu.exe


Startbatch:
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "WsmUpdater" /f 2>nul
reg delete "HKU\S-1-5-21-3141314803-560412765-1815371881-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CCleaner Smart Cleaning" /f 2>nul
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Codec Settings UAC Manager" /f 2>nul
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "uupdate" /f 2>nul
schtasks /Change /TN "{661C5B01-37EA-48C8-B089-E6DDFA7C145C}" /Disable
schtasks /Change /TN "{906C23F2-05A5-4A48-9B79-BA735D43436A}" /Disable
schtasks /Change /TN "{A390AD8F-AD68-4848-8840-9F012BFF2630}" /Disable
schtasks /Change /TN "ALU" /Disable
schtasks /Change /TN "ALUAgent" /Disable
schtasks /Change /TN "CCleaner Update" /Disable
schtasks /Change /TN "CCleanerCrashReporting" /Disable
schtasks /Change /TN "CCleanerSkipUAC - Mike D" /Disable
schtasks /Change /TN "DeviceDetector" /Disable
schtasks /Change /TN "GoogleUpdateTaskMachineCore{3177BCBE-3C87-449E-91CB-A71FAD0BB266}" /Disable
schtasks /Change /TN "GoogleUpdateTaskMachineUA{FCD11B04-90E5-461C-94B4-FD1D23D9ACB3}" /Disable
schtasks /Change /TN "Mozilla\Firefox Background Update 308046B0AF4A39CB" /Disable
schtasks /Change /TN "Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" /Disable
del /f /q "%userprofile%\AppData\Local\Temp\*"
del /f /q "%userprofile%\AppData\Local\*.exe"
del /f /q C:\Windows\Temp\*.*
del /f /q C:\WINDOWS\system32\*.tmp
del /f /q C:\WINDOWS\system32\drivers\*.tmp
del /f /q C:\WINDOWS\syswow64\*.tmp
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
"C:\Windows\SysWOW64\lodctr.exe" /R
"C:\Windows\SYSTEM32\lodctr.exe" /R
ipconfig /flushdns
sfc /scannow
EndBatch:

emptytemp:
Reboot:
End::
Click to expand...
 
Download the everything search engine.
Type in the Search Window
XBad
Click to expand...
Click Edit
Select All
Right Click Copy Full Name to Clipboard.
This will give me a list of everything deleted by FRST

I will give you instructions to restore anything I think may be related to this.
Like I said nothing in my script targeted that:


The autocomplete form history is typically stored in a file called "Web Data" located at:

On Windows: AppData\Local\Google\Chrome\User Data\Default\Web Data

Firefox stores form history in a SQLite database file called "formhistory.sqlite" located in the user's profile folder:

On Windows: C:\Users\usernamehere\AppData\Roaming\Mozilla\Firefox\Profiles\##\formhistory.sqlite


There is nothing in my script that even comes close to deletion of these file locations.
 
Last edited:
Malnutrition said:
Download the everything search engine.
Type in the Search Window

Click Edit
Select All
Right Click Copy Full Name to Clipboard.
This will give me a list of everything deleted by FRST

I will give you instructions to restore anything I think may be related to this.
Like I said nothing in my script targeted that:


The autocomplete form history is typically stored in a file called "Web Data" located at:

On Windows: %LocalAppData%\Google\Chrome\User Data\Default\Web Data

Firefox stores form history in a SQLite database file called "formhistory.sqlite" located in the user's profile folder:

On Windows: %APPDATA%\Mozilla\Firefox\Profiles[profile folder]\formhistory.sqlite


There is nothing in my script that even comes close to deletion of these file locations.
Click to expand...
about:blank#blocked and to get help from yahoo, i have to pay
 
Malnutrition said:
Download the everything search engine.
Type in the Search Window

Click Edit
Select All
Right Click Copy Full Name to Clipboard.
This will give me a list of everything deleted by FRST

I will give you instructions to restore anything I think may be related to this.
Like I said nothing in my script targeted that:


The autocomplete form history is typically stored in a file called "Web Data" located at:

On Windows: %LocalAppData%\Google\Chrome\User Data\Default\Web Data

Firefox stores form history in a SQLite database file called "formhistory.sqlite" located in the user's profile folder:

On Windows: %APPDATA%\Mozilla\Firefox\Profiles[profile folder]\formhistory.sqlite


There is nothing in my script that even comes close to deletion of these file locations.
Click to expand...
i can't find %LocalAppData%\Google\Chrome\User Data\Default\Web Data. forgot how.
 
Also, I run every fix that I make on my own machine to ensure nothing goes wrong. No autocomplete form history was deleted on any of my browsers. Link fixed check again.
 
Yes. This means that prior to posting any script on the forum I run it on my machine, this way if I have made a mistake and included something important it will be my machine that will have the issue . In order for FRST to delete your saved passwords and auto complete history. I would have had to put one of these file paths directly into the script.

The autocomplete form history is typically stored in a file called "Web Data" located at:

On Windows: AppData\Local\Google\Chrome\User Data\Default\Web Data

Firefox stores form history in a SQLite database file called "formhistory.sqlite" located in the user's profile folder:

On Windows: C:\Users\usernamehere\AppData\Roaming\Mozilla\Firefox\Profiles\##\formhistory.sqlite


It is more likely that this entry:

HKU\S-1-5-21-3499745600-2931015535-3666720081-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42727840 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

Which runs ccleaner on system boot is what deleted your form history passwords.
There are settings in ccleaner that do this. Not in my script.

CCleaner Support Community

support.ccleaner.com support.ccleaner.com
1727439156671.webp
 
Last edited:
I've lost my email. Could you just recommend a head comb kit
Malnutrition said:
Yes. This means that prior to posting any script on the forum I run it on my machine, this way if I have made a mistake and included something important it will be my machine that will have the issue . In order for FRST to delete your saved passwords and auto complete history. I would have had to put one of these file paths directly into the script.

The autocomplete form history is typically stored in a file called "Web Data" located at:

On Windows: AppData\Local\Google\Chrome\User Data\Default\Web Data

Firefox stores form history in a SQLite database file called "formhistory.sqlite" located in the user's profile folder:

On Windows: C:\Users\usernamehere\AppData\Roaming\Mozilla\Firefox\Profiles\##\formhistory.sqlite


It is more likely that this entry:

HKU\S-1-5-21-3499745600-2931015535-3666720081-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42727840 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

Which runs ccleaner on system boot is what deleted your form history passwords.
There are settings in ccleaner that do this. Not in my script.

CCleaner Support Community

support.ccleaner.com support.ccleaner.com
View attachment 14527
Click to expand...
 
thank you, but this has turned disastrous. thank for all your helpful time. can you suggest an inexpensive head comb tool for Western Digital 2TB WDBAAU0020HBK-01?
 
You must log in or register to reply here.
Top Bottom