Closed Grayed-out Exclusions

[Johnsonbot]

Hey there everyone,

I was cleaning my computer today and I stumbled upon my exclusions list which had some suspicious grayed-out exclusions in it that I could not remove. 

I tried to remove them from the registry but that did not work (see image).

I also installed Malwarebytes and scanned my computer and removed the threats but when I restarted my computer and went onto my exclusions list, the grayed-out files were still there.

The last possible option I can think of is to factory reset my pc but I have two concerns for that, one being it would take a long time to do and it would be annoying to do it and the second being the fear of the exclusions/malware coming back after I restore the old data back to my computer.

Please help me with this problem, I've been trying to fix it for days!! 

 

Addition.txt FRST.txt

Edited August 21, 2019 by Johnsonbot
Added FRST.txt and Addition.txt

[stapp]

Please follow the steps here and attach the requested logs so that one of our experts can help you

https://support.emsisoft.com/announcement/2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/

[Johnsonbot]

Should I start a new thread or just attach it onto this one?

[stapp]

Just attach.

[Johnsonbot]

Okay, I have attached both the FRST.txt and also the Addition.txt

[ShadowPuterDude]

Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in.

Start::
HKLM-x32\...\Run: [] => [X]
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S1 cujzhons; \??\C:\Windows\system32\drivers\cujzhons.sys [X]
S1 dyywzszq; \??\C:\Windows\system32\drivers\dyywzszq.sys [X]
S1 egjqivif; \??\C:\Windows\system32\drivers\egjqivif.sys [X]
S1 vrzojwql; \??\C:\Windows\system32\drivers\vrzojwql.sys [X]
C:\Windows\system32\drivers\cujzhons.sys
C:\Windows\system32\drivers\dyywzszq.sys
C:\Windows\system32\drivers\egjqivif.sys
C:\Windows\system32\drivers\vrzojwql.sys
AlternateDataStreams: C:\Users\Johnson Hwang\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
FirewallRules: [TCP Query User{A59FFA23-5AE0-4DA0-80A1-68A62F075010}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{AEB7E506-B6D7-4E76-9226-53666339E9ED}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{B6690775-10AB-44C2-8F58-75E49FBB31E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{5CE726D1-7DCD-4F0F-B736-2BB5567EADEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{11F6B906-67D9-4344-BC54-71761B97D4BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{73AA46E5-7196-4BB8-A21D-5EC46756696E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{E4A4D43A-5250-44AE-AC63-E0C1B5256395}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{CA0B7D4D-C9DD-4A72-8977-3A67D9CE12B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [TCP Query User{5BCBCA35-CB9F-4122-8AEB-5F6941A51FE3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{321AFE72-0A8F-4788-9FB7-0CC588D6BAFB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{3705F582-D46D-4FD6-B611-5ECA2BA38A16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File
FirewallRules: [{1C1EA8DF-E48A-402E-874C-E4A0F40BD496}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File
FirewallRules: [{E1AEFDD6-8B49-4A0F-BBFE-5D20F9D4B1ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe No File
FirewallRules: [{D73DAD19-E0DF-4F5D-A61D-0DD6B60A80AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe No File
FirewallRules: [TCP Query User{B6AACC01-C1F0-4CC7-9829-8BAA873A1D4E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{584DCFDD-FEA8-49AD-BDCA-E8951126F91E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [{EE867ACE-21B3-4372-B432-9488604A12A2}] => (Allow) D:\Games\Epic Games\Fortnite\Steam.exe No File
FirewallRules: [{D81A6875-0E02-4789-894E-3D1BF74BC6EB}] => (Allow) D:\Games\Epic Games\Fortnite\Steam.exe No File
FirewallRules: [{1F695D4B-B325-45B3-A97F-38379906E62E}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FA60BDB0-4B8B-4282-837E-8455115618AE}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{E4088DC7-543E-4A2C-8CDE-82E1FB23A56F}D:\games\league\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{70931095-014C-430D-AF34-376FA48823C1}D:\games\league\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{811B7DF6-625C-4788-8361-A26BC693C8B5}C:\users\johnson hwang\desktop\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{139EC58A-7784-4CE0-AE1D-A41AA7EE59B4}C:\users\johnson hwang\desktop\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{AB3F19FF-D525-465D-8A43-CB5E33B30DF1}C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{C1167491-F6BB-42C4-BD7B-C11D5DC2D703}C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{3D7E45BF-9A71-488C-98BA-2F1C0D2123DB}D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{525B8190-D901-4AC4-95DC-E45370D015E6}D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{4ABD83A9-C961-44E0-8B4F-3480219AB538}C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{DA4E36F6-E606-46BF-A0DA-F4492426AAF7}C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{4AD53812-38D1-49A1-84D8-E784FAE4974D}D:\games\starcraft 2\starcraft ii\versions\base69232\sc2_x64.exe] => (Allow) D:\games\starcraft 2\starcraft ii\versions\base69232\sc2_x64.exe No File
FirewallRules: [UDP Query User{CBED568F-D6C9-4F42-A817-DB9DBAB0FF33}D:\games\starcraft 2\starcraft ii\versions\base69232\sc2_x64.exe] => (Allow) D:\games\starcraft 2\starcraft ii\versions\base69232\sc2_x64.exe No File
FirewallRules: [TCP Query User{87C1873D-A1F9-427B-BB09-3B76D3E065AF}D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{F432C534-6245-4C32-91FD-C0DFD04AD26F}D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D1BCA12E-BAD8-4E3E-A1FF-952DB00D9FB3}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{62840FB7-353C-4136-89B7-22B821F05884}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{F2882311-2852-4588-8F13-26CB93B1ACDF}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{3112B46E-2B29-4865-8FC2-22DE4B4377DB}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{4A6A4B4D-2DF6-49E4-8B3D-039A16178041}D:\games\starcraft 2\overwatch\overwatch.exe] => (Allow) D:\games\starcraft 2\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{A99ADF9A-793A-4A26-BAED-D02AB9FA2166}D:\games\starcraft 2\overwatch\overwatch.exe] => (Allow) D:\games\starcraft 2\overwatch\overwatch.exe No File
FirewallRules: [TCP Query User{7FBB05FA-F0CD-4708-A349-86EAF8567B7C}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{4EDFC03E-17FC-4473-932E-D5F5BA805509}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe No File
FirewallRules: [TCP Query User{4B6D1990-13B3-4EA4-A1FE-78AE9FDA8718}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{E98D405C-3C12-48AD-98FE-B0D0482CDD0B}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe No File
FirewallRules: [TCP Query User{798DEF4E-9276-41E2-9F2C-344B4C528D00}D:\games\league\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{E2C85D0D-EDFC-40DC-BC08-A49F39E75443}D:\games\league\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{1B5359F4-B743-4507-9C61-535CD52A266C}D:\games\league\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A1CAA112-948C-4AE5-A735-F70DEE372EEF}D:\games\league\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe No File
FirewallRules: [{75AFB39A-559F-40E6-80A9-38E3EDA40F8B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe No File
FirewallRules: [{0EB49B63-6C84-445D-A51C-3C29FD8B98C1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe No File
FirewallRules: [{A0C11BAB-8CB8-488A-9742-2CB784B5FF76}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{F8CC5A43-F8C4-40A6-9393-6B2295BA0E2E}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe No File
FirewallRules: [{CF218A23-436A-49F9-92AF-0985EFABDC3F}] => (Allow) 㩃啜敳獲䩜桯獮湯䠠慷杮䅜灰慄慴剜慯業杮楜普卯睩楜普卯睩攮數 No File
FirewallRules: [{6931E373-72F8-4D6B-967A-1A751F8895AE}] => (Allow) 㩃啜敳獲䩜桯獮湯䠠慷杮䅜灰慄慴剜慯業杮楜普卯睩剜湵䥓攮數 No File
FirewallRules: [{87EA8A05-3668-4050-A2AC-42AE19F4C16D}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-b018edb462754b1c\RobloxPlayerLauncher.exe No File
FirewallRules: [{6E0191B8-D530-4479-9238-9EC25DD702CF}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-b018edb462754b1c\RobloxPlayerLauncher.exe No File
FirewallRules: [{FEBEF16F-E0D4-4515-A64B-519EAFB40BE3}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-b018edb462754b1c\RobloxPlayerLauncher.exe No File
FirewallRules: [{14F37BCC-0706-4456-8CE1-149A5CBD29F7}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-b018edb462754b1c\RobloxPlayerLauncher.exe No File
FirewallRules: [{707CFD3C-768F-4FBE-9055-A8BBA7D045C3}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-03bbbab2d5464457\RobloxStudioLauncherBeta.exe No File
FirewallRules: [{0A453165-EE2A-45A4-830B-2C1C1C3B4594}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-03bbbab2d5464457\RobloxStudioLauncherBeta.exe No File
FirewallRules: [{91A2019C-044B-40A1-89E1-900EA0A83B0F}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-03bbbab2d5464457\RobloxStudioLauncherBeta.exe No File
FirewallRules: [{6799829A-C07F-4AF7-831A-EA7308540F8F}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-03bbbab2d5464457\RobloxStudioLauncherBeta.exe No File
End::

[Johnsonbot]

Attached Fixlog.txt

Fixlog.txt

[ShadowPuterDude]

Let's take a fresh look.

Run a fresh scan FRST, attach the new FRST scan reports to your reply.

Be sure to let me know how things are running.

[Johnsonbot]

Uploaded both files.

Addition.txt FRST.txt

[ShadowPuterDude]

Other than a single Alternate Data Stream everything else looks fine.

How are things running?

[Johnsonbot]

I don't know because something weird is going on with my PC. 

When I try to go to Windows Defender, the image I attached appears.

 

[ShadowPuterDude]

Let's take a look using a different tool.

Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop.

• Double-click on setup.exe to install RogueKiller.
  
  Close all programs and disconnect any USB or external drives before running the tool.
   
• Right-click RogueKiller.exe and select Run As Administrator to run the tool.
• Once the Prescan has finished, click Scan.
• Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.

[Johnsonbot]

Attached the file.

roguekillerscanreport1.txt

[ShadowPuterDude]

Close all programs and disconnect any USB or external drives before running the tool.
 

• Double-click RogueKiller.exe to run the tool again.
• Once the Prescan has finished, click Scan.
• Once the Status box shows "Scan Finished".
  • Select the following items:
     

[PUP.Easeware (Potentially Malicious)] (Easeware Technology Limited) \Driver Easy Scheduled Scan -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [--scan] -> Found
[PUP.Easeware (Potentially Malicious)] (Easeware Technology Limited) C:\Windows\Tasks\Driver Easy Scheduled Scan.job -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [--scan] -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\.DEFAULT\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08232019090236034\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08232019090239737\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1746082704-2882651586-2436767360-1001\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1746082704-2882651586-2436767360-1001\Software\AppDataLow\Software\Mail.Ru -- N/A -> Found
>>>>>> XX - Uninstall
[PUP.Easeware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1 -- N/A -> Found
>>>>>> O87 - Firewall
[PUP.Easeware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C7F849EF-2A4F-454A-9EB0-EB676A21D505} -- (Easeware Technology Limited) v2.28|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files\Easeware\DriverEasy\DriverEasy.exe|Name=Driver Easy|Desc=Allow Driver Easy Access Internet to Scan and Download Drivers.| (C:\Program Files\Easeware\DriverEasy\DriverEasy.exe) -> Found
[PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\Users\Johnson Hwang\Desktop\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found
[PUP.AutoIt.Gen (Potentially Malicious)] (shortcut) OP Auto Clicker.lnk -- C:\Users\Johnson Hwang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OP Auto Clicker.lnk => C:\Users\JOHNSO~1\DOWNLO~1\AUTOCL~1.EXE -> Found
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\Johnson Hwang\AppData\Local\AdvinstAnalytics -> Found
[PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\Users\Johnson Hwang\AppData\Local\Mail.Ru -> Found
[PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\ProgramData\Mail.Ru -> Found
[PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found
[PUP.Easeware (Potentially Malicious)] (shortcut) Uninstall Driver Easy.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Uninstall Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\unins000.exe -> Found
[PUP.Easeware (Potentially Malicious)] (folder) Easeware -- C:\Program Files\Easeware -> Found
[PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\Users\Johnson Hwang\Desktop\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found
[PUP.AutoIt.Gen (Potentially Malicious)] (file) AutoClicker.exe -- C:\Users\Johnson Hwang\Downloads\AutoClicker.exe -> Found'CODE'

• Click the Delete button.
• Attach the RogueKiller report to your next reply.
  • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex.txt)
  • The highest number of [X], is the most recent Delete log.

[Johnsonbot]

Attached .txt file.

roguekillertxt1.txt

[ShadowPuterDude]

Run a fresh scan with RogueKiller the deletion log is incomplete.  Which indicates that the fix may no have ran completely.

[Johnsonbot]

Attached a fresh scan report.

roguekillertxt2.txt

[ShadowPuterDude]

You can remove these three detections:

[PUP.AutoIt.Gen (Potentially Malicious)] (shortcut) OP Auto Clicker.lnk -- C:\Users\Johnson Hwang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OP Auto Clicker.lnk => C:\Users\JOHNSO~1\DOWNLO~1\AUTOCL~1.EXE -> Found
[PUP.AutoIt.Gen (Potentially Malicious)] (file) f_01cfdd -- C:\Users\Johnson Hwang\AppData\Local\Google\Chrome\User Data\Default\Cache\f_01cfdd -> Found
[PUP.AutoIt.Gen (Potentially Malicious)] (file) AutoClicker.exe -- C:\Users\Johnson Hwang\Downloads\AutoClicker.exe -> Found

[Johnsonbot]

I removed them but I figured out a pattern that has been going on. Everytime I remove them from my PC, the next day, they're back again. Why is this happening?

 

[Johnsonbot]

Also the grayed-out exclusions are still there and I still can't remove them.

[ShadowPuterDude]

Somehow it is protecting itself and reinstalling on startup.

Let's try use AdwCleaner.

Download AdwCleaner and save it on your Desktop.

1. Close all open programs and Internet browsers (you may want to print out or write down these instructions first).
2. Double click on adwcleaner.exe to run the tool.
3. Click on the Scan button.
4. After the scan has finished, click on the Clean button.
5. Confirm each time with OK.
6. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop.
7. Attach that log file to your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.

[Johnsonbot]

Attached file.

AdwCleaner[C16].txt

[ShadowPuterDude]

Run a fresh scan with FRST, attach the new FRST scan reports to your reply

[Johnsonbot]

Attached the scan reports.

FRST.txt Addition.txt

[ShadowPuterDude]

Sorry for the late reply.  I overlooked this for some reason.

Other that the Alternate Data Stream you logs look fine.  Still have issues with greyed out areas?

[Johnsonbot]

Yeah all the my exclusions are still grayed out. If it comes down to it, I think I might just factory reset my computer.

[ShadowPuterDude]

At this point it looks like it may be a permissions issue.  Doing a reset may be necessary.

[Johnsonbot]

Alright, if I reset will I lose everything?

[ShadowPuterDude]

Yes, backup all your files before doing a reset.

[Johnsonbot]

Where can I do that?

[Johnsonbot]

Also what if the virus is hidden in my files and if I back up my data I'll also back up the virus?

[ShadowPuterDude]

Copy the files you want to keep to an external hard drive or a USB stick.  If one of the files contains a virus Emsisoft should detect it when the file is copied to the external drive or USB stick.

[Johnsonbot]

Wait, where do I download emsisoft.

[ShadowPuterDude]

You can download the trial version from https://www.emsisoft.com/en/home/antimalware/

[Johnsonbot]

How should I know if it's working properly during the reset? (Detecting viruses and such)

[ShadowPuterDude]

No AV solution will work during a reset.  You will have to install it and run a scan to find out if the system is clean or not.

[Johnsonbot]

So I will have to reset first and then find out if I still have the virus?

[ShadowPuterDude]

Yes, do the reset first, then install your anti-virus and scan the system.

[ShadowPuterDude]

Thread Closed

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread