Johnsonbot

Grayed-out Exclusions

Recommended Posts

Hey there everyone,

I was cleaning my computer today and I stumbled upon my exclusions list which had some suspicious grayed-out exclusions in it that I could not remove. 

I tried to remove them from the registry but that did not work (see image).

I also installed Malwarebytes and scanned my computer and removed the threats but when I restarted my computer and went onto my exclusions list, the grayed-out files were still there.

The last possible option I can think of is to factory reset my pc but I have two concerns for that, one being it would take a long time to do and it would be annoying to do it and the second being the fear of the exclusions/malware coming back after I restore the old data back to my computer.

Please help me with this problem, I've been trying to fix it for days!! 

 

Screenshot_300.png
Download Image

Screenshot_301.png
Download Image

Screenshot_302.png
Download Image

Addition.txt FRST.txt

Edited by Johnsonbot
Added FRST.txt and Addition.txt

Share this post


Link to post
Share on other sites

Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in.

Start::
HKLM-x32\...\Run: [] => [X]
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S1 cujzhons; \??\C:\Windows\system32\drivers\cujzhons.sys [X]
S1 dyywzszq; \??\C:\Windows\system32\drivers\dyywzszq.sys [X]
S1 egjqivif; \??\C:\Windows\system32\drivers\egjqivif.sys [X]
S1 vrzojwql; \??\C:\Windows\system32\drivers\vrzojwql.sys [X]
C:\Windows\system32\drivers\cujzhons.sys
C:\Windows\system32\drivers\dyywzszq.sys
C:\Windows\system32\drivers\egjqivif.sys
C:\Windows\system32\drivers\vrzojwql.sys
AlternateDataStreams: C:\Users\Johnson Hwang\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
FirewallRules: [TCP Query User{A59FFA23-5AE0-4DA0-80A1-68A62F075010}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{AEB7E506-B6D7-4E76-9226-53666339E9ED}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{B6690775-10AB-44C2-8F58-75E49FBB31E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{5CE726D1-7DCD-4F0F-B736-2BB5567EADEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{11F6B906-67D9-4344-BC54-71761B97D4BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{73AA46E5-7196-4BB8-A21D-5EC46756696E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{E4A4D43A-5250-44AE-AC63-E0C1B5256395}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{CA0B7D4D-C9DD-4A72-8977-3A67D9CE12B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [TCP Query User{5BCBCA35-CB9F-4122-8AEB-5F6941A51FE3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{321AFE72-0A8F-4788-9FB7-0CC588D6BAFB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{3705F582-D46D-4FD6-B611-5ECA2BA38A16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File
FirewallRules: [{1C1EA8DF-E48A-402E-874C-E4A0F40BD496}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File
FirewallRules: [{E1AEFDD6-8B49-4A0F-BBFE-5D20F9D4B1ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe No File
FirewallRules: [{D73DAD19-E0DF-4F5D-A61D-0DD6B60A80AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe No File
FirewallRules: [TCP Query User{B6AACC01-C1F0-4CC7-9829-8BAA873A1D4E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{584DCFDD-FEA8-49AD-BDCA-E8951126F91E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [{EE867ACE-21B3-4372-B432-9488604A12A2}] => (Allow) D:\Games\Epic Games\Fortnite\Steam.exe No File
FirewallRules: [{D81A6875-0E02-4789-894E-3D1BF74BC6EB}] => (Allow) D:\Games\Epic Games\Fortnite\Steam.exe No File
FirewallRules: [{1F695D4B-B325-45B3-A97F-38379906E62E}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FA60BDB0-4B8B-4282-837E-8455115618AE}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{E4088DC7-543E-4A2C-8CDE-82E1FB23A56F}D:\games\league\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{70931095-014C-430D-AF34-376FA48823C1}D:\games\league\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{811B7DF6-625C-4788-8361-A26BC693C8B5}C:\users\johnson hwang\desktop\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{139EC58A-7784-4CE0-AE1D-A41AA7EE59B4}C:\users\johnson hwang\desktop\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{AB3F19FF-D525-465D-8A43-CB5E33B30DF1}C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{C1167491-F6BB-42C4-BD7B-C11D5DC2D703}C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{3D7E45BF-9A71-488C-98BA-2F1C0D2123DB}D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{525B8190-D901-4AC4-95DC-E45370D015E6}D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{4ABD83A9-C961-44E0-8B4F-3480219AB538}C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{DA4E36F6-E606-46BF-A0DA-F4492426AAF7}C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\johnson hwang\desktop\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{4AD53812-38D1-49A1-84D8-E784FAE4974D}D:\games\starcraft 2\starcraft ii\versions\base69232\sc2_x64.exe] => (Allow) D:\games\starcraft 2\starcraft ii\versions\base69232\sc2_x64.exe No File
FirewallRules: [UDP Query User{CBED568F-D6C9-4F42-A817-DB9DBAB0FF33}D:\games\starcraft 2\starcraft ii\versions\base69232\sc2_x64.exe] => (Allow) D:\games\starcraft 2\starcraft ii\versions\base69232\sc2_x64.exe No File
FirewallRules: [TCP Query User{87C1873D-A1F9-427B-BB09-3B76D3E065AF}D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{F432C534-6245-4C32-91FD-C0DFD04AD26F}D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D1BCA12E-BAD8-4E3E-A1FF-952DB00D9FB3}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{62840FB7-353C-4136-89B7-22B821F05884}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{F2882311-2852-4588-8F13-26CB93B1ACDF}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{3112B46E-2B29-4865-8FC2-22DE4B4377DB}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{4A6A4B4D-2DF6-49E4-8B3D-039A16178041}D:\games\starcraft 2\overwatch\overwatch.exe] => (Allow) D:\games\starcraft 2\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{A99ADF9A-793A-4A26-BAED-D02AB9FA2166}D:\games\starcraft 2\overwatch\overwatch.exe] => (Allow) D:\games\starcraft 2\overwatch\overwatch.exe No File
FirewallRules: [TCP Query User{7FBB05FA-F0CD-4708-A349-86EAF8567B7C}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{4EDFC03E-17FC-4473-932E-D5F5BA805509}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe No File
FirewallRules: [TCP Query User{4B6D1990-13B3-4EA4-A1FE-78AE9FDA8718}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{E98D405C-3C12-48AD-98FE-B0D0482CDD0B}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe No File
FirewallRules: [TCP Query User{798DEF4E-9276-41E2-9F2C-344B4C528D00}D:\games\league\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{E2C85D0D-EDFC-40DC-BC08-A49F39E75443}D:\games\league\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{1B5359F4-B743-4507-9C61-535CD52A266C}D:\games\league\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A1CAA112-948C-4AE5-A735-F70DEE372EEF}D:\games\league\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\games\league\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe No File
FirewallRules: [{75AFB39A-559F-40E6-80A9-38E3EDA40F8B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe No File
FirewallRules: [{0EB49B63-6C84-445D-A51C-3C29FD8B98C1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe No File
FirewallRules: [{A0C11BAB-8CB8-488A-9742-2CB784B5FF76}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{F8CC5A43-F8C4-40A6-9393-6B2295BA0E2E}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe No File
FirewallRules: [{CF218A23-436A-49F9-92AF-0985EFABDC3F}] => (Allow) 㩃啜敳獲䩜桯獮湯䠠慷杮䅜灰慄慴剜慯業杮楜普卯睩楜普卯睩攮數 No File
FirewallRules: [{6931E373-72F8-4D6B-967A-1A751F8895AE}] => (Allow) 㩃啜敳獲䩜桯獮湯䠠慷杮䅜灰慄慴剜慯業杮楜普卯睩剜湵䥓攮數 No File
FirewallRules: [{87EA8A05-3668-4050-A2AC-42AE19F4C16D}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-b018edb462754b1c\RobloxPlayerLauncher.exe No File
FirewallRules: [{6E0191B8-D530-4479-9238-9EC25DD702CF}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-b018edb462754b1c\RobloxPlayerLauncher.exe No File
FirewallRules: [{FEBEF16F-E0D4-4515-A64B-519EAFB40BE3}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-b018edb462754b1c\RobloxPlayerLauncher.exe No File
FirewallRules: [{14F37BCC-0706-4456-8CE1-149A5CBD29F7}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-b018edb462754b1c\RobloxPlayerLauncher.exe No File
FirewallRules: [{707CFD3C-768F-4FBE-9055-A8BBA7D045C3}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-03bbbab2d5464457\RobloxStudioLauncherBeta.exe No File
FirewallRules: [{0A453165-EE2A-45A4-830B-2C1C1C3B4594}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-03bbbab2d5464457\RobloxStudioLauncherBeta.exe No File
FirewallRules: [{91A2019C-044B-40A1-89E1-900EA0A83B0F}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-03bbbab2d5464457\RobloxStudioLauncherBeta.exe No File
FirewallRules: [{6799829A-C07F-4AF7-831A-EA7308540F8F}] => (Allow) C:\Users\Johnson Hwang\AppData\Local\Roblox\Versions\version-03bbbab2d5464457\RobloxStudioLauncherBeta.exe No File
End::

Share this post


Link to post
Share on other sites

Let's take a fresh look.

Run a fresh scan FRST, attach the new FRST scan reports to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites

Other than a single Alternate Data Stream everything else looks fine.

How are things running?

Share this post


Link to post
Share on other sites

Let's take a look using a different tool.

Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop.

  • Double-click on setup.exe to install RogueKiller.

    Close all programs and disconnect any USB or external drives before running the tool.
     
  • Right-click RogueKiller.exe and select Run As Administrator to run the tool.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.

Share this post


Link to post
Share on other sites

Close all programs and disconnect any USB or external drives before running the tool.
 

  • Double-click RogueKiller.exe to run the tool again.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished".
    • Select the following items:
       
[PUP.Easeware (Potentially Malicious)] (Easeware Technology Limited) \Driver Easy Scheduled Scan -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [--scan] -> Found
[PUP.Easeware (Potentially Malicious)] (Easeware Technology Limited) C:\Windows\Tasks\Driver Easy Scheduled Scan.job -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [--scan] -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\.DEFAULT\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08232019090236034\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08232019090239737\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1746082704-2882651586-2436767360-1001\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18\Software\Mail.Ru -- N/A -> Found
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1746082704-2882651586-2436767360-1001\Software\AppDataLow\Software\Mail.Ru -- N/A -> Found
>>>>>> XX - Uninstall
[PUP.Easeware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1 -- N/A -> Found
>>>>>> O87 - Firewall
[PUP.Easeware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C7F849EF-2A4F-454A-9EB0-EB676A21D505} -- (Easeware Technology Limited) v2.28|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files\Easeware\DriverEasy\DriverEasy.exe|Name=Driver Easy|Desc=Allow Driver Easy Access Internet to Scan and Download Drivers.| (C:\Program Files\Easeware\DriverEasy\DriverEasy.exe) -> Found
[PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\Users\Johnson Hwang\Desktop\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found
[PUP.AutoIt.Gen (Potentially Malicious)] (shortcut) OP Auto Clicker.lnk -- C:\Users\Johnson Hwang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OP Auto Clicker.lnk => C:\Users\JOHNSO~1\DOWNLO~1\AUTOCL~1.EXE -> Found
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\Johnson Hwang\AppData\Local\AdvinstAnalytics -> Found
[PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\Users\Johnson Hwang\AppData\Local\Mail.Ru -> Found
[PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\ProgramData\Mail.Ru -> Found
[PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found
[PUP.Easeware (Potentially Malicious)] (shortcut) Uninstall Driver Easy.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Uninstall Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\unins000.exe -> Found
[PUP.Easeware (Potentially Malicious)] (folder) Easeware -- C:\Program Files\Easeware -> Found
[PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\Users\Johnson Hwang\Desktop\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found
[PUP.AutoIt.Gen (Potentially Malicious)] (file) AutoClicker.exe -- C:\Users\Johnson Hwang\Downloads\AutoClicker.exe -> Found'CODE'
  • Click the Delete button.
  • Attach the RogueKiller report to your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex.txt)
    • The highest number of [X], is the most recent Delete log.

Share this post


Link to post
Share on other sites

Run a fresh scan with RogueKiller the deletion log is incomplete.  Which indicates that the fix may no have ran completely.

Share this post


Link to post
Share on other sites

You can remove these three detections:

[PUP.AutoIt.Gen (Potentially Malicious)] (shortcut) OP Auto Clicker.lnk -- C:\Users\Johnson Hwang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OP Auto Clicker.lnk => C:\Users\JOHNSO~1\DOWNLO~1\AUTOCL~1.EXE -> Found
[PUP.AutoIt.Gen (Potentially Malicious)] (file) f_01cfdd -- C:\Users\Johnson Hwang\AppData\Local\Google\Chrome\User Data\Default\Cache\f_01cfdd -> Found
[PUP.AutoIt.Gen (Potentially Malicious)] (file) AutoClicker.exe -- C:\Users\Johnson Hwang\Downloads\AutoClicker.exe -> Found

Share this post


Link to post
Share on other sites

I removed them but I figured out a pattern that has been going on. Everytime I remove them from my PC, the next day, they're back again. Why is this happening?

 

Share this post


Link to post
Share on other sites

Somehow it is protecting itself and reinstalling on startup.

Let's try use AdwCleaner.

Download AdwCleaner and save it on your Desktop.

  1. Close all open programs and Internet browsers (you may want to print out or write down these instructions first).
  2. Double click on adwcleaner.exe to run the tool.
  3. Click on the Scan button.
  4. After the scan has finished, click on the Clean button.
  5. Confirm each time with OK.
  6. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop.
  7. Attach that log file to your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.

Share this post


Link to post
Share on other sites

Sorry for the late reply.  I overlooked this for some reason.

Other that the Alternate Data Stream you logs look fine.  Still have issues with greyed out areas?

Share this post


Link to post
Share on other sites

Copy the files you want to keep to an external hard drive or a USB stick.  If one of the files contains a virus Emsisoft should detect it when the file is copied to the external drive or USB stick.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.