Help Removing a Service and Registry Key

**Malnutrition** · 06-19-2019, 02:09 AM

Looking over the logs now.

**Malnutrition** · 06-19-2019, 07:44 PM

Uninstall Avast Secure Browser With Geek Uninstaller

A couple of questions before we begin.

Did you set these policies? [COLOR=rgb(184, 49, 47)]I need to know this before I create a FRST fix for your machine.

Disable System restore Etc?

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-1601658347-1384394231-484781949-1000...\Policies\Explorer: [HideSCAVolume] 0

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

[ul]
[li]Close all open programs and internet browsers.[/li][li]Right Click on adwcleaner.exe and run as admin to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]
Rogue Killer Scan.

Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

Link 1
Link 2

[ul]
[li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/upload_2017-2-23_10-55-54-png.1658/[/li]

[li]After All items are checked then press Remove Selected.[/li][li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li][li]Copy the content of the report and paste it here in your next reply.[/li][/ul][/COLOR]

**Malnutrition** · 06-19-2019, 07:55 PM

Right Click FRST64 on your desktop and copy paste [COLOR=rgb(184, 49, 47)]SearchAll: EasyMedianB0 into the text window of FRST.

[ATTACH type=“full” alt=“4875”]4875[/ATTACH]

In the search box, you have to type

SearchAll: EasyMedianB0

Make sure to include the “SearchAll:” part as well, then click Search Files.

Copy and paste the contents of the Search.txt log which will open in Notepad after the scan.

Thanks.[/COLOR]

**JawniHawni** · 06-19-2019, 08:09 PM

I may have disabled system restore as well as backups as I only had so much harddrive space. More over, I ended up deleting the whole system restore partition not too long ago as i cloned my OS drive onto a nice shiny m.2 drive.

As for the other policies, I do not believe I set those. If you’re planning on changing the system restore policy, you might as well do that as well.

I’ll be downloading and running the cleaning software now.

**Malnutrition** · 06-19-2019, 08:24 PM

Ok, I will remove those settings from the machine, everything will be back to default as far as those settings go. I will be awaiting the logs, and the search results from FRST. That will go into the fix.

**JawniHawni** · 06-19-2019, 08:38 PM

Avast Safe Browser is gone.

Attached are all the logs.

**Malnutrition** · 06-19-2019, 08:41 PM

You need to push the search files button when you copy paste SearchAll: EasyMedianB0

[ATTACH type=“full” alt=“4882”]4882[/ATTACH]

You pushed the scan button.

**JawniHawni** · 06-19-2019, 08:58 PM

Oh. Whoopsie. Proper file attached now.

I’m doing another search for just “EasyMedianB”. I think I added the “0” into the registry entry when I was trying to get rid of it. If anything pops I’ll let you know.

**JawniHawni** · 06-19-2019, 09:05 PM

Okay. “EasyMedianB” added a few extra things into the report and includes the stuff from the above file.

**Malnutrition** · 06-19-2019, 09:07 PM

Alright, you can also use the Everything Search Engine to search for EasyMedianB Sometimes it is a bit more thorough.

**Malnutrition** · 06-19-2019, 09:08 PM

Alright, I’ve got to run to the store I’ll be back in a couple hours to complete this. For now…

Scan with ESET:

Please download ESET Online Scanner and save it to your desktop.

[ul]
[li]Right-click on esetonlinescanner_enu.exe and select Run as Administrator.[/li][li]Click on Get Started.[/li][li]Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.[/li][li]Click on the Full Scan option.[/li][li]Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.[/li][li]ESET will now begin scanning your computer. This may take some time.[/li][li]When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.[/li][li]ESET Online Scanner may ask if you’d like to turn on the Periodic Scan feature. Click on Continue.[/li][li]On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.[/li][li]On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.[/li][/ul]

**Malnutrition** · 06-19-2019, 09:30 PM

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**JawniHawni** · 06-19-2019, 09:46 PM

Here ye go.

Still running ESET. This thing is taking a while.

**Malnutrition** · 06-19-2019, 10:48 PM

After the ESET Scan, I want you to tell me how things are going with the machine. What issues remain?

Help Removing a Service and Registry Key

Help Removing a Service and Registry Key

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment