Help Removing a Service and Registry Key

Phew. Finally done. Here’s the ESET log.

Everything seems to be going smoothly again. I dont see any EasyMedian stuff anymore and my searches aren’t being changed to Yahoo. Nice.

Ok, lets just run a final couple checks then get you on your way.

Step 1:

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]
Step 2:

HijackThis.

1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Step 3:

Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

[MEDIA=imgur]LOr0Gd7[/MEDIA]

Hit Ok.

[MEDIA=imgur]sYFsqHx[/MEDIA]

Hit next make sure to leave all items checked, for removal.

[MEDIA=imgur]8NcZjGc[/MEDIA]

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

Aaaand here are these three.

SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 19.06.2019 19:57:45
Path starting: C:\Users\Big Brother\AppData\Local\Temp\SecurityCheck\SecurityC heck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: Big Brother
VersionXML: 6.57is-18.06.2019

---

Windows 10(6.3.17763) (x64) Core Release: 1809 Lang: English(0409)
Installation date OS: 21.02.2019 03:42:09
LicenseStatus: Office 16, Office16O365ProPlusR_Subscription1 edition Windows is in Notification mode
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [894.3 Gb] Used: [237.1 Gb] Free: [657.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.557.17763.0
User Account Control enabled
Automatically download and schedule installation
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 3.7.1.2839 v.3.7.1.2839
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Office 365 ProPlus - en-us v.16.0.10730.20348 Warning! Download Update
How Install Office updates?
Microsoft .NET Framework 4.5.2 v.4.5.51209 Warning! Download Update
Microsoft Silverlight v.5.1.50918.0
NVIDIA GeForce Experience 3.19.0.94 v.3.19.0.94
VLC media player v.2.2.1 Warning! Download Update
Steam v.1.0.0.0 Warning! Download Update
-------------------------------- [ Arch ] ---------------------------------
WinRAR 5.30 (32-bit) v.5.30.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Discord v.0.0.305
Skype™ 7.40 v.7.40.151 Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
NordVPN v.6.20.12
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 211 (64-bit) v.8.0.2110.12
Java 8 Update 211 v.8.0.2110.12
--------------------------- [ AppleProduction ] ---------------------------
QuickTime v.7.73.80.64 Warning! This software is no longer supported. Please uninstall it and use another software.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.32.0.0.89 Warning! Download Update
Adobe Acrobat Reader DC v.15.009.20069 Warning! Download Update
^Please run Acrobat Reader DC and go Help - Check for updates…[1]
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 67.0.3 (x64 en-US) v.67.0.3
Google Chrome v.74.0.3729.169 Warning! Download Update
----------------------------- [ EmailClient ] -----------------------------
Windows Live Essentials v.16.4.3528.0331 Warning! This software is no longer supported.
Windows Live Sync v.14.0.8117.416 Warning! This software is no longer supported.
Windows Live Mail v.16.4.3528.0331 Warning! This software is no longer supported.
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service has stopped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe v.4.18.1905.4
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe v.4.18.1905.4
Windows Defender Antivirus Service (WinDefend) - The service is running
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Unity Web Player (x64) (All users) v.4.6.6f2 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

---

1. /b ↩︎

Everything looks ok now. I’d update all of the out of date programs with Patch My PC.

If you do not know what this is, I’d remove it.

C:\Users\Big Brother\AppData\Local\ValidSimple.Updater\RKHelper .exe =>
VirusTotal

Now Lets Clean up the tools we used and remove old restore points.


Download DelFix by “Xplode” to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

I think the RKHelper was bundled with a mod I installed, but I’m not 100% on it. So away it goes.

Log below.

I’ll mark this one as solved, but I will leave it open for a dew days so if the issue arises again you can let us know.

Let a friend know about us; have a good night.

I’ve actually been coming here for a few years for my problems and for others as well. I think my old account got pruned at some point in between forum upgrades.

Thank you for all the help!

You are very welcome.