How to remove quiz / Web trends graphics from Windows search bar

**charliefarnsbarns** · 05-14-2022, 08:22 PM

Hello - so I ran all three steps again - and I clicked “repair” on ZHP and did a new scan/repair pass as well. I got rid of a fair amount… but Total AV is still here. It is still in the Windows search bar. It’s like Japanese knotweed!

I updated two apps (Chrome & VLC) after doing Patch My PC. That log is at the very bottom of this post - followed by a final Security Check log as requested.

Code:

[HR][/HR]
Adware Removal Tool 5.1
Time: 2022_05_14_18_54_21
OS: Windows 10 Home - x64 Bit
Account Name: User
Adware Definition: 05132022
Elapsed time: 16:13
Repair Status:- Automatic Done
\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\

No results found
[HR][/HR]
Adware Removal Tool 5.1
Time: 2022_05_14_18_54_21
OS: Windows 10 Home - x64 Bit
Account Name: User
Adware Definition: 05132022
Elapsed time: 16:13
Scan Status:- Automatic Done

\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\

No results found
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Malwarebytes AdwCleaner 8.3.2.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 03-23-2022[/HEADING]
[HEADING=1]Database: 2022-03-15.3 (Local)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 05-14-2022[/HEADING]
[HEADING=1]Duration: 00:00:09[/HEADING]
[HEADING=1]OS: Windows 10 Home[/HEADING]
[HEADING=1]Cleaned: 19[/HEADING]
[HEADING=1]Awaiting reboot:6[/HEADING]
[HEADING=1]Failed: 0[/HEADING]
***** [ Services ] *****

Deleted SecurityService
Deleted webshieldfilter

***** [ Folders ] *****

Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\User\Documents\TotalAV
Needs Reboot C:\Program Files (x86)\TotalAV
Needs Reboot C:\ProgramData\TotalAV

***** [ Files ] *****

Deleted C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
Needs Reboot C:\Windows\System32\drivers\webshieldfilter.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Classes*\shell\TotalAV
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
[HR][/HR]
[+] Delete Tracing Keys
[+] Reset Winsock
[HR][/HR]
***** Reboot Required to Complete *****

***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed C:\Program Files (x86)\TotalAV
Cleaning failed C:\Program Files\DELL\SUPPORTASSISTAGENT
Cleaning failed C:\ProgramData\DELL\UPDATESERVICE
Cleaning failed C:\ProgramData\TotalAV
[HR][/HR]
***** [ Files ] *****

Cleaned C:\Windows\System32\drivers\webshieldfilter.sys
[HR][/HR]
AdwCleaner[S00].txt - [4323 octets] - [13/05/2022 23:52:11]
AdwCleaner[S01].txt - [4384 octets] - [14/05/2022 14:10:19]
AdwCleaner_Debug.log - [40019 octets] - [14/05/2022 14:12:36]
AdwCleaner[C01].txt - [4978 octets] - [14/05/2022 14:13:39]
AdwCleaner[S02].txt - [3028 octets] - [14/05/2022 20:42:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

~ ZHPCleaner v2022.5.12.33 by Nicolas Coolman (2022/05/12)
~ Run by User (Administrator) (14/05/2022 20:49:19)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : ZHP
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\User\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 19044)

—\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

—\ Services (0)
~ No malicious or unnecessary items found. (Service)

—\ Browser internet (0)
~ No malicious or unnecessary items found. (Browser)

—\ Hosts file (1)
~ The hosts file is legitimate (21)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

—\ Explorer ( File, Folder) (91)
FOUND file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Windows\Prefetch\TOTALAV.EXE-775A7881.pf =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\avgio.dll [Avira GmbH - On-access scan support for SDK] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\AviraLib.dll [AviraLib - AviraLib] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\BouncyCastle.Crypto.dll [The Legion of the Bouncy Castle Inc. - BouncyCastle.Crypto] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Branding.Desktop.dll [Branding.Desktop - Branding.Desktop] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\cachey-bashi.netcore.dll [cachey-bashi.netcore - cachey-bashi.netcore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\DirectWriteForwarder.dll [© Microsoft Corporation. All rights reserved. - DirectWriteForwarder] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\DotNetZip.dll [ - Ionic’s Zip Library (.NET Standard)] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Engine.Win.dll [Engine.Win - Engine.Win] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\e_sqlite3.dll =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\GUI.Win.deps.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\GUI.Win.dll [ - Ultimate Antivirus by Protected.net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\GUI.Win.runtimeconfig.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\HtmlAgilityPack.dll [ZZZ Projects Inc. - HtmlAgilityPack] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\install.name =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\installer.log =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\installoptions.jdat =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\libcrypto-1_1.dll [The OpenSSL Project, https://www.openssl.org/ - OpenSSL library] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\libssl-1_1.dll [The OpenSSL Project, https://www.openssl.org/ - OpenSSL library] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\lib_SCAPI.dll [Protected.net - Antivirus Engine Component] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\lib_SCAPISharp.dll [lib_SCAPISharp - lib_SCAPISharp] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.Analytics.dll [Microsoft.AppCenter.Analytics - Microsoft.AppCenter.Analytics] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.Crashes.dll [Microsoft.AppCenter.Crashes - Microsoft.AppCenter.Crashes] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.dll [Microsoft.AppCenter - Microsoft.AppCenter] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.Toolkit.Uwp.Notifications.dll [Microsoft.Toolkit - Microsoft.Toolkit.Uwp.Notifications] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Mindscape.Raygun4Net.NetCore.Common.dll [Raygun - Mindscape.Raygun4Net.NetCore.Common] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Mindscape.Raygun4Net.NetCore.dll [Raygun - Raygun4Net.NetCore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\NamedPipeServerStream.NetFrameworkVersion.dll [havendv - NamedPipeServerStream.NetFrameworkVersion] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Netlib.dll =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\nfapi.dll [Copyright (C) - nfapi] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\nfregdrv.exe =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.deps.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.dll [ - Ultimate Antivirus by Protected.net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.exe [TotalAV - TotalAV Password Vault Browser Assistant] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.runtimeconfig.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PenImc_cor3.dll [© Microsoft Corporation. All rights reserved. - PenImc] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PresentationNative_cor3.dll [© Microsoft Corporation. All rights reserved. - PresentationNative] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PropertyChanged.dll [Simon Cropp - PropertyChanged] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\ProtocolFilters.dll [NetFilterSDK.com - ProtocolFilters] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\pwm.dll [pwm - pwm] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Savapi.Net.dll [Savapi.Net - Savapi.Net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\securityservice.cat =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.deps.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.dll [ - Ultimate Antivirus by Protected.net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.exe [TotalAV - TotalAV Ultimate Antivirus Service] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.runtimeconfig.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SharedDesktop.dll [SharedDesktop - SharedDesktop] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SOS_README.md =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.batteries_v2.dll [SourceGear - SQLitePCLRaw.batteries_v2] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.core.dll [SourceGear - SQLitePCLRaw.core] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.nativelibrary.dll [SourceGear - SQLitePCLRaw.nativelibrary] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.provider.dynamic_cdecl.dll [SourceGear - SQLitePCLRaw.provider.dynamic_cdecl] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SSCore.dll [SSCore - SSCore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\System.Configuration.Install.dll [System.Configuration.Install - System.Configuration.Install] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\System.Printing.dll [© Microsoft Corporation. All rights reserved. - System.Printing] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SystemToolsWindows.dll [SystemToolsWindows - SystemToolsWindows] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\TotalAV.exe [TotalAV - TotalAV Ultimate Antivirus User Interface] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Trinet.Core.IO.Ntfs.dll [Richard Deeming - Trinet.Core.IO.Ntfs] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\UiPath.CoreIpc.dll [UiPath - UiPath.CoreIpc] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\uninst.exe [(C) Protected Antivirus Limited - TotalAV Ultimate Antivirus Installer] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.dll [Utilizr - Utilizr] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.NotifyIcon.dll [Utilizr.NotifyIcon - Utilizr.NotifyIcon] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.OpenVPN.dll [Utilizr.OpenVPN - Utilizr.OpenVPN] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.Ras.dll =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.VPN.dll [Utilizr.VPN - Utilizr.VPN] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.VPN.RasSharp.NetCore.dll [Utilizr.VPN.RasSharp.NetCore - Utilizr.VPN.RasSharp.NetCore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilzr.WPF.dll [Utilzr.WPF - Utilzr.WPF] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Webshield.Client.dll [Webshield.Client - Webshield.Client] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\wpfgfx_cor3.dll [© Microsoft Corporation. All rights reserved. - WpfGfx] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\wscf.exe [Protected.net Group Limited - Proteted.net WSCF] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\wscfd =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\bins =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\driver =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\locale =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\Manifest =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\ovpn =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\protected_elam =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\SAVAPI =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\startup =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\urldrv =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\DummyDir =>.SUP.Empty
FOUND folder: C:\Program Files (x86)\TotalAV =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\cache =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\data =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\logs =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\queues =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\updates =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\SecuritySuite =>SUP.Optional.ScanGuard

—\ Registry ( Key, Value, Data) (2)
FOUND key: HKCU\Software\SSProtect [AdditionalScan 53] =>.SUP.PCProtect
FOUND key: [X64] HKLM\SOFTWARE\Classes\totalav [URL:Total AV Protocol] =>SUP.Optional.TotalAV

—\ Summary of the elements found (5)
Noyau Chromium, Les Préférences des Navigateurs basés sur l'OS 2019 - ZAM =>ChromiumPreference
Zone Anti-Malware - ZAM =>SUP.Optional.TotalAV
Zone Anti-Malware - ZAM =>.SUP.Empty
Zone Anti-Malware - ZAM =>SUP.Optional.ScanGuard
Zone Anti-Malware - ZAM =>.SUP.PCProtect

—\ Result of repair
~ Any repair made
~ Google Chrome OK
~ Internet Explorer OK

—\ Statistics
~ Items scanned : 100497
~ Items found : 182
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17

—\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of search in 00h05mn20s

—\ Reports (2)
ZHPCleaner–14052022-14_22_40.txt
ZHPCleaner–14052022-20_54_39.txt

THEN I PRESSED “REPAIR” - this was a new log:

~ ZHPCleaner v2022.5.12.33 by Nicolas Coolman (2022/05/12)
~ Run by User (Administrator) (14/05/2022 20:56:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : ZHP
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\User\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 19044)

—\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

—\ Services (0)
~ No malicious or unnecessary items found. (Service)

—\ Browser internet (0)
~ No malicious or unnecessary items found. (Browser)

—\ Hosts file (1)
~ The hosts file is legitimate (21)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

—\ Explorer ( File, Folder) (7)
MOVED file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium
MOVED file: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium
MOVED file: C:\Windows\Prefetch\TOTALAV.EXE-775A7881.pf =>SUP.Optional.TotalAV
MOVED folder: C:\Program Files (x86)\DummyDir =>.SUP.Empty
MOVED folder: C:\Program Files (x86)\TotalAV =>SUP.Optional.TotalAV
MOVED folder: C:\ProgramData\TotalAV =>SUP.Optional.TotalAV
MOVED folder: C:\ProgramData\SecuritySuite =>SUP.Optional.ScanGuard

—\ Registry ( Key, Value, Data) (2)
DELETED key*: HKCU\Software\SSProtect [AdditionalScan 53] =>.SUP.PCProtect
DELETED key*: [X64] HKLM\SOFTWARE\Classes\totalav [URL:Total AV Protocol] =>SUP.Optional.TotalAV

—\ Summary of the elements found (5)
Zone Anti-Malware - ZAM =>Préférences Chromium
Zone Anti-Malware - ZAM =>SUP.Optional.TotalAV
Zone Anti-Malware - ZAM =>.SUP.Empty
Zone Anti-Malware - ZAM =>SUP.Optional.ScanGuard
Zone Anti-Malware - ZAM =>.SUP.PCProtect

—\ Other deletions. (6)
~ Registry Keys Tracing deleted (6)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Internet Explorer OK

—\ Statistics
~ Items scanned : 1051
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17

—\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of clean in 00h00mn09s

—\ Reports (3)
ZHPCleaner–14052022-14_22_40.txt
ZHPCleaner–14052022-20_54_39.txt
ZHPCleaner-[R]-14052022-20_56_21.txt

ZHPCleaner report

THEN I DID ANOTHER SCAN & REPAIR WITH ZHP:

~ ZHPCleaner v2022.5.12.33 by Nicolas Coolman (2022/05/12)
~ Run by User (Administrator) (14/05/2022 20:58:00)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : ZHP
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\User\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 19044)

—\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

—\ Services (0)
~ No malicious or unnecessary items found. (Service)

—\ Browser internet (0)
~ No malicious or unnecessary items found. (Browser)

—\ Hosts file (1)
~ The hosts file is legitimate (21)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

—\ Explorer ( File, Folder) (1)
FOUND file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference

—\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found. (Registry)

—\ Summary of the elements found (1)
Noyau Chromium, Les Préférences des Navigateurs basés sur l'OS 2019 - ZAM =>ChromiumPreference

—\ Result of repair
~ Any repair made
~ Google Chrome OK
~ Internet Explorer OK

—\ Statistics
~ Items scanned : 100424
~ Items found : 1
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17

—\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of search in 00h05mn03s

—\ Reports (4)
ZHPCleaner-[R]-14052022-20_56_21.txt
ZHPCleaner–14052022-14_22_40.txt
ZHPCleaner–14052022-20_54_39.txt
ZHPCleaner–14052022-21_03_03.txt

When I pressed repair button it said, “No clean up necessary”.

Then I did “Security Check” again:

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 14.05.2022 21:04:39
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: User
VersionXML: 9.78is-14.05.2022
[HR][/HR]
Windows 10(6.3.19044) (x64) Core Release: 2009 Lang: English(0809)
Installation date OS: 22.02.2022 13:28:50
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [474.9 Gb] Used: [414.4 Gb] Free: [60.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Never check for updates
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Total AV (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.15128.20224
Dell SupportAssist v.3.11.1.18
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.089.0426.0003 [+]
Dropbox v.148.4.4519
-------------------------- [ IMAndCollaborate ] ---------------------------
Microsoft Teams v.1.5.00.11163
WhatsApp v.2.2216.7 [+]
Zoom v.5.9.3 (3169) Warning! Download Update
Telegram Desktop version 3.7.3 v.3.7.3
-------------------------------- [ Media ] --------------------------------
Spotify v.1.1.81.604.gccacfc8c Warning! Download Update
VLC media player v.3.0.16 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat DC (64-bit) v.22.001.20117
ph v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
bl v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.101.0.4951.54 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5
MpCmdRun.exe
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------

PATCH MY PC:
.NET Framework 4.8.04084
Dropbox - 148.4.4519
Google Chrome - 101.0.4951.67
Microsoft Visual C++ 2005 Redistributable - 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) - 8.0.61000
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Telegram Desktop version 3.7.3
VLC media player - 3.0.17.4
WhatsApp - 2.2216.7

Color [Green] = Latest Version Installed
Color [Red] = Outdated Version Installed
Color [Black] = Not Currently Installed

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 14.05.2022 21:20:39
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: User
VersionXML: 9.78is-14.05.2022
[HR][/HR]
Windows 10(6.3.19044) (x64) Core Release: 2009 Lang: English(0809)
Installation date OS: 22.02.2022 13:28:50
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [474.9 Gb] Used: [414.3 Gb] Free: [60.6 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Never check for updates
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Total AV (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.15128.20224
Dell SupportAssist v.3.11.1.18
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.089.0426.0003 [+]
Dropbox v.148.4.4519
-------------------------- [ IMAndCollaborate ] ---------------------------
Microsoft Teams v.1.5.00.11163
WhatsApp v.2.2216.7 [+]
Zoom v.5.9.3 (3169) Warning! Download Update
Telegram Desktop version 3.7.3 v.3.7.3
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.17.4
Spotify v.1.1.81.604.gccacfc8c Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat DC (64-bit) v.22.001.20117
ph v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
bl v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.101.0.4951.67
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5
MpCmdRun.exe
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------

**charliefarnsbarns** · 05-14-2022, 08:24 PM

Don’t know why it’s all crossed out sorry… perhaps it shouldn’t all be cut and pasted into one…
I’m stunned to see that Total Av has such market dominance and everyone uses it…!

**Malnutrition** · 05-15-2022, 12:38 AM

I’ll take a look tomorrow. I’m currently visiting a friend… no worries, we will get rid of total av from your machine.

**Malnutrition** · 05-15-2022, 09:07 AM

We can remove any remnants with this tool.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"
[IMG alt=“icon2.jpg”]https://pchelpforum.net/attachments/icon2-jpg.794/
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

Code:

    [IMG alt="frst disclaimer.jpg"]https://pchelpforum.net/attachments/frst-disclaimer-jpg.795/

[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it.[/li][li]Then select Scan[/li][/ol]
[IMG alt=“frst.jpg”]https://pchelpforum.net/attachments/frst-jpg.796/
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Code:

    [IMG alt="2016-08-12_152002.jpg"]https://pchelpforum.net/attachments/2016-08-12_152002-jpg.797/

Please Attach the contents of these logs in your next post for review by our Security Team[/IMG]

**charliefarnsbarns** · 05-15-2022, 09:37 AM

Thanks so much for your continued help and easy-to-follow instructions, I hope you’ll let me know if there’s something I can do for you in return. Seems like TotalAV remains but in a quarantined area, but it could still reactivate. If we can put it - and me - out of our misery that would be awesome. I’ve downloaded the FRST 64bit program and run it, and attach the two text files - FRST & Addition - as requested.

**Malnutrition** · 05-15-2022, 10:03 AM

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**Malnutrition** · 05-15-2022, 10:06 AM

Once you have completed the fix.

Farbar Recovery Scan Tool SearchAll

[ul]
[li]Right click on FRST and select Run as administrator[/li][li]Copy/paste the following in the Search: box[/li][/ul]

SearchAll: Avira;TotalAV

[ul]
[li]Click Search Files button[/li][li]When completed click OK and a Search.txt document will open on your desktop.[/li][li]Attach it here.[/li][/ul]

**charliefarnsbarns** · 05-15-2022, 10:51 AM

Not sure if that last phase of checks/fixes deleted all my saved passwords, haha, but I just had to reset mine on this forum. Anyway, I’ve done both the things you asked and attach the Fixlog and FRST Search logs below.

**Malnutrition** · 05-15-2022, 11:04 AM

Strange, should not have deleted any passwords… Is total AV still on your machine?

Run the Avira Removal Tool.
Select all options.

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**charliefarnsbarns** · 05-15-2022, 12:10 PM

Hello, for some reason this didn’t refresh and i’ve only just seen latest instructions as I’m about to pop out. I’ll be back in about 5 hours. Sorry for any inconvenience, and I’m sure you have things to do too on a Sunday. I did download Avira Removal Tool, and tried to run it just now, ticking all options. I got this message:
“Not all selected Avira registry keys could be removed. Please restart your computer into safe mode and run the Avira Registry Cleaner again. Please close all open applications before you restart.” - I’m not really familiar with working in safe mode so I’d better tackle this once I’m back and have time to concentrate for you. I’ll be back

**Malnutrition** · 05-15-2022, 01:05 PM

Take your time, no big deal. ???

**charliefarnsbarns** · 05-15-2022, 06:12 PM

Hey, so I went into safe mode, ran Avira as directed and got a message (attached) to say that all of Avira was removed. When I restarted, to my horror Total AV installed itself before my very eyes and is now running again!!!

**charliefarnsbarns** · 05-15-2022, 06:16 PM

I did the FRST Fix with your new Fixlist doc, and attach the log here,

**charliefarnsbarns** · 05-15-2022, 06:43 PM

OK… an update… I saw Total AV running. I opened Task Manager and tried to “end process” but it refused to let me. But I right clicked and found the program location. It was running from an .exe file in the ZHP Quarantine folder. However, I noticed that further down in this folder location, there was another .exe file, labelled uninstall Total AV. So I right-clicked and ran that as an administrator, and uninstalled the program - see screen grab. This prompted a restart.

Once I did that, I ran ZHP scan and repair again… And I post the scan (S) and repair (R) logs. It looks like Total AV may at last have gone from my system, based on these reports. Let me know what you think.

BTW, if you agree I have got rid of Total AV - have you any recommendations for a decent anti-virus software I should use instead? Would AVG be suitable, for instance?

**Malnutrition** · 05-15-2022, 06:57 PM

Originally posted by charliefarnsbarns

It was running from an .exe file in the ZHP Quarantine folder.

ZHP Cleaner does not have a very effective quarantine. LOL

Glad you got that figured out.

Download the Everything Search Engine and type Quarantine then edit select all right and copy full name to clipboard., post the result here.

Then lets check for any remnants.

ZHP Diag Scan Click here to download.
Save to your desktop.
Right Click Run as Admin.
Click the Options button.
Click on Check All
Then click close.
Click the Scanner button.
When complete please push the report button.
A notepad will open… attach the report in your next reply.

As far as Antivirus, windows defender should be fine, but you can add one of the following below as a companion AV. Should run alongside defender without issue.

X-Virus
SecureAplus

How to remove quiz / Web trends graphics from Windows search bar

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment