In the last two days I've noticed my Windows 10 search bar is showing comedy graphics which seem to link to a Bing-related "Trends" or quizzes. Today the graphic is all about Eurovision. I find this quite distracting and have tried Googling how to remove or fix it and tried making some fixes without success, including running anti-virus software, removing Bing as a browser, I've even completely unistalled Microsoft Edge. But it's still there. I'm sure it must be something very simple but I haven't found any forums which offer solutions and I just wondered if anyone has any ideas? I've attached a couple of screen grabs - showing the cartoon in the search bar, and then the menu which opens when you click it. Thanks in anticipation, Charlie x
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Solved How to remove quiz / Web trends graphics from Windows search bar
- Thread starter charliefarnsbarns
- Start date
- Status
Step 1: Adware Removal Tool Scan.
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
Click Scan
Hit Ok.
Hit next make sure to leave all items checked, for removal.
Click Next
The Program will close all open programs to complete the removal, so save any work and hit OK.
Then hit OK after the removal process is complete, thenOK again to finish up.
Post log generated by tool.
Step2: Adware Cleaner Scan.
Adware Cleaner
Step3:
ZHP cleaner Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
Click Scan
Hit Ok.
Hit next make sure to leave all items checked, for removal.
Click Next
The Program will close all open programs to complete the removal, so save any work and hit OK.
Then hit OK after the removal process is complete, thenOK again to finish up.
Post log generated by tool.
Step2: Adware Cleaner Scan.
Adware Cleaner
- Download AdwCleaner and save it to your Desktop
- Right-click on AdwCleaner.exeand select
-
Run as Administrator - Accept the EULA (I accept), then click on Scan Now
- Let the scan complete
- Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
- Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
- Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
- Close all other open windows and allow it to restart
- After the restart, Notepad will open with the AdwCleaner cleaning log
- Please Attach the contents of that log into your next reply to me
Step3:
ZHP cleaner Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.
That’s search highlights.
If you right click on the taskbar>Search>deselect ‘show search highlights’.
If you right click on the taskbar>Search>deselect ‘show search highlights’.
@charliefarnsbarns Please try what @Bastet has posted prior to what I suggested. Running these tools that I posted isn't going to hurt tho, should be part of a cleaning routine on any machine. 
On a side note, I'd uninstall TotalAV as it is garbage software. Use GeekUninstaller to remove all traces of it.
Security Check Scan.
Security Check Scan.
- Download Security Check to your desktop.
- Right click it run as administrator.
- When the program completes, the tool will automatically open a log file.
- Please Copy and paste that log here in your next post
Thankyou so much everyone! Bastet's advice solved the immediate problem - I hadn't realised how to reach that menu option. I am now running the adware scans suggested by Malnutrition and will post the log on completion as I follow the steps.
OK here are the three sets of results.
Code:
1. ADWARE REMOVAL LOGS:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Adware Removal Tool 5.1
Time: 2022_05_14_13_30_36
OS: Windows 10 Home - x64 Bit
Account Name: User
Adware Definition: 05132022
Elapsed time: 16:46
Scan Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\
No results found
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
No results found
2. ADW CLEANER LOG:
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-14-2022
# Duration: 00:00:10
# OS: Windows 10 Home
# Cleaned: 33
# Awaiting reboot:6
# Failed: 0
***** [ Services ] *****
Deleted SecurityService
Deleted webshieldfilter
***** [ Folders ] *****
Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\User\AppData\Local\Temp\VideoConverter
Deleted C:\Users\User\Documents\TotalAV
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
Needs Reboot C:\Program Files (x86)\TotalAV
Needs Reboot C:\ProgramData\TotalAV
***** [ Files ] *****
Deleted C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
Needs Reboot C:\Windows\System32\drivers\webshieldfilter.sys
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Classes\*\shell\TotalAV
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Users\User\Documents\DELL\SUPPORTASSIST
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D6ED73B-E131-4756-89A7-51E699B95DF7}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D6ED73B-E131-4756-89A7-51E699B95DF7}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL UPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATE
Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
***** [ Folders ] *****
Cleaning failed C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed C:\Program Files (x86)\TotalAV
Cleaning failed C:\Program Files\DELL\SUPPORTASSISTAGENT
Cleaning failed C:\ProgramData\DELL\UPDATESERVICE
Cleaning failed C:\ProgramData\TotalAV
*************************
***** [ Files ] *****
Cleaned C:\Windows\System32\drivers\webshieldfilter.sys
*************************
AdwCleaner[S00].txt - [4323 octets] - [13/05/2022 23:52:11]
AdwCleaner[S01].txt - [4384 octets] - [14/05/2022 14:10:19]
AdwCleaner_Debug.log - [16270 octets] - [14/05/2022 14:12:36]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
3. ZHP CLEANER LOG
ZHP Report
~ ZHPCleaner v2022.5.12.33 by Nicolas Coolman (2022/05/12)
~ Run by User (Administrator) (14/05/2022 14:16:56)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\User\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 19044)
---\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)
---\ Services (0)
~ No malicious or unnecessary items found. (Service)
---\ Browser internet (0)
~ No malicious or unnecessary items found. (Browser)
---\ Hosts file (1)
~ The hosts file is legitimate (21)
---\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)
---\ Explorer ( File, Folder) (95)
FOUND file: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk [Bad : C:\Program Files (x86)\TotalAV\TotalAV.exe](.TotalAV.) =>SUP.Optional.TotalAV
FOUND file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Program Files (x86)\TotalAV\TotalAV.exe [TotalAV - TotalAV Ultimate Antivirus User Interface] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\avgio.dll [Avira GmbH - On-access scan support for SDK] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\AviraLib.dll [AviraLib - AviraLib] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\BouncyCastle.Crypto.dll [The Legion of the Bouncy Castle Inc. - BouncyCastle.Crypto] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Branding.Desktop.dll [Branding.Desktop - Branding.Desktop] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\cachey-bashi.netcore.dll [cachey-bashi.netcore - cachey-bashi.netcore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\DirectWriteForwarder.dll [© Microsoft Corporation. All rights reserved. - DirectWriteForwarder] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\DotNetZip.dll [ - Ionic's Zip Library (.NET Standard)] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Engine.Win.dll [Engine.Win - Engine.Win] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\e_sqlite3.dll =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\GUI.Win.deps.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\GUI.Win.dll [ - Ultimate Antivirus by Protected.net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\GUI.Win.runtimeconfig.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\HtmlAgilityPack.dll [ZZZ Projects Inc. - HtmlAgilityPack] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\install.name =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\installer.log =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\installoptions.jdat =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\libcrypto-1_1.dll [The OpenSSL Project, https://www.openssl.org/ - OpenSSL library] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\libssl-1_1.dll [The OpenSSL Project, https://www.openssl.org/ - OpenSSL library] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\lib_SCAPI.dll [Protected.net - Antivirus Engine Component] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\lib_SCAPISharp.dll [lib_SCAPISharp - lib_SCAPISharp] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.Analytics.dll [Microsoft.AppCenter.Analytics - Microsoft.AppCenter.Analytics] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.Crashes.dll [Microsoft.AppCenter.Crashes - Microsoft.AppCenter.Crashes] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.dll [Microsoft.AppCenter - Microsoft.AppCenter] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.Toolkit.Uwp.Notifications.dll [Microsoft.Toolkit - Microsoft.Toolkit.Uwp.Notifications] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Mindscape.Raygun4Net.NetCore.Common.dll [Raygun - Mindscape.Raygun4Net.NetCore.Common] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Mindscape.Raygun4Net.NetCore.dll [Raygun - Raygun4Net.NetCore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\NamedPipeServerStream.NetFrameworkVersion.dll [havendv - NamedPipeServerStream.NetFrameworkVersion] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Netlib.dll =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\nfapi.dll [Copyright (C) - nfapi] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\nfregdrv.exe =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.deps.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.dll [ - Ultimate Antivirus by Protected.net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.exe [TotalAV - TotalAV Password Vault Browser Assistant] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.runtimeconfig.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PenImc_cor3.dll [© Microsoft Corporation. All rights reserved. - PenImc] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PresentationNative_cor3.dll [© Microsoft Corporation. All rights reserved. - PresentationNative] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PropertyChanged.dll [Simon Cropp - PropertyChanged] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\ProtocolFilters.dll [NetFilterSDK.com - ProtocolFilters] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\pwm.dll [pwm - pwm] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Savapi.Net.dll [Savapi.Net - Savapi.Net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\securityservice.cat =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.deps.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.dll [ - Ultimate Antivirus by Protected.net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.exe [TotalAV - TotalAV Ultimate Antivirus Service] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.runtimeconfig.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SharedDesktop.dll [SharedDesktop - SharedDesktop] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SOS_README.md =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.batteries_v2.dll [SourceGear - SQLitePCLRaw.batteries_v2] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.core.dll [SourceGear - SQLitePCLRaw.core] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.nativelibrary.dll [SourceGear - SQLitePCLRaw.nativelibrary] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.provider.dynamic_cdecl.dll [SourceGear - SQLitePCLRaw.provider.dynamic_cdecl] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SSCore.dll [SSCore - SSCore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\System.Configuration.Install.dll [System.Configuration.Install - System.Configuration.Install] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\System.Printing.dll [© Microsoft Corporation. All rights reserved. - System.Printing] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SystemToolsWindows.dll [SystemToolsWindows - SystemToolsWindows] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Trinet.Core.IO.Ntfs.dll [Richard Deeming - Trinet.Core.IO.Ntfs] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\UiPath.CoreIpc.dll [UiPath - UiPath.CoreIpc] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\uninst.exe [(C) Protected Antivirus Limited - TotalAV Ultimate Antivirus Installer] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.dll [Utilizr - Utilizr] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.NotifyIcon.dll [Utilizr.NotifyIcon - Utilizr.NotifyIcon] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.OpenVPN.dll [Utilizr.OpenVPN - Utilizr.OpenVPN] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.Ras.dll =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.VPN.dll [Utilizr.VPN - Utilizr.VPN] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.VPN.RasSharp.NetCore.dll [Utilizr.VPN.RasSharp.NetCore - Utilizr.VPN.RasSharp.NetCore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilzr.WPF.dll [Utilzr.WPF - Utilzr.WPF] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Webshield.Client.dll [Webshield.Client - Webshield.Client] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\wpfgfx_cor3.dll [© Microsoft Corporation. All rights reserved. - WpfGfx] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\wscf.exe [Protected.net Group Limited - Proteted.net WSCF] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\wscfd =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\bins =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\driver =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\locale =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\Manifest =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\ovpn =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\protected_elam =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\SAVAPI =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\startup =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\urldrv =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\DummyDir =>.SUP.Empty
FOUND folder: C:\Program Files (x86)\TotalAV =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\cache =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\data =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\logs =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\queues =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\updates =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV =>SUP.Optional.TotalAV
FOUND folder: C:\Users\User\Documents\TotalAV\PasswordVault =>SUP.Optional.TotalAV
FOUND folder: C:\Users\User\Documents\TotalAV =>SUP.Optional.TotalAV
FOUND folder: C:\Documents and Settings\User\Documents\TotalAV\PasswordVault =>SUP.Optional.TotalAV
FOUND folder: C:\Documents and Settings\User\Documents\TotalAV =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\SecuritySuite =>SUP.Optional.ScanGuard
---\ Registry ( Key, Value, Data) (2)
FOUND key: HKCU\Software\SSProtect [AdditionalScan 53] =>.SUP.PCProtect
FOUND key: [X64] HKLM\SOFTWARE\Classes\totalav [URL:Total AV Protocol] =>SUP.Optional.TotalAV
---\ Summary of the elements found (5)
https://nicolascoolman.eu/2017/10/30/sup-totalav/ =>SUP.Optional.TotalAV
https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Empty
https://nicolascoolman.eu/2017/12/21/sup-scanguard/ =>SUP.Optional.ScanGuard
https://nicolascoolman.eu/2017/10/30/sup-pcprotect/ =>.SUP.PCProtect
---\ Result of repair
~ Any repair made
~ Google Chrome OK
~ Internet Explorer OK
---\ Statistics
~ Items scanned : 100400
~ Items found : 190
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17
---\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed
~ End of search in 00h05mn44s
---\ Reports (0)
ZHPCleaner--14052022-14_22_40.txt
Last edited by a moderator:
I can see from these reports that Total AV is responsible for a lot of dodgy content. I will certainly remove it and would be very gratefull for any tips you have for anti-virus protection software to replace it with?
It turns out that Total AV is not showing up as an installed program on my computer! It seems to be on the system, but it does not show up in Geek or in the Windows 'Add or Uninstall Programs' section. So I'm not sure how to remove it.
Here is the log from the Security Check Scan:
Here is the log from the Security Check Scan:
Code:
SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 14.05.2022 14:41:10
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: User
VersionXML: 9.78is-14.05.2022
___________________________________________________________________________
Windows 10(6.3.19044) (x64) Core Release: 2009 Lang: English(0809)
Installation date OS: 22.02.2022 13:28:50
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [474.9 Gb] Used: [400.5 Gb] Free: [74.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Never check for updates
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Total AV (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.15128.20224
Dell SupportAssist v.3.11.1.18
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.089.0426.0003 [+]
Dropbox v.148.4.4519
-------------------------- [ IMAndCollaborate ] ---------------------------
Microsoft Teams v.1.5.00.11163
WhatsApp v.2.2216.7 [+]
Zoom v.5.9.3 (3169) Warning! Download Update
Telegram Desktop version 3.7.3 v.3.7.3
-------------------------------- [ Media ] --------------------------------
Spotify v.1.1.81.604.gccacfc8c Warning! Download Update
VLC media player v.3.0.16 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat DC (64-bit) v.22.001.20117
ph v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
bl v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.101.0.4951.54 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Microsoft Defender Antivirus Service (WinDefend) - The service has stopped
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
C:\Program Files (x86)\TotalAV\SecurityService.exe v.5.16.203.0
PC Security Management Service (SecurityService) - The service is running
C:\Program Files (x86)\TotalAV\SecurityService.exe v.5.16.203.0
PC Security Management Service (SecurityService) - The service is running
C:\Program Files (x86)\TotalAV\SecurityService.exe v.5.16.203.0
----------------------------- [ End of Log ] ------------------------------
Last edited by a moderator:
Run the adware cleaning programs and post the logs. I believe adware cleaner is scripted to remove it, if not then we can remove it with other tools.
Hello - so I ran all three steps again - and I clicked "repair" on ZHP and did a new scan/repair pass as well. I got rid of a fair amount... but Total AV is still here. It is still in the Windows search bar. It's like Japanese knotweed!
I updated two apps (Chrome & VLC) after doing Patch My PC. That log is at the very bottom of this post - followed by a final Security Check log as requested.
I updated two apps (Chrome & VLC) after doing Patch My PC. That log is at the very bottom of this post - followed by a final Security Check log as requested.
Code:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Adware Removal Tool 5.1
Time: 2022_05_14_18_54_21
OS: Windows 10 Home - x64 Bit
Account Name: User
Adware Definition: 05132022
Elapsed time: 16:13
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
No results found
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Adware Removal Tool 5.1
Time: 2022_05_14_18_54_21
OS: Windows 10 Home - x64 Bit
Account Name: User
Adware Definition: 05132022
Elapsed time: 16:13
Scan Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\
No results found
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-14-2022
# Duration: 00:00:09
# OS: Windows 10 Home
# Cleaned: 19
# Awaiting reboot:6
# Failed: 0
***** [ Services ] *****
Deleted SecurityService
Deleted webshieldfilter
***** [ Folders ] *****
Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\User\Documents\TotalAV
Needs Reboot C:\Program Files (x86)\TotalAV
Needs Reboot C:\ProgramData\TotalAV
***** [ Files ] *****
Deleted C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
Needs Reboot C:\Windows\System32\drivers\webshieldfilter.sys
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Classes\*\shell\TotalAV
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
***** [ Folders ] *****
Cleaning failed C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed C:\Program Files (x86)\TotalAV
Cleaning failed C:\Program Files\DELL\SUPPORTASSISTAGENT
Cleaning failed C:\ProgramData\DELL\UPDATESERVICE
Cleaning failed C:\ProgramData\TotalAV
*************************
***** [ Files ] *****
Cleaned C:\Windows\System32\drivers\webshieldfilter.sys
*************************
AdwCleaner[S00].txt - [4323 octets] - [13/05/2022 23:52:11]
AdwCleaner[S01].txt - [4384 octets] - [14/05/2022 14:10:19]
AdwCleaner_Debug.log - [40019 octets] - [14/05/2022 14:12:36]
AdwCleaner[C01].txt - [4978 octets] - [14/05/2022 14:13:39]
AdwCleaner[S02].txt - [3028 octets] - [14/05/2022 20:42:47]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
~ ZHPCleaner v2022.5.12.33 by Nicolas Coolman (2022/05/12)
~ Run by User (Administrator) (14/05/2022 20:49:19)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\User\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 19044)
---\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)
---\ Services (0)
~ No malicious or unnecessary items found. (Service)
---\ Browser internet (0)
~ No malicious or unnecessary items found. (Browser)
---\ Hosts file (1)
~ The hosts file is legitimate (21)
---\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)
---\ Explorer ( File, Folder) (91)
FOUND file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Windows\Prefetch\TOTALAV.EXE-775A7881.pf =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\avgio.dll [Avira GmbH - On-access scan support for SDK] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\AviraLib.dll [AviraLib - AviraLib] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\BouncyCastle.Crypto.dll [The Legion of the Bouncy Castle Inc. - BouncyCastle.Crypto] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Branding.Desktop.dll [Branding.Desktop - Branding.Desktop] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\cachey-bashi.netcore.dll [cachey-bashi.netcore - cachey-bashi.netcore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\DirectWriteForwarder.dll [© Microsoft Corporation. All rights reserved. - DirectWriteForwarder] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\DotNetZip.dll [ - Ionic's Zip Library (.NET Standard)] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Engine.Win.dll [Engine.Win - Engine.Win] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\e_sqlite3.dll =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\GUI.Win.deps.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\GUI.Win.dll [ - Ultimate Antivirus by Protected.net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\GUI.Win.runtimeconfig.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\HtmlAgilityPack.dll [ZZZ Projects Inc. - HtmlAgilityPack] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\install.name =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\installer.log =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\installoptions.jdat =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\libcrypto-1_1.dll [The OpenSSL Project, https://www.openssl.org/ - OpenSSL library] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\libssl-1_1.dll [The OpenSSL Project, https://www.openssl.org/ - OpenSSL library] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\lib_SCAPI.dll [Protected.net - Antivirus Engine Component] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\lib_SCAPISharp.dll [lib_SCAPISharp - lib_SCAPISharp] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.Analytics.dll [Microsoft.AppCenter.Analytics - Microsoft.AppCenter.Analytics] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.Crashes.dll [Microsoft.AppCenter.Crashes - Microsoft.AppCenter.Crashes] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.dll [Microsoft.AppCenter - Microsoft.AppCenter] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Microsoft.Toolkit.Uwp.Notifications.dll [Microsoft.Toolkit - Microsoft.Toolkit.Uwp.Notifications] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Mindscape.Raygun4Net.NetCore.Common.dll [Raygun - Mindscape.Raygun4Net.NetCore.Common] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Mindscape.Raygun4Net.NetCore.dll [Raygun - Raygun4Net.NetCore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\NamedPipeServerStream.NetFrameworkVersion.dll [havendv - NamedPipeServerStream.NetFrameworkVersion] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Netlib.dll =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\nfapi.dll [Copyright (C) - nfapi] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\nfregdrv.exe =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.deps.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.dll [ - Ultimate Antivirus by Protected.net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.exe [TotalAV - TotalAV Password Vault Browser Assistant] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PasswordExtension.Win.runtimeconfig.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PenImc_cor3.dll [© Microsoft Corporation. All rights reserved. - PenImc] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PresentationNative_cor3.dll [© Microsoft Corporation. All rights reserved. - PresentationNative] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\PropertyChanged.dll [Simon Cropp - PropertyChanged] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\ProtocolFilters.dll [NetFilterSDK.com - ProtocolFilters] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\pwm.dll [pwm - pwm] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Savapi.Net.dll [Savapi.Net - Savapi.Net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\securityservice.cat =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.deps.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.dll [ - Ultimate Antivirus by Protected.net] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.exe [TotalAV - TotalAV Ultimate Antivirus Service] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SecurityService.runtimeconfig.json =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SharedDesktop.dll [SharedDesktop - SharedDesktop] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SOS_README.md =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.batteries_v2.dll [SourceGear - SQLitePCLRaw.batteries_v2] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.core.dll [SourceGear - SQLitePCLRaw.core] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.nativelibrary.dll [SourceGear - SQLitePCLRaw.nativelibrary] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SQLitePCLRaw.provider.dynamic_cdecl.dll [SourceGear - SQLitePCLRaw.provider.dynamic_cdecl] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SSCore.dll [SSCore - SSCore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\System.Configuration.Install.dll [System.Configuration.Install - System.Configuration.Install] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\System.Printing.dll [© Microsoft Corporation. All rights reserved. - System.Printing] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\SystemToolsWindows.dll [SystemToolsWindows - SystemToolsWindows] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\TotalAV.exe [TotalAV - TotalAV Ultimate Antivirus User Interface] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Trinet.Core.IO.Ntfs.dll [Richard Deeming - Trinet.Core.IO.Ntfs] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\UiPath.CoreIpc.dll [UiPath - UiPath.CoreIpc] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\uninst.exe [(C) Protected Antivirus Limited - TotalAV Ultimate Antivirus Installer] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.dll [Utilizr - Utilizr] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.NotifyIcon.dll [Utilizr.NotifyIcon - Utilizr.NotifyIcon] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.OpenVPN.dll [Utilizr.OpenVPN - Utilizr.OpenVPN] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.Ras.dll =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.VPN.dll [Utilizr.VPN - Utilizr.VPN] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilizr.VPN.RasSharp.NetCore.dll [Utilizr.VPN.RasSharp.NetCore - Utilizr.VPN.RasSharp.NetCore] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Utilzr.WPF.dll [Utilzr.WPF - Utilzr.WPF] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\Webshield.Client.dll [Webshield.Client - Webshield.Client] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\wpfgfx_cor3.dll [© Microsoft Corporation. All rights reserved. - WpfGfx] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\wscf.exe [Protected.net Group Limited - Proteted.net WSCF] =>SUP.Optional.TotalAV
FOUND file: C:\Program Files (x86)\TotalAV\wscfd =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\bins =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\driver =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\locale =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\Manifest =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\ovpn =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\protected_elam =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\SAVAPI =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\startup =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\TotalAV\urldrv =>SUP.Optional.TotalAV
FOUND folder: C:\Program Files (x86)\DummyDir =>.SUP.Empty
FOUND folder: C:\Program Files (x86)\TotalAV =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\cache =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\data =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\logs =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\queues =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV\updates =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\TotalAV =>SUP.Optional.TotalAV
FOUND folder: C:\ProgramData\SecuritySuite =>SUP.Optional.ScanGuard
---\ Registry ( Key, Value, Data) (2)
FOUND key: HKCU\Software\SSProtect [AdditionalScan 53] =>.SUP.PCProtect
FOUND key: [X64] HKLM\SOFTWARE\Classes\totalav [URL:Total AV Protocol] =>SUP.Optional.TotalAV
---\ Summary of the elements found (5)
https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference
https://nicolascoolman.eu/2017/10/30/sup-totalav/ =>SUP.Optional.TotalAV
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Empty
https://nicolascoolman.eu/2017/12/21/sup-scanguard/ =>SUP.Optional.ScanGuard
https://nicolascoolman.eu/2017/10/30/sup-pcprotect/ =>.SUP.PCProtect
---\ Result of repair
~ Any repair made
~ Google Chrome OK
~ Internet Explorer OK
---\ Statistics
~ Items scanned : 100497
~ Items found : 182
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17
---\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed
~ End of search in 00h05mn20s
---\ Reports (2)
ZHPCleaner--14052022-14_22_40.txt
ZHPCleaner--14052022-20_54_39.txt
THEN I PRESSED "REPAIR" - this was a new log:
~ ZHPCleaner v2022.5.12.33 by Nicolas Coolman (2022/05/12)
~ Run by User (Administrator) (14/05/2022 20:56:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\User\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 19044)
---\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)
---\ Services (0)
~ No malicious or unnecessary items found. (Service)
---\ Browser internet (0)
~ No malicious or unnecessary items found. (Browser)
---\ Hosts file (1)
~ The hosts file is legitimate (21)
---\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)
---\ Explorer ( File, Folder) (7)
MOVED file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium
MOVED file: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium
MOVED file: C:\Windows\Prefetch\TOTALAV.EXE-775A7881.pf =>SUP.Optional.TotalAV
MOVED folder: C:\Program Files (x86)\DummyDir =>.SUP.Empty
MOVED folder: C:\Program Files (x86)\TotalAV =>SUP.Optional.TotalAV
MOVED folder: C:\ProgramData\TotalAV =>SUP.Optional.TotalAV
MOVED folder: C:\ProgramData\SecuritySuite =>SUP.Optional.ScanGuard
---\ Registry ( Key, Value, Data) (2)
DELETED key*: HKCU\Software\SSProtect [AdditionalScan 53] =>.SUP.PCProtect
DELETED key*: [X64] HKLM\SOFTWARE\Classes\totalav [URL:Total AV Protocol] =>SUP.Optional.TotalAV
---\ Summary of the elements found (5)
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium
https://nicolascoolman.eu/2017/10/30/sup-totalav/ =>SUP.Optional.TotalAV
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Empty
https://nicolascoolman.eu/2017/12/21/sup-scanguard/ =>SUP.Optional.ScanGuard
https://nicolascoolman.eu/2017/10/30/sup-pcprotect/ =>.SUP.PCProtect
---\ Other deletions. (6)
~ Registry Keys Tracing deleted (6)
~ Remove the old reports ZHPCleaner. (0)
---\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Internet Explorer OK
---\ Statistics
~ Items scanned : 1051
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17
---\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed
~ End of clean in 00h00mn09s
---\ Reports (3)
ZHPCleaner--14052022-14_22_40.txt
ZHPCleaner--14052022-20_54_39.txt
ZHPCleaner-[R]-14052022-20_56_21.txt
ZHPCleaner report
THEN I DID ANOTHER SCAN & REPAIR WITH ZHP:
~ ZHPCleaner v2022.5.12.33 by Nicolas Coolman (2022/05/12)
~ Run by User (Administrator) (14/05/2022 20:58:00)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\User\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 19044)
---\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)
---\ Services (0)
~ No malicious or unnecessary items found. (Service)
---\ Browser internet (0)
~ No malicious or unnecessary items found. (Browser)
---\ Hosts file (1)
~ The hosts file is legitimate (21)
---\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)
---\ Explorer ( File, Folder) (1)
FOUND file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference
---\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found. (Registry)
---\ Summary of the elements found (1)
https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference
---\ Result of repair
~ Any repair made
~ Google Chrome OK
~ Internet Explorer OK
---\ Statistics
~ Items scanned : 100424
~ Items found : 1
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17
---\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed
~ End of search in 00h05mn03s
---\ Reports (4)
ZHPCleaner-[R]-14052022-20_56_21.txt
ZHPCleaner--14052022-14_22_40.txt
ZHPCleaner--14052022-20_54_39.txt
ZHPCleaner--14052022-21_03_03.txt
When I pressed repair button it said, "No clean up necessary".
Then I did "Security Check" again:
SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 14.05.2022 21:04:39
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: User
VersionXML: 9.78is-14.05.2022
___________________________________________________________________________
Windows 10(6.3.19044) (x64) Core Release: 2009 Lang: English(0809)
Installation date OS: 22.02.2022 13:28:50
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [474.9 Gb] Used: [414.4 Gb] Free: [60.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Never check for updates
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Total AV (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.15128.20224
Dell SupportAssist v.3.11.1.18
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.089.0426.0003 [+]
Dropbox v.148.4.4519
-------------------------- [ IMAndCollaborate ] ---------------------------
Microsoft Teams v.1.5.00.11163
WhatsApp v.2.2216.7 [+]
Zoom v.5.9.3 (3169) Warning! Download Update
Telegram Desktop version 3.7.3 v.3.7.3
-------------------------------- [ Media ] --------------------------------
Spotify v.1.1.81.604.gccacfc8c Warning! Download Update
VLC media player v.3.0.16 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat DC (64-bit) v.22.001.20117
ph v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
bl v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.101.0.4951.54 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5
MpCmdRun.exe
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
PATCH MY PC:
.NET Framework 4.8.04084
Dropbox - 148.4.4519
Google Chrome - 101.0.4951.67
Microsoft Visual C++ 2005 Redistributable - 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) - 8.0.61000
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Telegram Desktop version 3.7.3
VLC media player - 3.0.17.4
WhatsApp - 2.2216.7
Color [Green] = Latest Version Installed
Color [Red] = Outdated Version Installed
Color [Black] = Not Currently Installed
SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 14.05.2022 21:20:39
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: User
VersionXML: 9.78is-14.05.2022
___________________________________________________________________________
Windows 10(6.3.19044) (x64) Core Release: 2009 Lang: English(0809)
Installation date OS: 22.02.2022 13:28:50
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [474.9 Gb] Used: [414.3 Gb] Free: [60.6 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Never check for updates
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Total AV (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.15128.20224
Dell SupportAssist v.3.11.1.18
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.089.0426.0003 [+]
Dropbox v.148.4.4519
-------------------------- [ IMAndCollaborate ] ---------------------------
Microsoft Teams v.1.5.00.11163
WhatsApp v.2.2216.7 [+]
Zoom v.5.9.3 (3169) Warning! Download Update
Telegram Desktop version 3.7.3 v.3.7.3
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.17.4
Spotify v.1.1.81.604.gccacfc8c Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat DC (64-bit) v.22.001.20117
ph v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
bl v.1.0.0 << Hidden Warning! This software is no longer supported. Please uninstall it.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.101.0.4951.67
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5
MpCmdRun.exe
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
Last edited by a moderator:
Don't know why it's all crossed out sorry... perhaps it shouldn't all be cut and pasted into one...
I'm stunned to see that Total Av has such market dominance and everyone uses it...!
I'm stunned to see that Total Av has such market dominance and everyone uses it...!
Last edited by a moderator:
I’ll take a look tomorrow. I’m currently visiting a friend.... no worries, we will get rid of total av from your machine.
We can remove any remnants with this tool.
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post for review by our Security Team
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
- Accept the default whitelist options,
- If the additions.txt options box is not checked please select it.
- Then select Scan
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post for review by our Security Team
Thanks so much for your continued help and easy-to-follow instructions, I hope you'll let me know if there's something I can do for you in return. Seems like TotalAV remains but in a quarantined area, but it could still reactivate. If we can put it - and me - out of our misery that would be awesome. I've downloaded the FRST 64bit program and run it, and attach the two text files - FRST & Addition - as requested.
- Status