• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved How to remove quiz / Web trends graphics from Windows search bar

Status
Not open for further replies.
#21
FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.7 KB · Views: 6
#22
Once you have completed the fix.

Farbar Recovery Scan Tool SearchAll

--------------------
  • Right click on FRST and select Run as administrator
  • Copy/paste the following in the Search: box
SearchAll: Avira;TotalAV
Click to expand...
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop.
  • Attach it here.
 
#23
Not sure if that last phase of checks/fixes deleted all my saved passwords, haha, but I just had to reset mine on this forum. Anyway, I've done both the things you asked and attach the Fixlog and FRST Search logs below.
 

Attachments

  • Fixlog.txt
    123.4 KB · Views: 4
  • Search.txt
    123.2 KB · Views: 1
#24
Strange, should not have deleted any passwords.... Is total AV still on your machine?

Run the Avira Removal Tool.
Select all options.

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    376 bytes · Views: 6
Last edited:
#25
Hello, for some reason this didn't refresh and i've only just seen latest instructions as I'm about to pop out. I'll be back in about 5 hours. Sorry for any inconvenience, and I'm sure you have things to do too on a Sunday. I did download Avira Removal Tool, and tried to run it just now, ticking all options. I got this message:
"Not all selected Avira registry keys could be removed. Please restart your computer into safe mode and run the Avira Registry Cleaner again. Please close all open applications before you restart." - I'm not really familiar with working in safe mode so I'd better tackle this once I'm back and have time to concentrate for you. I'll be back :)
 
#27
Hey, so I went into safe mode, ran Avira as directed and got a message (attached) to say that all of Avira was removed. When I restarted, to my horror Total AV installed itself before my very eyes and is now running again!!!!
 

Attachments

  • avira-result.JPG
    avira-result.JPG
    31.3 KB · Views: 5
#29
OK... an update... I saw Total AV running. I opened Task Manager and tried to "end process" but it refused to let me. But I right clicked and found the program location. It was running from an .exe file in the ZHP Quarantine folder. However, I noticed that further down in this folder location, there was another .exe file, labelled uninstall Total AV. So I right-clicked and ran that as an administrator, and uninstalled the program - see screen grab. This prompted a restart.

Once I did that, I ran ZHP scan and repair again.... And I post the scan (S) and repair (R) logs. It looks like Total AV may at last have gone from my system, based on these reports. Let me know what you think.

BTW, if you agree I have got rid of Total AV - have you any recommendations for a decent anti-virus software I should use instead? Would AVG be suitable, for instance?
 

Attachments

  • uninstall.jpg
    uninstall.jpg
    59.5 KB · Views: 4
  • ZHPCleaner (S).txt
    2.2 KB · Views: 0
  • ZHPCleaner (R).txt
    2.3 KB · Views: 1
#30
charliefarnsbarns said:
It was running from an .exe file in the ZHP Quarantine folder.
Click to expand...


ZHP Cleaner does not have a very effective quarantine. LOL

Glad you got that figured out. :)

Download the Everything Search Engine and type Quarantine then edit select all right and copy full name to clipboard., post the result here.

Then lets check for any remnants.


ZHP Diag Scan Click here to download.
Save to your desktop.
Right Click Run as Admin.
Click the Options button.
Click on Check All
Then click close.
Click the Scanner button.
When complete please push the report button.
A notepad will open... attach the report in your next reply.


As far as Antivirus, windows defender should be fine, but you can add one of the following below as a companion AV. Should run alongside defender without issue.


X-Virus
SecureAplus
 
#31
Everything:

C:\Users\User\AppData\Local\WhatsApp\app-2.2216.7\resources\app.asar.unpacked\node_modules\node-quarantine
C:\Users\User\AppData\Local\WhatsApp\app-2.2216.8\resources\app.asar.unpacked\node_modules\node-quarantine
C:\AdwCleaner\Quarantine
C:\FRST\Quarantine
C:\Program Files (x86)\Adware Removal Tool by TSA\Quarantine
C:\ProgramData\Microsoft\Windows Defender\Quarantine
C:\Users\User\AppData\Roaming\ZHP\Quarantine
C:\Users\User\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\SecuritySuite\Quarantine
C:\Users\User\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\SecuritySuite\SecuritySuite\Quarantine
C:\Users\User\AppData\Local\WhatsApp\app-2.2216.7\resources\app.asar.unpacked\node_modules\node-quarantine\bin\win32-x64-87\node-quarantine.node
C:\Users\User\AppData\Local\WhatsApp\app-2.2216.8\resources\app.asar.unpacked\node_modules\node-quarantine\bin\win32-x64-87\node-quarantine.node
 
#35
I will take a look at the Zhp log when I get home. I personally do not need anything but if you wish you can make a donation to the forum. Just standby one more set of instructions. Here in a couple of hours
We will clean the tools used and create a new restore point etc.
 
#38
FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




Something suspicious I missed earlier.
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden

After the fixlist reboots the machine. Then go to the Control Panel, Program Features and remove what seems to be labeled as bl.
FRST64 will only unhide the entry. The removal must be done manually. You can use Geekuninstaller force mode if needed.


Disable windows 10 spyware with O&O software, this can chew up bandwidth while you game as microsoft is constantly uploading various data from your machine.

Disable windows update, and only enable it once a week to update on your terms not whenever microsoft feels you need an update.

Uninstall Useless to you windows apps with O&O App buster.


Uninstall the following with GeekUninstaller, they are useless and waste system resources. (Your choice optional as these are not malware, just bloatware.)


Dell Digital Delivery Services (HKLM-x32\...\{560DFD4A-23E2-45DD-A223-A4B3FA356913}) (Version: 4.0.92.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{D5BD7604-A1C8-47DC-8C0A-70F9BED27245}) (Version: 3.11.1.18 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2a8bafd6-22ae-4d0e-87a4-686b2a4a2ab0}) (Version: 5.5.1.16143 - Dell Inc.)
Dell Update (HKLM-x32\...\{372F0A07-77E0-4CE6-ADA2-91820D7C5B1B}) (Version: 1.9.8.0 - Dell Inc.)
 

Attachments

  • fixlist.txt
    367 bytes · Views: 6
#39
Well looking at the logs again I always triple check, I found this, you will need to run this fixlist and then remove the program named PH

ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
 

Attachments

  • fixlist.txt
    587 bytes · Views: 4
#40
Good morning Malnutrition! I ran your "bh" fixlist last night, the log for that is attached here... I relabelled it Fixlog-1. I then removed it using GeekUninstaller, while getting rid of all the Dell bloatware you highlighted.

This morning I ran your next fixlist for the "ph" program, in fact I ran it twice - and on the second occasion this prompted an "uninstall" window to appear for "ph", so I did that. There are two logs from this morning - Fixlog-2 and Fixlog-3.
I also downloaded the two O&O programs, I made some adjustments. With the spyware one, when one wants to disable something, am I correct in thinking you shift the slider right to enable i.e. you are enabling the blocker which then disables that function?? Or, should I slide it left to disable? Other than possibly misunderstanding how the slider worked on that program, I think I've done everything you recommended and hopefully we're done.
 

Attachments

  • Fixlog-1.txt
    3.6 KB · Views: 1
  • Fixlog-2.txt
    3.7 KB · Views: 0
  • Fixlog-3.txt
    3.5 KB · Views: 1
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu