1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Adware Browser Plugin malware

Discussion in 'Virus & Other Malware Removal' started by JimHebert, Feb 13, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. JimHebert

    JimHebert Thread Starter

    Joined:
    Nov 27, 2008
    Messages:
    21
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz, Intel64 Family 6 Model 142 Stepping 9
    Processor Count: 4
    RAM: 8067 Mb
    Graphics Card: NVIDIA GeForce 940MX, -2048 Mb
    Hard Drives: C: 237 GB (63 GB Free);
    Motherboard: KBL, Dragonite_KL
    Antivirus: ZoneAlarm Free Firewall Antivirus, Enabled and Updated

    Hi:
    I am using Windows 10 Home version 1703 (15063.1387). The problem began a couple of days ago when Zonealarm antivirus displayed a pop-up with a running sequence of Adware Browser Plugin Gen 2 being listed one after the other going down the pop-up. I would select all then delete them but they kept re-appearing one under the other. Also I have recently installed Wise AntiMalware & it popped up also and was blinking & showing the same malware as on ZoneAlarm. I had to restart my laptop in order to clear the screen because I couldn't close any of the pop-ups. I have tried AdwCleaner, but several hours or the next day the same attack reappears. I am hesitant on downloading Removal Tools listed on a search engines because I don't know if they are viruses and cause greater harm, or if they can be trusted.
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    381
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything, please ask.
    --------------------

    Can you post a screenshot of the pop-ups?


    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen pop-up, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, two log files will open - FRST.txt and Addition.txt.
    • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. JimHebert

    JimHebert Thread Starter

    Joined:
    Nov 27, 2008
    Messages:
    21
    See Uploaded File
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    381
    Hi,

    In the future, please copy and paste scan reports into your reply. Thanks. ;)

    I do not recommend the use of the 'Registry Cleaning' feature of Argente Utilities. Registry cleaners can do more harm than good. If a registry key that is required is removed, certain functions of the operating system may not work properly. At worst, your computer can become unbootable.

    ----------------------

    Did you set these policy restrictions?

    CHR HKLM\SOFTWARE\Policies\Google: Restriction
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
    HKU\S-1-5-21-499605155-585619864-2847611390-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction

    ----------------------


    Highlight the contents of the below code box and press Ctrl + C:
    Code:
    Start::
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    FF Extension: (PackageTrak) - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iip4mtta.Profile 6Nov18 1.5PM\Extensions\{d6f11f95-a27b-47cd-bbcf-a9b5f2dd2a36}.xpi [2018-12-06]
    
    U1 aswbdisk; no ImagePath
    U3 iswSvc; no ImagePath
    
    ShellIconOverlayIdentifiers: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers: [  OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ShellIconOverlayIdentifiers: [  OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
    ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
    ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
    
    
    VirusTotal: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iip4mtta.Profile 6Nov18 1.5PM\Extensions\{baf9eb7e-a323-4a6d-bcf9-15cc0c8e06d7}.xpi
    VirusTotal: C:\Program Files (x86)\Portable.db
    
    End::
    Right-click on FRST/FRST64 and select Run as Administrator.
    Click on Fix.
    Note - there is no need to paste the contents of the code box anywhere.
    If your computer restarts, allow it to do so.
    Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
    Please copy and paste the contents of the fixlog into your next reply.

    Let me know if the problems persist.

    Thanks.
     
  5. JimHebert

    JimHebert Thread Starter

    Joined:
    Nov 27, 2008
    Messages:
    21
    Sorry, but I had tried to post my last reply but I couldn't send it to you because it was over the 10000 character limitation. That is why I uploaded a file. I will try to send this next one on this reply. If you have any other recommendation I will certainly do as you tell me.

    I will uninstall Argente Utilities. I understand that you do not want me to use any type of registry cleaner at all. Please confirm. If there is one that you think is suitable, please advise.

    No, I did not set any one of those policy restrictions. It is the first time I see that.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
    Ran by Dean (13-02-2019 21:04:51) Run:1
    Running from C:\Users\Dean\Desktop
    Loaded Profiles: Dean (Available Profiles: Dean)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    FF Extension: (PackageTrak) - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iip4mtta.Profile 6Nov18 1.5PM\Extensions\{d6f11f95-a27b-47cd-bbcf-a9b5f2dd2a36}.xpi [2018-12-06]
    U1 aswbdisk; no ImagePath
    U3 iswSvc; no ImagePath
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
    VirusTotal: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iip4mtta.Profile 6Nov18 1.5PM\Extensions\{baf9eb7e-a323-4a6d-bcf9-15cc0c8e06d7}.xpi
    VirusTotal: C:\Program Files (x86)\Portable.db

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iip4mtta.Profile 6Nov18 1.5PM\Extensions\{d6f11f95-a27b-47cd-bbcf-a9b5f2dd2a36}.xpi => moved successfully
    HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
    HKLM\System\CurrentControlSet\Services\iswSvc => removed successfully
    iswSvc => service removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => removed successfully
    HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => removed successfully
    HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => removed successfully
    HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => not found
    VirusTotal: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iip4mtta.Profile 6Nov18 1.5PM\Extensions\{baf9eb7e-a323-4a6d-bcf9-15cc0c8e06d7}.xpi => https://www.virustotal.com/file/fee...cff84ee7ed236c9ce048a79b/analysis/1550113395/
    VirusTotal: C:\Program Files (x86)\Portable.db => https://www.virustotal.com/file/852...a48cc3cf1ce0eecb92b9f602/analysis/1547919452/

    =========== EmptyTemp: ==========

    BITS transfer queue => 11821056 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 124560264 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => -1068567 B
    Edge => 10050 B
    Chrome => 0 B
    Firefox => 134862013 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 908 B
    LocalService => 0 B
    NetworkService => 0 B
    NetworkService => 0 B
    Dean => 2685891 B

    RecycleBin => 53429 B
    EmptyTemp: => 260.3 MB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-02-2019 21:08:19)


    Result of scheduled keys to remove after reboot:

    HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected

    ==== End of Fixlog 21:08:19 ====
     
  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    381
    Hi,

    I don't recommend the use of any registry cleaners. However, the use of programs like CCleaner is fine - just not the Registry cleaning feature.

    We'll remove those policy restrictions with this FRST Fix.

    Highlight the contents of the below code box and press Ctrl + C:
    Code:
    Start::
    
    CHR HKLM\SOFTWARE\Policies\Google: Restriction
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
    HKU\S-1-5-21-499605155-585619864-2847611390-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
    
    End::
    Right-click on FRST/FRST64 and select Run as Administrator.
    Click on Fix.
    Note - there is no need to paste the contents of the code box anywhere.
    If your computer restarts, allow it to do so.
    Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
    Please copy and paste the contents of the fixlog into your next reply.

    -----------------------

    How is the computer doing? Do you still receive the detections from the antivirus programs?

    Thanks.
     
  7. JimHebert

    JimHebert Thread Starter

    Joined:
    Nov 27, 2008
    Messages:
    21
    Will do concerning CCleaner.

    Concerning any more attacks, I had one incident this morning of a word doc. page if I recall correctly, from my documents that I was using yesterday, that opened automatically out of nowhere on my screen. Other than that I have not had anything else unusual show up. I won't know for sure until another day or so goes by to see if all is OK. I appreciate your help & when we are complete in solving this problem I will certainly make a donation. I don't see a donation button anywhere & do you guys accept Paypal?

    Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
    Ran by Dean (14-02-2019 10:58:00) Run:2
    Running from C:\Users\Dean\Desktop
    Loaded Profiles: Dean (Available Profiles: Dean)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CHR HKLM\SOFTWARE\Policies\Google: Restriction
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
    HKU\S-1-5-21-499605155-585619864-2847611390-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction

    *****************

    HKLM\SOFTWARE\Policies\Google => removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
    HKU\S-1-5-21-499605155-585619864-2847611390-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully

    ==== End of Fixlog 10:58:00 ====
     
  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    381
    Hi,

    You can donate to Tech Support Guy here.

    Press the Windows Key + R. This will open the Run box.
    Type Appwiz.cpl and click OK.

    A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

    Java 8 Update 191


    Follow the steps in the uninstaller to remove the program.

    (Java 8 update 201 is the latest version, which you have installed. Removing old versions of Java will protect your computer from unpatched security holes.)

    ----------------------

    I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened. Additionally, drivers used by both programs may conflict as well. In general terms, the two programs may cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore, please uninstall one of the antivirus programs.

    Press the Windows Key + R. This will open the Run box.
    Type Appwiz.cpl and click OK.

    A list of installed programs will appear. Uninstall one of the below programs by selecting it and clicking Uninstall:

    ZoneAlarm
    Avast! Antivirus


    ----------------------

    Download AdwCleaner and save it to your Desktop.
    • Right-click on AdwCleaner.exe and select Run as Administrator.
    • Accept the EULA (I accept), then click on Scan.
    • Let the scan complete. If no objects are detected, close the AdwCleaner window.
    • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
    • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.

    Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).


    Thanks. (y)
     
  9. JimHebert

    JimHebert Thread Starter

    Joined:
    Nov 27, 2008
    Messages:
    21
    Hi::)

    Is it OK if I disable the Anti-virus feature of Zonealarm and leave the firewall & the data/identity protection enabled which I thought would be useful or should I totally uninstall it as you mentioned?

    I uninstalled Java & won’t use Java again since Firefox doesn’t support it. What is your opinion?

    I ran Adwcleaner today and had no threats. Before reading your e-mail yesterday, I had already used Adwcleaner & wondering if this entry below in the register may have been the source of the problem. I have seen this in the past. I think this is a PUP. Is there a tool to block these?



    Malwarebytes Malware Cleaner

    Mode: Clean

    # -------------------------------

    # Start: 02-15-2019

    # Duration: 00:00:01

    # OS: Windows 10 Home

    # Cleaned: 1

    # Failed: 0





    ***** [ Services ] *****



    No malicious services cleaned.



    ***** [ Folders ] *****



    No malicious folders cleaned.



    ***** [ Files ] *****



    No malicious files cleaned.



    ***** [ DLL ] *****



    No malicious DLLs cleaned.



    ***** [ WMI ] *****



    No malicious WMI cleaned.



    ***** [ Shortcuts ] *****



    No malicious shortcuts cleaned.



    ***** [ Tasks ] *****



    No malicious tasks cleaned.



    ***** [ Registry ] *****



    Deleted HKLM\Software\Classes\CLSID\{D4EF86C3-77D7-4F82-BBB8-6DFFAB6E2D32}



    ***** [ Chromium (and derivatives) ] *****



    No malicious Chromium entries cleaned.



    ***** [ Chromium URLs ] *****



    No malicious Chromium URLs cleaned.



    ***** [ Firefox (and derivatives) ] *****



    No malicious Firefox entries cleaned.



    ***** [ Firefox URLs ] *****



    No malicious Firefox URLs cleaned.





    *************************



    [+] Delete Tracing Keys

    [+] Reset Winsock



    *************************



    AdwCleaner[S00].txt - [3739 octets] - [16/01/2019 01:41:49]

    AdwCleaner[C00].txt - [3389 octets] - [16/01/2019 01:42:44]

    AdwCleaner[S01].txt - [1434 octets] - [12/02/2019 08:23:25]

    AdwCleaner[C01].txt - [1600 octets] - [12/02/2019 08:25:56]

    AdwCleaner[S02].txt - [1556 octets] - [12/02/2019 17:19:41]

    AdwCleaner[C02].txt - [1722 octets] - [12/02/2019 17:31:34]

    AdwCleaner[S03].txt - [1656 octets] - [13/02/2019 17:33:49]

    AdwCleaner[C03].txt - [1822 octets] - [13/02/2019 17:34:19]

    AdwCleaner[S04].txt - [1738 octets] - [13/02/2019 18:02:19]

    AdwCleaner[C04].txt - [1924 octets] - [13/02/2019 18:03:04]

    AdwCleaner[S05].txt - [1860 octets] - [14/02/2019 16:26:59]

    AdwCleaner[C05].txt - [2046 octets] - [14/02/2019 16:29:11]

    AdwCleaner[S06].txt - [1982 octets] - [14/02/2019 17:04:00]

    AdwCleaner[S07].txt - [2105 octets] - [15/02/2019 07:55:58]



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C07].txt ##########
     
  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    381
    Hi,

    Since the AV programs often have drivers/services that can conflict with each other, I'd keep only one and uninstall the other one. If you like ZoneAlarm's features, then you can keep that and uninstall Avast.

    Regarding Java, it depends on whether you use Java-based applications/programs. If not, feel free to remove it. You can always install it again if needed.

    --------------------

    The AdwCleaner detection is a component of Wise Registry Cleaner.

    It appears the source of the ZoneAlarm detection pop-ups was an unwanted Firefox Extension, which we removed with the FRST fix.

    Let me know if there are any problems with the computer, and if you have any questions or concerns.

    Thanks.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1223079

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice