Amozilla Crash Reporter - Malware

[JuanMelvin]

I have a problem with Amozilla.

I have see much problem about this but i don't have fixlist.txt file.

 I already have Malwarebytes.txt, AdwCleaner[C00].txt, FRST.txt, and Addition.txt:

Should I upload AdwCleaner[S00].txt too?

 

FRST.txt Malwarebytes.txt Addition.txt AdwCleaner[C00].txt AdwCleaner[S00].txt

[JuanMelvin]

Could someone help me?

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You Windows Firewall is disabled.
Turn ON your Firewall Windows.
https://support.microsoft.com/en-us/instantanswers/c9955ad9-1239-4cb2-988c-982f851617ed/turn-windows-firewall-on-or-off
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

[JuanMelvin]

 

I have activated my Windows Firewall now. Thank you for reminding me.

The Amozilla pop-up now doesn't appear anymore. Once again, thank you very much for helping me.

This is my fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-02-2020
Ran by ADMIN (02-03-2020 18:40:16) Run:1
Running from C:\Users\ADMIN\Desktop
Loaded Profiles: ADMIN (Available Profiles: ADMIN)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3117431016-1462550829-2819791719-1000\...\Run: [firefox] => C:\Program Files\Common Files\HorizonPC\update.exe [910296 2010-03-31] (Mozilla Corporation -> Mozilla Corporation) <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF ProfilePath: C:\Users\ADMIN\AppData\Roaming\AMozilla\AFirefox\Profiles\v0n4l35z.default [2020-03-01] <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FirewallRules: [TCP Query User{9ACDA590-2B50-44AF-A70E-92BACD836554}E:\snappy driver installer\sdi_r439.exe] => (Block) E:\snappy driver installer\sdi_r439.exe No File
FirewallRules: [UDP Query User{D5556944-F802-4EBD-9AC2-62A463AC91F2}E:\snappy driver installer\sdi_r439.exe] => (Block) E:\snappy driver installer\sdi_r439.exe No File
C:\Program Files\Common Files\HorizonPC
CMD: netsh int ip reset
CMD: ipconfig /flushDNS

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3117431016-1462550829-2819791719-1000\Software\Microsoft\Windows\CurrentVersion\Run\\firefox" => removed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
"C:\Users\ADMIN\AppData\Roaming\AMozilla\AFirefox\Profiles\v0n4l35z.default" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9ACDA590-2B50-44AF-A70E-92BACD836554}E:\snappy driver installer\sdi_r439.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D5556944-F802-4EBD-9AC2-62A463AC91F2}E:\snappy driver installer\sdi_r439.exe" => removed successfully.
C:\Program Files\Common Files\HorizonPC => moved successfully

========= netsh int ip reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /flushDNS =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 18:40:41 ====

 

 

You can also read it in this file (if you want..):

Fixlog.txt

[nasdaq]

Glad we could help.

[JuanMelvin]

Yep..

[Maurice Naggar]

Hi JuanMelvin.

This is for tool cleanup.  To remove the FRST tool & its work files, do this.  Go to your DESKTOP.  Do a RIGHT-click on FRST.exe & select RENAME & then change it to UNINSTALL.

Then run that ( double click on it)  to begin the cleanup process.

 

Tips for your web browser programs.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

.

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

.

If the pc has Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks