When I open my browser immediately avast detects a threat. Then all these threats are detected frequently:
hxxp://couponbluemy.us/sync2/
hxxp://proxy5-jpi.info/sync2/
hxxp://jpisyncer.info/sync2/
hxxp://groupstyleusa.info/sync2/
hxxp://getsync.info/sync2/
hxxp://installsunny.us/sync2/
hxxp://websolutiion.in/sync2/
The MBAM is a .xml file and I can not attach it.
Hi and welcome 
FRST should generate another report called Addition.txt - could you post it also?
Here it is
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
Fix with Junkware Removal Tool
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and let this process run uninterrupted.
[*]This scan can take a while, depending on your System specs.
[*]Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner
Please download AdwCleaner by Xplode and save the file to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and click Scan.
[*]When finished, please click Clean.
[*]Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.
Good. These are the files.
Methinks that the difference should be noticeable…
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Yes, I can see the difference. No threat detected after all these actions
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png
[*]Copy the entire content of the codebox below and paste into the Notepad document:
start
HKU\S-1-5-21-3175752406-1938880129-1598445509-1000\...\MountPoints2: {3fc4b90b-1e1c-11e4-b7de-902b34443551} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3175752406-1938880129-1598445509-1000\...\MountPoints2: {3fc4b914-1e1c-11e4-b7de-902b34443551} - G:\setup_vmb_lite.exe /checkApplicationPresence
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Program Files (x86)\ShopperPro
Task: {42ADE1E6-2E6F-40FA-9314-32C1C7924383} - System32\Tasks\ShopperProUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
EmptyTemp:
end
[*]Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
A long process but I am happy to see the results 
Hi
Looks alot better. Now some general scans to confirm.
https://sites.google.com/site/cannedfixes/malwarebytes-anti-malware/51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes’ Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
[*]Install the progam and select update.
[*]Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
[*]Click the Scan tab, choose Threat Scan is checked and click Scan Now.
[*]If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
[*]Upon completion of the scan (or after the reboot), click the History tab.
[*]Click Application Logs and double-click the Scan Log.
[*]At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
https://sites.google.com/site/cannedfixes/eset-online-scanner/ESETOnline.png
Scan with ESET Online Scanner
This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.
If using Internet Explorer:
[*]Accept the Terms of Use and click Start.
[*]Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
[*]Download esetsmartinstaller_enu.exe that you’ll be given link to.
[*]Double click esetsmartinstaller_enu.exe.
[*]Allow the Terms of Use and click Start.
To perform the scan:
[*]Make sure that Enable detecion of potentially unwanted applications is checked.
[*]In the Advanced Settings dropdown menu: [*]Make sure that Remove found threats is unchecked.
[*]Scan archives is checked.
[*]Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
[*]Use custom proxy settings is unchecked.
[*]Click Start
[*]The program will begin to download it’s virus database. The speed may vary depending on your Internet connection.
[*]When completed, the program will begin to scan. This may take several hours. Please, be patient.
[*]Do not do anything on your machine as it may interrupt the scan.
[*]When the scan is done, click Finish.
[*]A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don’t forget to re-enable previously switched-off protection software!
https://sites.google.com/site/cannedfixes/security-check/51c9d14017fa0-SecurityCheck.PNG
Scan with Security Check
Please download Security Check by Screen317 and save it to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/security-check/51c9d14017fa0-SecurityCheck.PNG
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow onscreen instructions inside the black box. This scan won’t take long.
[*]Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Hi
All done but today I had a blue screen error, twice when malwarebytes was scanning. Yesterday also 4 blue screens… I think is due to the Mbam, I don’t know. I have never had this problem before. No threats for sure since yesterday ;D
Is there a second system installed on D:\ drive?
It is… from another PC
It is not installed…When I bought this PC I saved all the files located in C:/ from my “old” PC on this computer…all important files (photos, music,…) were there
If that system is operational, is thould be checked also.
https://sites.google.com/site/cannedfixes/updating-software/updates.png
Update outdated software
Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.
https://sites.google.com/site/cannedfixes/updating-software/firefox-256.jpg
Updating Mozilla Firefox manually
[*]Please open Firefox.
[*]Click the
https://sites.google.com/site/cannedfixes/updating-software/firefoxmenu.png
icon.
[*]Click Help and select About Firefox.
[]Firefox will search for any updates and start downloading them automatically.
[]When the updates will be ready you will be prompted to restart Firefox. Please do it.
Please remember to keep it always up-to-date.
https://sites.google.com/site/cannedfixes/delfix/51a5ce45263de-delfix.png
Clean with DelFix
Please download DelFix by Xplode and save it to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/delfix/51a5ce45263de-delfix.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
[*]Push Run.
[*]When finished, it will display a notepad report.
Include it for my review.
Please also manually reboot your machine after posting your logfile.
The sistem is not operational. This is the logfile
Hi and I’m very sorry for the delay. I had a short-circuit accident which deeply fried my home PC’s hard drive. As you may know, it’s quite hard to run a PC without it
I think that we are done here
Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.
Recommended reading:
http://forum.programosy.pl/images/smilies/icon_exclaim.gif
MUST READ - security tips: Computer Security - a short guide to staying safer online.
http://forum.programosy.pl/images/smilies/icon_exclaim.gif
MUST READ - general maintenance: What to do if your Computer is running slowly?
Recommended additional software:
http://forum.programosy.pl/images/smilies/icon_arrow.gif
TFC - to clean unneeded temporary files.
http://forum.programosy.pl/images/smilies/icon_arrow.gif
Malwarebytes’ Anti-Malware - to scan your system from time to time in search for malware.
http://forum.programosy.pl/images/smilies/icon_arrow.gif
Malwarebytes’ Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
http://forum.programosy.pl/images/smilies/icon_arrow.gif
McShield - to prevent infections spread by removable media.
http://forum.programosy.pl/images/smilies/icon_arrow.gif
CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
http://forum.programosy.pl/images/smilies/icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.
All donations are to refund a new HDD to replace the old one, which recently passed away!
https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif
Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.
https://sites.google.com/site/cannedfixes/closing/Minion-Bye-smaller.jpg
Stay safe,
Naat
Thank you very much for your support. You really helped me
You are welcome