Help with js:redirector-bww [adw]

So I’ve recently begun receiving notices that avast! is blocking the mentioned infection, usually the first or second time I open Google Chrome after a shutdown. From the name, I’m assuming it’s just meant to redirect me to a new website, which avast! has blocked every time.

Unfortunately I didn’t get a screen capture of avast!'s notification, but the directory involved was, if I remember correctly, the typical Google Chrome directory. I remember the URL involved was something similar to tribalfusion.com, but unfortunately I don’t have the exact for either the directory or the URL. I figured I’d get it again this morning and could record it, but it hasn’t shown up. But I’d still like to get it checked out since it’s been coming up so much.

I did a threat scan on Malwarebytes earlier on when it started, but it didn’t catch anything. Since logs were required for Malwarebytes here, I figured I’d just do a more recent scan, but have it cover a bit more with a custom scan. This time it caught something as the logs will show. The file hid itself in an English translation patch I’d gotten around 3 months back. I don’t really feel like it was hidden there, as the translation has been used a fair bit, so maybe it just latched on somehow recently? Anyways, it’s in quarantine right now, so I figured I’d go ahead and finish the other logs, just to make sure things looked good. Thanks for the help guys, I appreciate it.

Unfortunately I didn't get a screen capture of avast!'s notification
if you have not rebooted since it happend, you can right click avast tray icon and select show last pop up .... and take a screenshot the popup has a pin in top right corner so you can pin it to the screen if needed
This time it caught something as the logs will show.
[b]PUP[/b].RiskWare.HideExec = [b]P[/b]ossible [b]U[/b]nwanted [b]P[/b]rogram

Malwarebytes PUP Criteria https://www.malwarebytes.org/pup/

Riskware https://www.virusbtn.com/resources/glossary/riskware.xml

Yeah, unfortunately I did reboot it.

Could you confirm that it is just in chrome

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-909257415-2574264389-1177266193-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File 2015-07-20 14:44 - 2015-05-18 14:36 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

I tried IE, nothing popped up from avast! and nothing unusual happened. But Google Chrome didn’t always cause an avast! pop-up either. And here are my new logs.

Could you monitor it please and if it happens again then screen shot the popup and post that

Absolutely, I’ll be on the lookout. Despite shutting down a few times for the scans, it hasn’t popped up, which is unusual. Though Malwarebytes did quarantine the potential perpetrator, so maybe that’s why.