Virus/Malware/PUP and other good stuff...need help again.

Hello Avast community,
I seek your help again.
I am following the following instructions:
https://forum.avast.com/index.php?topic=53253.0

These darn annoying pop ups, leading to slow running PC.

Here attached are the following files:

Thanks in advance to the Malware Analyst that will be helping out this issue.
avastpandainc.

Could you let me know what problems remain after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: S2 BrowseForTheCause; "C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe" [X] R2 PrivoxyService; C:\Program Files (x86)\Techsmart Computer\privoxy.exe [371200 2016-05-19] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION C:\Program Files (x86)\Techsmart Computer C:\Program Files (x86)\BrowseForTheCause Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your Desktop.

[*]Close all open programs and internet browsers.[/]
[*]Double click on AdwCleaner.exe to run the tool.[/
]
[*]Click the Scan button and wait for the process to complete.[/]
[*]Click the logfile button and the log will open in Notepad.[/
]
[*]Click on the Clean button follow the prompts.[/]
[
]A log file will automatically open after the scan has finished and the PC has rebooted.[/]
[
]Please post the content of that log file with your next answer.[/]
[
]The report will be saved in the C:\AdwCleaner folder.

Thank you for your prompt reply,
here is the log after fixlist was generated: FixLog

here is the log after running adwcleaner_5.119:

I am going to predict that all is well now?

Hmm privoxy does not appear to want to go

Could you run MBAM again please

Hi essexboy,
here are the four files from today’s run.

The error could have been due to the fact that my first run of FRST64, I did not (right click) and run as administrator.

thanks.

Looks OK any problems ?

Honestly, it felt OK, even before the second run of MBAM.

Do you still want to proceed with a new fixlist.txt? (and subsequently adwcleaner)

Or should we conclude with Delfix?

I am content with the behaviour of this laptop after your help…

Nope tidy up as it looks clean

Good day,
Before I even got a chance to tidy up, the following pop up site appears:

http://supportforpc.co/us2015305/support-for-virusremoval.php
and even this one:
http://www.cashcapitalsystem.com/b/guest.php?t=zGbf0zzzcH42dd5e3681e1bc5ca873de6182034e7ad6342c9e&campid=251&v_inn=bo

and
http://www.onesafe-software.com/en/cleaner/LP1.cfm?tracking=AQ_CA_PP_SNW_OSPCC&uid=&filter=47&campaignid=SNW&mtmid=&mrmid=&clickid=MzAjNDgxIzIyIzI1OXw0NTAwfENBfDN8MXx8YTJWNWQyOXlhdypZWFpoYzNRfmN6SnoqTUdRell6Y3hZMkkxWlRZNU5ERmpNMkl5WVRBNU5XTmxaRE00TTJNME4yRXx8

and this one too:
http://www.reimageplus.com/lp/mxy/index.php?tracking=ReimageNetworkCon&banner=Tapuz&adgroup=832267&ads_name=4060387&keyword=w9T4QC1SJBVT3C8T0FHD62FG&CID=v1_7937227_211427_3o1_0A67B7B5A13042730275488795_-1_4060387_v6it_536_0A67B7B5A13042729851797361_m_ju_-1718806820914884255_832267___2_16_4d8r_ju&ClickID=w9T4QC1SJBVT3C8T0FHD62FG

here are the four files…next post

What browser did they appear in Chrome ?

Yes, you are correct, Google Chrome browser
Here are the four files:

Personally I would get rid of Chrome as it is now becoming a risk

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR Extension: (04a647e8892acb00f8fea02167c03aff) - C:\Program Files (x86)\Google\Chrome\Application\04a647e8892acb00f8fea02167c03aff [2016-02-24] CHR Extension: (04a647e8892acb00f8fea02167c03aff_2) - C:\Program Files (x86)\Google\Chrome\Application\04a647e8892acb00f8fea02167c03aff_2 [2016-06-01] Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

I do not have a good feeling with this fixlog.
As soon as this laptop rebooted, and I was logging on to this forum, it generated a pop-up/another page.
We use Chrome on three different devices.
If the solution is to curb our browser usage, then we will go that route as suggested.

Thank you.

First off confirm as to whether this occurs in other browsers …

If not then run Chrome in incognito mode, does that stop it https://support.google.com/chrome/answer/95464?hl=en-GB

Let me know the result

To answer your first question, yes the pop ups and unwanted tabs occur with IE (edge).

OK reset edge … Does this also occur in FF and IE ?

http://www.howtogeek.com/237527/how-to-reset-microsoft-edge-in-windows-10/

I have “Reset Microsoft Edge Through the settings”
once rebooted.

on the Chrome side, yes there are still pop ups and unwanted new tabs.
And on the IE Edge, darn yes still present.

Would you like me to continue with the System File Checker method? (method 2 from HowToGeek?)

I suspect the virus was originated in an Edge browser, as the primary user of this laptop uses IE.

Firefox is not even used/installed.

I ran the SFC Scannow:

Windows Resource Protection did not find any integrity violations.