I have run scans with Malwarebytes, Adwcleaner but I still seem to have a few lingering pop ups on websites. I’m installingAvast Free as my AV and will run a boot time scan to see if this fixes the issue, and I seem to have a remnant from Evernote (from the previous Windows 8 install) that I upgraded to 10, that when I uninstall it, the installer cannot find. As an aside the ads are only on Microsoft Edge and Chrome is affected to on various sites.

The boot time scan found a whole ton of adware, Trojan and other things. I got rid of all the viruses in the chest, but the problem still exists. Matt

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Thanks for your help I will attach the files soon.

The Malwarebytes one will be coming momentarily.

Malwayebytes text

OK, now you’ve to wait a bit…

At the moment Edge has no adblocking capabilities at all so it is subject to whatever th esites put out

Have you run AdwCleaner ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll No File BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File 2015-08-19 12:40 - 2015-08-19 17:33 - 00000000 ____D C:\Users\MattyIce\AppData\Roaming\y2ziyzzxywtlbtv 2015-08-19 11:13 - 2015-08-19 21:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-08-19 11:13 - 2015-08-19 11:13 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2015-08-12 13:50 - 2014-04-16 17:08 - 0658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall3010528.exe Task: {284D96A7-D8D7-4678-B6D7-80077CB5070F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3A36E291-1FEF-47EA-827C-93758583CEB7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {42C461B4-B2E2-400A-A3DC-601058AD0B30} - \DNSWABENO -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => 0x000A0100C5E4A00954333644B8F9AF405B81C5C84600D400000000003C000A00200000000014730F000000000513040020200401000000000000000000000000000000000000180043003A005C00570049004E0044004F00570053005C006500780070006C006F007200650072002E0065007800650000000C002F004E004F0055004100430043004800450043004B000000000018004500780070006C006F007200650072005300680065006C006C0055006E0065006C00650076006100740065006400000000000000080003130400000000000000 Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => 0x000A01002BE3E9BD2E0EA245870D43B3A717522146002E03000000003C000A0020000000FEFFFFFF000000000013040000008021DF0708000300130015003900240072030000360043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0047006F006F0067006C0065005C005500700064006100740065005C0047006F006F0067006C0065005500700064006100740065002E00650078006500000003002F0063000000000010004F00460046004900430045005C004D006100740074007900490063006500000020014B006500650070007300200079006F0075007200200047006F006F0067006C006500200073006F00660074007700610072006500200075007000200074006F00200064006100740065002E002000490066002000740068006900730020007400610073006B002000690073002000640069007300610062006C006500640020006F0072002000730074006F0070007000650064002C00200079006F0075007200200047006F006F0067006C006500200073006F006600740077006100720065002000770069006C006C0020006E006F00740020006200650020006B00650070007400200075007000200074006F00200064006100740065002C0020006D00650061006E0069006E0067002000730065006300750072006900740079002000760075006C006E00650072006100620069006C00690074006900650073002000740068006100740020006D00610079002000610072006900730065002000630061006E006E006F007400200062006500200066006900780065006400200061006E00640020006600650061007400750072006500730020006D006100790020006E006F007400200077006F0072006B002E002000540068006900730020007400610073006B00200075006E0069006E007300740061006C006C007300200069007400730065006C00660020007700680065006E0020007400680065007200650020006900730020006E006F00200047006F006F0067006C006500200073006F0066007400770061007200650020007500730069006E0067002000690074002E000000000008000000000000000000020030000000CF0701000100000000000000000000000000000000000000000000000700000001000000000000000000000030000100DF07080013000000000000000D00190000000000000000000000000001000000010000000000000000000000 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Not since last night, no. I do have chrome as a backup (I’ll use that until Edge matures)…Quick question. Where can I put both the tool and the text copied from notepad so the fix is effective? The desktop doesn’t seem to work well.

As long as the fix and frst are in the same folder (not a temporary one) it should work OK

Here is the fixlist.txt. Not sure why it was renamed to fixlog. (Maybe after I created the folder and applied the fix, it renamed)? I will be back in a bit (have to run across town to get a new ID)

Yes that is automatic fixlist is deleted and fixlog created…

What problems are evident now

Other then the fact I’m having an issue with Edge and startup is taking about 173 seconds, not many problems. (That I can see anyway) Are you noticing anything problematic?

I take that back…lots of popups in browsers but only on edge…Chrome is not affected.

Could you try IE and see if that is also affected

I certainly can, but since IE was scrapped on Windows 10 in favor of Edge, I am not sure where to find it?

It is still there, I use it

C:\Program Files\Internet Explorer\iexplore

I apologize for the delay, was out all day yesterday with family. I have checked IE and i’m not sure it does. One issue i’m seeing that even though it’s not Avast, when I go to ESET to visit their page (in case of using the online scanner) I get http://www.eset.com/us/ on Chrome. On IE and Edge I get http://ww2.eset.com/us/.

Slightly different addresses

People running large(-ish) sites used to do this when they needed to break up the load between more than one server. One machine would be called www then the next one would be called www2, etc.

So the ads are restricted to edge only ?

As far as I can tell, yes. Could it be that Edge is just not mature yet and I should use Chrome in the meantime?

Yes as it stands Edge is still in nappies, there is no control over site produced adverts (adblocker) no extensions/addons function at all. It is a bare browser and nothing else.

I am using IE11 until such time as it grows up