Virus/Malware/PUP and other good stuff...need help again.

[avastpandainc]

Hello Avast community,
I seek your help again.
I am following the following instructions:
https://forum.avast.com/index.php?topic=53253.0

These darn annoying pop ups, leading to slow running PC.

Here attached are the following files:


Thanks in advance to the Malware Analyst that will be helping out this issue.
avastpandainc.

[essexboy]

Could you let me know what problems remain after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
S2 BrowseForTheCause; "C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe" [X]
R2 PrivoxyService; C:\Program Files (x86)\Techsmart Computer\privoxy.exe [371200 2016-05-19] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
C:\Program Files (x86)\Techsmart Computer
C:\Program Files (x86)\BrowseForTheCause
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your Desktop.

• Close all open programs and internet browsers.[/*]
  
• Double click on AdwCleaner.exe to run the tool.[/*]
  
• Click the Scan button and wait for the process to complete.[/*]
  
• Click the logfile button and the log will open in Notepad.[/*]
  
• Click on the Clean button follow the prompts.[/*]
  
• A log file will automatically open after the scan has finished and the PC has rebooted.[/*]
  
• Please post the content of that log file with your next answer.[/*]
  
• The report will be saved in the C:\AdwCleaner folder.

[avastpandainc]

Thank you for your prompt reply,
here is the log after fixlist was generated: FixLog

[avastpandainc]

here is the log after running adwcleaner_5.119:

I am going to predict that all is well now?

[essexboy]

Hmm privoxy does not appear to want to go

Could you run MBAM again please

[avastpandainc]

Hi essexboy,
here are the four files from today's run.

The error could have been due to the fact that my first run of  FRST64, I did not (right click) and run as administrator.

thanks.

[essexboy]

Looks OK any problems ?

[avastpandainc]

Honestly, it felt OK, even before the second run of MBAM.

Do you still want to proceed with a new fixlist.txt? (and subsequently adwcleaner)

Or should we conclude with Delfix?

I am content with the behaviour of this laptop after your help..

[essexboy]

Nope tidy up as it looks clean

[avastpandainc]

Good day,
Before I even got a chance to tidy up, the following pop up site appears:

http://supportforpc.co/us2015305/support-for-virusremoval.php
and even this one:
http://www.cashcapitalsystem.com/b/guest.php?t=zGbf0zzzcH42dd5e3681e1bc5ca873de6182034e7ad6342c9e&campid=251&v_inn=bo

and
http://www.onesafe-software.com/en/cleaner/LP1.cfm?tracking=AQ_CA_PP_SNW_OSPCC&uid=&filter=47&campaignid=SNW&mtmid=&mrmid=&clickid=MzAjNDgxIzIyIzI1OXw0NTAwfENBfDN8MXx8YTJWNWQyOXlhdypZWFpoYzNRfmN6SnoqTUdRell6Y3hZMkkxWlRZNU5ERmpNMkl5WVRBNU5XTmxaRE00TTJNME4yRXx8

and this one too:
http://www.reimageplus.com/lp/mxy/index.php?tracking=ReimageNetworkCon&banner=Tapuz&adgroup=832267&ads_name=4060387&keyword=w9T4QC1SJBVT3C8T0FHD62FG&CID=v1_7937227_211427_3o1_0A67B7B5A13042730275488795_-1_4060387_v6it_536_0A67B7B5A13042729851797361_m_ju_-1718806820914884255_832267___2_16_4d8r_ju&ClickID=w9T4QC1SJBVT3C8T0FHD62FG

here are the four files...next post

[essexboy]

What browser did they appear in Chrome ?

[avastpandainc]

Yes, you are correct, Google Chrome browser
Here are the four files:

[essexboy]

Personally I would get rid of Chrome as it is now becoming a risk

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CHR Extension: (04a647e8892acb00f8fea02167c03aff) - C:\Program Files (x86)\Google\Chrome\Application\04a647e8892acb00f8fea02167c03aff [2016-02-24]
CHR Extension: (04a647e8892acb00f8fea02167c03aff_2) - C:\Program Files (x86)\Google\Chrome\Application\04a647e8892acb00f8fea02167c03aff_2 [2016-06-01]
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[avastpandainc]

I do not have a good feeling with this fixlog.
As soon as this laptop rebooted, and I was logging on to this forum, it generated a pop-up/another page.
We use Chrome on three different devices.
If the solution is to curb our browser usage, then we will go that route as suggested.

Thank you.

[essexboy]

First off confirm as to whether this occurs in other browsers ..

If not then run Chrome in incognito mode, does that stop it  https://support.google.com/chrome/answer/95464?hl=en-GB

Let me know the result