Hi, here is my two cents:
the idea of running browser in sandbox is to prevent those relatively rare browser exploits, lately they seem to enter the system mostly through flash.
If you browse with chrome, and keep it updated, you are pretty safe, although it is recommended to set flash not to run automatically. Or, you could do as it says here:
https://malwaretips.com/posts/574105/
Firefox is not quite as secure as chrome, but again, this exploit business is relatively rare stuff.
As for your choice of AV: it doesn't really matter, because if you run CFW in proactive config with autosandbox, your AV is like marshmallows compared to a tank. You may choose whatever flavor of marshmallows you like best. I do agree with you that Avira has great sigs, though.
MBAM, in your config, will mainly help to protect from PUPs.