I have contracted a Virus that shows many Ads

I ran the ESET Scan; here is the Scan Log: This was the first Scan; I did a second Scan, the Scan Log of which is posted below. I forgot to click on Advanced Settings for the first Scan.

C:\AdwCleaner\Quarantine\C\Program Files\4C4C4544-1447103129-3910-8037-B4C04F434431\rnsxF8A.exe.vir a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\4C4C4544-1447085222-3910-8037-B4C04F434431\rnsuAC01.exe.vir a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
C:\Windows\Temp\18D0.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
C:\Windows\Temp\51A3.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
C:\Windows\Temp\992B.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
C:\Windows\Temp\9D7C.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
C:\Windows\Temp\C9B.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined

I was able to get to the "Proxy Settings." The Automatically Detect Settings" is "On." I accessed the Proxy Settings via "start > search > Proxy."

Moment please - I have just returned.

EDIT:
Based on what I see here, yes - go ahead and delete. Some of it is from ADWCleaner, but that's not a problem. We can always reinstall that if we need it.

C:\Users\User\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_221.msi a variant of Win32/Verti.P potentially unwanted application deleted - quarantined
C:\Users\User\AppData\Roaming\Jyxutjdn JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\Users\User\AppData\Roaming\tmrjkEPblUbCKPY8TD975OiP JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wrru4scy.default-1412090802549\extensions\{0fe2e941-9423-4dc6-a8dd-92a4836ecf34}.xpi JS/BrowseFox.A potentially unwanted application deleted - quarantined

I'm pasting the RECAP notes here, to keep things simple - this thread is getting a little long...

So, to recap,
DONE-Set another restore point,
DONE-Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
Run Malwarebytes Anti-Exploit (see post #17)

Download and install Malwarebytes Anti-Exploit
This will help protect your browsers against zero-day attacks.

Run SuperAntiSpyware ( see post #49)

(a lot of instructions with pics - I will not paste here.)

Run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (I'll give you those instructions in the next post).


Once this is all done:
Then we'll run SFC /SCANNOW to make sure your operating system files are intact.
Finally, we will have you install CryptoPrevent to stop these nasties from running in the future.

We will then set 2 new restore points, calling them CLEAN1 and CLEAN2.
Then we will install Ccleaner (free version), open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore. We will also have a look at your startups and autoruns, and your installed programs from here.

Then, I will suggest you put a couple add-ons into Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).

Okay?

How to run a FULL scan using Malwarebytes Antimalware - a full scan of drive C and not just a threat scan:

Open MBAM. IN the dashboard, verify your database is current, otherwise click on update.



Click on Settings tab, and verify as shown below.



In the Scan tab, click on Custom



In the Custom Scan Configuration, select all 4 boxes at the left, make sure PUPs and PUMs and "Treat detections as malware". Select all your drives that have been connected to the computer (internal and external) but not DVDs for scanning, and click Start Scan.




Please upload that log file when finished. You can paste it right in this thread.

I will be gone again now for another 1-2 hours.

Writer said:

I downloaded the "Malwarebytes Anti-Exploit" software; however, when I click on "Run as Administrator," a window comes up, but nothing happens. A very small tab on the window says "running" in bold with green highlite. At the bottom, there are two tabs: one says "buy now" the other says "activate."

Below "Running," there are two tabs: one says "Stop Protection" the other says "Close."

At the very top, it says: Malwarebytes Anti-Exploit Free

At the top there are six tabs, they read: General - Shields - Logs - Exclusions - Settings - About (General is the Default setting.)

When I click on "Activate," it asks me to "Register License:" it asks for my license ID and a License Key

There is no tab to prompt me to begin the Scan.

Anti-exploit is not an antivirus. It blocks exploit attacks on internet browsers, plugins, PDF readers, etc.

Exploits are anything that takes advantage of a security problem in a program (vulnerability) to download viruses onto a computer without the intervention of the user.

Are you looking for Malwarebytes Anti-Malware?

Thanks @You.

We want anti-exploit. There is nothing to run....it stays resident in the background to prevent infection. There is just one setting we need to make to get rid of annoying reminders....I am not at a computer now so that will have to wait until I get back.

All is fine. Please proceed to the next step.

simrick said:

So true!

I don't think Adobe would sneak anything that bad into Flash, maybe McAfee Security Scan or Google Chrome. There are plenty of fake installers - just search for Firefox on Bing.

If you guys can't figure this out (Simrick is already helping you, obviously), don't forget about Dr. Web CureIt!

(I'm not sure if this has already been suggested) Try HitmanPro 3, too. It is premium software but there is a 30 day trial that still removes malware.

And last but not least, HerdProtect. (made by Reason Software, who also made the Should I Remove It, Reason Core Security, and Unchecky programs) This program is really interesting. It's a cloud scanner that uploads files and scans them with every antivirus in existence, sorta like Virustotal, Anubis or Jotti. It only performs quick scans, but it should be able to catch what's plaguing you.

Just note that the risk of false positives with HerdProtect is very high (that's a problem if your av uses 68 antivirus engines). Just post a list of the detection details here, or a screenshot.

HerdProtect tries to hide false positives but that could mean that very new viruses which are detected by only 1-2 AVs may not be detected. You may want to disable that option.