Hello SpecialKlady and sorry for the delay.
After reviewing your logs, I can see couple of things that needs to be addressed in terms of malware. It looks like you have been dealing with the ZeroAccess infection and this is what has caused the overload of ads on your system. It looks like that the tools you have run earlier, have altered parts of the malware. Since we are talking about botnet right now, I will advise you to use the system as little as you can and keep it disconnected from the Internet, unless you need to download fixes and tools to be run on it. This will help us blocking possible reinfection during the removal process.
The infection may have been identified, but because of its structure and functionality it is very likely that the system has been compromised. This means that we cannot be sure in any way that the PC is completely secure. Many experts say that every system that has been a victim of a Trojan Backdoor attack must be reformatted and the operating system must be reinstalled. This means that you have to backup every bit of information that you need. I will help you with the malware removal process but again, I cannot guarantee that the system will be 100% secure
You need to change all of your passwords that you use since they can be compromised by the attacker. The password change process must be done from another system. Please, refer here. The affected accounts must not be accessed from this machine until the end of the malware removal process.
Going over your logs I noticed that you have FrostWire installed.
- Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
- They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
- It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall FrostWire, however that choice is up to you. If you choose to remove that program, you can do so via Programs and Features applet in Control Panel.
First, I want to see what the previously used tools had removed. To achieve that, please, attach the log files from AdwCleaner, JRT, MBAM and HitmanPro. You can find them in the following destinations:
- The log of AdwCleaner is located in C:\AdwCleaner folder and should be named AdwCleaner[C#].txt, where the "#" for the most recent log should be the largest number.
- The log from Junkware Removal Tool should be located on your Desktop under the name JRT.txt
- If you have not saved manually the log from HitmanPro, you can find it in the C:\ProgramData\HitmanPro\Logs folder.
- To retrieve the log from MBAM:
- Open Malwarebytes Anti-Malware.
- Click the History Tab at the top and select Application Logs.
- Check the box next to Scan Log. Choose the most current scan.
- Click the View button.
- Click Export and save the log as a .txt file on your Desktop or another location.
Note: Since we are looking for logs that include information for removed object, you may need to include the ones generated before the last scans run, which, as you said, come out clear.
Note: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
- Please download the attached fixlist.txt file and save it to the same location as FRST -
Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.
- Run FRST.exe and press the Fix button just once and wait
- If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
- When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.
Please, post the content of the log file in your next reply.
Please, download TDSSKiller and save the file on your Desktop.
Note: Be sure to save the file first and then execute it. Otherwise, if executed from temporary directory, problems may occur.
- Right-click on tool's icon and choose Run as Administrator.
Note: If for some reason the tool cannot run, please, try renaming it to a random generated name.
- Push the Start Scan button. Do not use the computer during the scan process.
- If the scan completes with nothing found, choose Close to exit.
- If there are malicious objects found, they will show in Scan results -> Select action for found objects.
- Three options will be available for you. Please, ensure that Skip option is selected.
- Choose Continue -> Reboot now to finish the cleaning process by the tool.
Important note: If the Cure option is not available, choose Skip instead. Do not choose Delete unless instructed to do so.
- A log file, named as following - TDSSKiller_Version_Date_Time_Log.txt will be created in the root directory (C:\)
Please, post the content of the log file in your next post.
Please, go to VirusTotal.
- Press the Choose File button.
- Navigate through the directories and locate the following file:
- Upload the file for inspection by pushing the Scan It! button. When the results are ready, please, provide a link so I can take a look at them.
Note: If you receive a window, telling you that the file has already been analyzed, please, choose Reanalyze.
How is your system running now? Are there any changes to its behavior after you executed the script with FRST?