suspected malware, having trouble fixing and finding

For the past few weeks, I have had some unexplained problems with my PC. Sometimes I will be redirected from my browsing to a website for a service called adf.ly. I normally run McAfee All Access, but it tells me all is well. I have tried several other scans, all of which came up with nothing. This seemed like malware to me, and I found a thread related to this problem on your website.

The post stated that the user had followed your malware removal steps with no success. I also followed the malware removal guide, but most of the scans found no malware. In addition to the redirection, I have had a number of problems with Adobe Updater, and found some suspicious svchost processes. When I check under services, some of the group names associate with these processes are entirely unfamiliar to me: LocalServiceNoImpersonation, LocalServicePeerNet, and LocalSystemNetworkRestricted, to name a few. I've googled these with little resolution or reassurance.

My PC performance has been steadily dwindling, with flash crashing frequently, as well as my graphics card driver periodically failing. I don't know if those are related to this problem, but I was hoping you could take a look at the 5 logs from the malware removal procedure and help me out. Here they are, a bit out of order, but they should all be there. thanks.

Eric

 

Welcome to MajorGeeks, Eric

From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 26 (outdated)

__

Re-open RogueKiller and press the Fix Host button one time and wait.
When it is finished, there should be a new log from RogueKiller on the desktop.
Attach this log to your next message.

__

Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log

Press Go and attach the result (Result.txt) that pops up. A copy of Result.txt will be saved in the same directory the tool is run.

__


Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

__

Let me know if the problem with the redirects still occurs once you have completed these steps.

 

Thanks for your reply. I followed your instructions and have attached those logs. Since yesterday, the problem has gotten slightly worse. Suddenly my user folder moved itself to the desktop, then my computer, then several corrupted and hidden word and Excel documents. I also have a mysterious new D drive with more storage than my computer actually has...what a mess. Additionally, when I look in my C drive, my documents and settings folder, along with several others have a lock on them and tell me access is denied. Not sure how this started snowballing, but it seems I upset the imbalance of my PC.

As requested, the logs are attached.

Any further help would be greatly appreciated.

Thanks again,

Eric

 

I think you are panicking a little bit. Most of what you are describing are normal symptoms you may experience when going through this process. For example, we have you viewing hidden and system files. That is why you see "weird" files like this in your logs (but they are actually legit!)

They will disappear again once we turn off being able to view hidden / system files.

Your user folder is not on your desktop. If it was, it is not showing that in your logs. Once again, I think you may be worrying too much.

When did this happen, because, you had this 350GB partition ( D: ) in your very first set of logs.

Believe it or not, this is working as intended. These are additional security features of Windows 7 and not in any way related to malware.

You can find all your documents here: C:\Users\Eric\Documents

Thanks! There are some Windows issues and some of them hint that there was a ZeroAccess infection on the machine at some point in time but your logs are clean of malware now.

Try this:

Download Windows Repair (all in one) from here

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:





Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:




Go to Step 4 and under "System Restore" click on Create button:




Go to Start Repairs tab and click Start button.




Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):



Click on box next to the Restart System when Finished. Then click on Start.

__

When finished with all of the above:

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure all the options are checked
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool was run.
• Please attach FSS.txt to your next message. (How to attach)