Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad.doubleclick & Possible ZeroAccess pulling high resources


  • This topic is locked This topic is locked
16 replies to this topic

#1 Caramello222

Caramello222

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 15 August 2015 - 04:50 PM

This is going to be long because I don't know what information is useful to you and what is not, but I will start at the beginning up to recent.

PC: HP Pavilion 20-b313w

Original OS: Windows 8

Upgraded OS: Windows 8.1

Original Browser: IE 10

Upgraded Browser: IE 11 (both desktop and immersive view are used)

This PC has 2 users but only 1 account was and is used (both adults, I'm the main user and problem solver).

Was scammed by AMMYY in Dec.2013 I didn't give money but I allowed remote access and a program was placed on PC.

June 2013 I allowed a family member to use my PC. I regretted that choice because I didn't know when it comes to downloading her policy is don't read, click yes to the end, and uninstall unwanted programs later. So my gifts were, a roll back of 7-Zip, Search Protect and Search Protection (2 separate programs and publishers), Umbrella icons in startup, Pc Optimizer, Log Me In Rescue, a mysterious startup .DLL program and probably more. That stuff was removed through malwaretips guides and assistants.

June 2015 - One day when trying to follow a link from an image using bing image search. I red screen popped up stating that the link I was trying to follow led to a malicious website and I should call some 855 phone number to find out why. I didn't call, I knew it was scam and I had to use task manager's end task to close my frozen browser. Not to long after that I started having issues of website redirecting, suspicious looking banner ads (on websites, in flash player, and an apps), especially "Magic Puzzles" app I got from the windows store (I've had it for a year with no problems) that began to randomly open my IE 11 immersive browser to shopping websites I've never been to before and with 2-3 more tabs opened and there was always a blank website in between the opened tabs for feed.click.net. I went back to malewaretips where I received assistants again and some adware was removed and my PC deemed clean but I knew it wasn't but nothing else could be found so I followed their advice about it being a windows issue. I was assisted at Microsoft's Malware community where I ran more scans which found nothing so as a last resort, I was adviced to reset my computer to remove the malware or possible software conflict that was casueing the problem. That only fixed the images that were slowly being deleted off my icons. So here are the issues I'm still having that I consider to be malware. My computer randomly starts lagging when I open task manager to see the casue and my cpu and sometimes both cpu and disk are redlining in the 90's but that suddenly drops when 2 COM Surrogates disappear after 3 secs. I have 13 svc hosts that are always running and the local networking svc host is always high. There are also .dll processes that have no image on their icon that randomly pop-up after reset 3 now pop-up at once pull resources for a minute or two then disappear. 2 processes of windows module installer run a lot after reset now there is a third and it looks different then the other 2. Also after resetting HP framework and framework solutions is always running. Magic puzzle app ads don't open IE anymore but very aggressive banner ads that take a long time to load and I can hear it pulling resources and really making my computer work when the ad finally appears the noise stops and so does the lagging and sometimes it looks like these ads by DeskTop AD are trying to stop other ads from the Microsoft store to stop appearing. Also sometimes the ads don't fit the banner space and words are cut off and when I unplugged my internet connection and clicked on the ad it try to bring to ad.doubleclick.net. I did a file search in explorer and found text for ad.doubleclick and googleads.g.doubleclick on my PC. I still also have ads in flashplayer and get pop-ups to download flash player when I already have it. My homepage still has a weird pop-up auto ad, that could be from the site itself but possibly being muniplucated by malware making it pop-up more frequently, the info about what is being advertised is vague and it causes errors on the webpage that makes tracks repeat in the background while the next track plays or it can't play a track because I need to download flashplayer. Web page layouts readjust especially my homepage. Open apps crash after idle or sleep mode because of high CPU and Disk usage and I have to open task manager while I wait for usage to drop so I know when I can resume my app.

Here is the list of scans I used before reset: Adware Cleaner was the only scan that found something and it was only 2 or 3 items. These scans didn't find anything. Windows Defender (my main antivirus), Windows Defender Offline, Malwarebytes free scan, RKill, Tdss killer, Hitman Pro, Junkware Cleaner (my first 2 attempts to use it were blocked but for some reason later on I was able to use it), Emsisoft Emergency Kit. I also used Microsoft's Malware Removal Tool during it's scan it showed 1 file infected then when it was 2hours into the scan with about 15-20% more to scan, suddenly I heard my computer make a lot of noise like something was loading and pulling a lot of resources the scan stopped with no infections found, when I opened task manager I saw high cpu and disk usage along with about 3 command consoles opened and running then they suddenly disappeared and the computers resources became normal again. I hope all of this info is helpful to know for assistants if not please let me know exactly what info you need and I will supply it. I hope someone here can help me because I'm really running on empty and feel like I'm about to snap.

Here is the Farbar scan results and attached addition results. Please let me know if I attached the files correctly, I kept getting a pop-up box when I tried to paste FRSTtxt, I didn't trust it so I tried attaching it with the addition txt. Thank you to anyone who takes on this head scratcher.

Attached File  Addition.txt   26.04KB   9 downloadsAttached File  FRST.txt   72.82KB   16 downloads

 

 

 



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 18 August 2015 - 10:37 PM

Hi Caramello222,

 

Welcome to the Bleeping Computer malware removal forum. :) My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.

In the meantime, can you please tell me:

 

What makes you think you could be infected with ZeroAccess?

When you reset your computer, what exactly did you do?

 

polskamachina

 



#3 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 19 August 2015 - 12:13 PM

I should have said possible zero access because in further reading it seems to be something very difficult to understand, detect, and could possibly be normal system function or a different piece of crap malware. In reading about Sirefef Trojans on Microsoft's website it. It had examples of infection but I've read conflicting information about the it being normal to see these things. A folder wbem that's suppose to hold the fake system files which I have on my computer, also %system% is a sign of infection, trustedinstaller, fake .dll running that triggers system framework to run and try to repair damage, and unexplainable cpu and disk usage which is bitcoining and a permissions user S-1-5-21-2468009334-3132239489-2760357183-1001 is suppose to be bad news. Perhaps I'm on malware info overload and my lack of computer knowledge makes everything look suspicious to me. But I truly think I have a very stubborn rootkit on my computer because this adware just keeps coming back.

When I reset my computer it has 2 options. 1) Quick Reset: use if your planning to keep your computer. 2) Thorough Reset: if you are going to recycle your computer. So I choose quick because I'm keeping my computer and figured thorough was a 100% wipe of my computer. When I was finished with setting up my computer I reinstalled all of windows defender's updates, reinstalled all of windows 8 updates, upgraded back to windows 8.1 reinstalled all of those updates and found that some info from before was still on my computer mainly my favorites in IE11 were saved I thought that was odd. Thinking back there were 2 game apps I didn't have to reinstall from the windows store but I reinstalled some of the others I had and their and it looked like all the same app data was back. Especially the funky looking stuff like _StoredDiscounts and TelemtryStore. I don't know what other stuff wasn't deleted or came back. 

I had also downloaded and ran autorun, I followed instructions and didn't delete anything I was suppose to just observe and see if any odd programs jumped out. But there was so much information to look at I had no idea what to really do so I came out of it and left it alone.  


Edited by Caramello222, 19 August 2015 - 12:28 PM.


#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 21 August 2015 - 01:58 PM

Hi Caramello222 :)
 
Before we start implementing fixes, please read the general ground rules for this forum:

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST64.exe
    Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Run FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log, Fixlog.txt, in the same location from which the tool was run. Please copy and paste the Fixlog into to your next reply to me.

Since you have not run AdwCleaner since your system reset, let's see what it has to show now.
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Let me know if you have any questions and if you've noticed any changes in your computer's operation.
 
polskamachina


Attached Files



#5 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 21 August 2015 - 09:47 PM

Thank You for replying to my post and assisting me with this challenge. I agree to your terms, conditions, and will follow your instructions to the T. I will begin my tasks tomorrow and report back as soon as completed. I doubt this info is important but I'd rather be safe then sorry. I did download AdwCleaner since the reset on 8/14/15 I couldn't remember if I ran a scan so I double-clicked it and received a pop-up notice that the version I had is outdated and I needed to go to the website and download it. So I closed the notice, deleted the outdated version and I'll use your link tomorrow for the updated version. After I deleted it I didn't know if that was a good thing to do or not because I've read that sometimes programs can leave bits and pieces behind and cause conflict, so figured I should let you know I did that just in case it's cause for alternative instructions to the ones above. I'll wait for reply before proceeding. Thank you again for helping me.  



#6 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 22 August 2015 - 03:52 PM

I'm doing something wrong but I don't know what. I clicked on the the fixlist.text to download it but a duplicate of this page opened in another tap, I also right clicked it and there is no option to download. When I hovered the cursor over the fixlist text and it shows as an external link not a download. So what did I do wrong and how do I get the download?



#7 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 22 August 2015 - 07:02 PM

I also want to make sure I understand and execute your instructions correctly. I have FRST64 saved to my desktop, when I download the 2 fixlist texts I save them to my desktop also. From there I double-click the FRST64 icon on my desktop to open the tool. When it's ready (without copying and pasting the fixlist texts in the search dialog box), I click the Fix button and wait for it to notify me it's done. If the tool tells me to restart my computer then do so as normal and let the tool complete it's run. When the fixlog text pops up copy and paste it to my next reply without using log attachment or code box. In my first post I know I was suppose to copy and paste the FRST64 scan log into the post and only attach the addition log, but I came across something I've never seen before so I just went with what I know and attached the FRST64 scan log to the post. I have no idea what a code box is but I'm assuming it's what popped up after I right clicked to paste the copy of the log into my post. Then I got a pop-up message saying that my security settings won't allow this website to view my clipboard. When I closed that message then another box popped up instructing me to paste the text in it. I've never seen that before so I closed it and tried again and the same thing happened. I don't remember making any security changes so I don't know why I can't copy and paste text from notepad, a log, or a sentence from one of your replies into my reply. When I tried that I got a pop-up box stating " Do you want to allow this webpage to access your clipboard?". So I just X out of it because I'm paranoid that it's a malware trick to gain more permissions access to my computer. Which is behaving poorly today, webpages are taking longer to load, my homepage (soundcloud) is set to open on the page of icons for my playlists and when the page is done loading sometimes the icons move right after loading and sometimes they move when I scroll the page or when I attempt to click one. Notifications pop-up for me to install or update flashplayer to listen to a track. Audio ads with a link to ad.doubleclick.net are popping-up more frequently between tracks and cause them to not load and play or overlapping with 2 tracks playing at the same time and I have to refresh the page to stop the song playing in the background. And just now I reopened soundcloud and none of the tracks will play. Also the images to icons in my favorites list are starting to disappear again making them blank like printer paper and that is also how the .dll processes that pop-up and disappear look. Which leads me to the question, should or do all system files have an image on their icon? I wanted to know if that is a sign of malware because I do have a couple of system files that are blank. Also I have a folder at C:\$Windows.~BT that when I opened it's properties the numbers showing the size, size on disk, and contains began to rapidly increase. I thought maybe I triggered more malware so I quickly closed properties. Is that normal or malware and is malware not allowing me to use copy and paste?    



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 23 August 2015 - 12:34 AM

Hi Caramello222 :)

 

I've read your concerns and am presently composing a reply. I will get back to you tomorrow.

 

polskamachina



#9 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 23 August 2015 - 01:31 PM

Hi Caramello222 :)

I also want to make sure I understand and execute your instructions correctly. I have FRST64 saved to my desktop, when I download the 2 fixlist texts

There should only be ONE fixlist.txt file. I'm going to include it below in a code box so you can just copy and paste it into an empty Notepad window. Regarding your difficulties with copying and pasting, I would just accept the offer to paste it into the window after you get the warning. You probably have a high security setting and it's just making sure you're aware of what you're doing.

SearchScopes: HKU\S-1-5-21-2468009334-3132239489-2760357183-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
C:\ProgramData\uninstall745972.exe
C:\$Windows.~BT
C:\Users\Floretta\AppData\Local\Temp\Extract.exe
C:\Users\Floretta\AppData\Local\Temp\SP64076.exe
C:\Users\Floretta\AppData\Local\Temp\SP64077.exe
C:\Users\Floretta\AppData\Local\Temp\SP64732.exe
C:\Users\Floretta\AppData\Local\Temp\SP64736.exe
C:\Users\Floretta\AppData\Local\Temp\SP64743.exe
AlternateDataStreams: C:\Users\Floretta\OneDrive:ms-properties

After you've copied and pasted the above text into Notepad, save it to your desktop as fixlist.txt
By the way, the $Windows.~BT folder is a folder which may be created if you reserved a copy of Windows 10.
 
Next:
Run the FRST64 program that is already on your desktop. FRST may pause for a moment as it checks for updates. This is normal. Next, click on the Fix button. If you are prompted for a restart after the fix is complete, please do so. When your computer boots back to your desktop, the fixlog.txt file should appear on your desktop. Open it, then copy and paste it into your next reply to me.
 
Regarding your slow webpage loading and security concerns, I'll address those issues once I see your fixlog and AdwCleaner logs.
 
Let me know if you have any questions.
 
polskamachina



#10 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 23 August 2015 - 07:20 PM

Part One: FRST64 Log

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Floretta (2015-08-23 20:15:39) Run:1
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-2468009334-3132239489-2760357183-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
C:\ProgramData\uninstall745972.exe
C:\$Windows.~BT
C:\Users\Floretta\AppData\Local\Temp\Extract.exe
C:\Users\Floretta\AppData\Local\Temp\SP64076.exe
C:\Users\Floretta\AppData\Local\Temp\SP64077.exe
C:\Users\Floretta\AppData\Local\Temp\SP64732.exe
C:\Users\Floretta\AppData\Local\Temp\SP64736.exe
C:\Users\Floretta\AppData\Local\Temp\SP64743.exe
AlternateDataStreams: C:\Users\Floretta\OneDrive:ms-properties
*****************

"HKU\S-1-5-21-2468009334-3132239489-2760357183-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
C:\ProgramData\uninstall745972.exe => moved successfully.
C:\$Windows.~BT => moved successfully.
C:\Users\Floretta\AppData\Local\Temp\Extract.exe => moved successfully.
C:\Users\Floretta\AppData\Local\Temp\SP64076.exe => moved successfully.
C:\Users\Floretta\AppData\Local\Temp\SP64077.exe => moved successfully.
C:\Users\Floretta\AppData\Local\Temp\SP64732.exe => moved successfully.
C:\Users\Floretta\AppData\Local\Temp\SP64736.exe => moved successfully.
C:\Users\Floretta\AppData\Local\Temp\SP64743.exe => moved successfully.
"C:\Users\Floretta\OneDrive" => ":ms-properties" ADS not found.

==== End of Fixlog 20:15:44 ====

Part Two: AdwCleaner Log

# Updated 20/08/2015 by Xplode
# Database : 2015-08-23.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Floretta - CORNBREAD
# Running from : C:\Users\Floretta\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [500 bytes] ##########


Edited by Caramello222, 23 August 2015 - 07:45 PM.


#11 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 24 August 2015 - 02:38 PM

Hi Caramello222 :)
 
Good job with the fix and posting the logs. :thumbsup:
 
Please read carefully and then follow the instructions below.
 
 

How To Publish a Snapshot using Speccy

Guide Overview

The purpose of this guide is to teach you how to post your computer's specifications to the forum with minimal effort on your part. This is often helpful when troubleshooting problems, and the person helping you needs to see the details of your computer's hardware.

Tools Needed

  • Speccy - First, you will need a program called Speccy. From Piriform's website: "Speccy is an advanced system information tool for your PC." This is a very useful utility that every PC user should have in their arsenal.

Instructions

  • Go to Piriform's website, and click the big download.png button.

    Next, click Download from Piriform (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version.

    You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.
  • After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
  • Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
    JmYsp.png

    Now, in the menu bar at the top left, click File > Publish Snapshot

    You will see the following prompt:
    publish.png

    Click Yes > then Copy to Clipboard

    copydi.png

    Now, once you are back in the forum topic you are posting in, click the replyji.png button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

Let me know if you have any questions.
 
polskamachina



#12 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 24 August 2015 - 09:52 PM

I noticed something strange yesterday and today. I had IE and Task Manager opened at the same time. My Task Manager's view of the processes tab is Group By Type, showing Apps, Background Processes, then Windows Processes. IE is always shown in the app group, when I closed it, it moved down into background processes group and stayed there for a minute or two and then ended it's task. I know that is probably normal but after it disappeared 3 windows host processes rundll popped up with blank icons then disappeared in a second, that was yesterday. Today the same thing happened when I was finished downloading Speccy and closed IE, 4 windows host processes rundll popped up and disappeared in a second. At the same time that happened 2 wmi provider hosts were aleady running (how often should the 2 wmi run because they run frequently and for a long time), but a 3 was added also wmi performance reverse adaptor and a driver process. I didn't get the full name of the process because it happened so fast. But the 3 wmi host processes are still running and the reverse adaptor is running again, they are located in C:\Windows\System32\wbem. I don't know if it's true or not but I've read, that path is filled with malicious files mimicking real windows files. But I'm more concerned with the rundll processes, because I saw that same process sitting in task managers start-up tab as part of a bundle bomb I received almost 2 years ago. I got rid of it with malwarebytes anti-virus scan. I don't know if that info is helpful in identifying what kind of malware this, but here is the Speccy snapshot.

http://speccy.piriform.com/results/RIBGIPG28RwI0PcNkRytOg4

I hope that's right.

And if you don't mind I attached a snip of the processes I'm talking about. I couldn't get a snip of the 2 COM Surrogates that disappear in seconds of task manager being opened and then the cpu drops back down to normal it happens to fast. There 3 wmi processes running but two of them ened leaving 1 but there is always two running. And the 3 rundll32 pop-up everytime I close IE desktop.  

Attached Files


Edited by Caramello222, 24 August 2015 - 11:25 PM.


#13 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 26 August 2015 - 06:24 PM

Hi Caramello222 :)

 

Sometimes (even for myself) trying to watch the task manager list as a basis for determining what is wrong with your system can be a good exercise in futility. You look at each entry and wonder, "Is it good? Is it bad? Why does it disappear? What does a 'normal' computer's list look like?"

 

The tools you've already run are very good. They are updated frequently by security experts to make sure nothing gets past them. If those tools show no threats to your system, then it's time to look at other causes of your problems. You originally said:

Which is behaving poorly today, webpages are taking longer to load, my homepage (soundcloud) is set to open on the page of icons for my playlists and when the page is done loading sometimes the icons move right after loading and sometimes they move when I scroll the page or when I attempt to click one. Notifications pop-up for me to install or update flashplayer to listen to a track. Audio ads with a link to ad.doubleclick.net are popping-up more frequently between tracks and cause them to not load and play or overlapping with 2 tracks playing at the same time and I have to refresh the page to stop the song playing in the background. And just now I reopened soundcloud and none of the tracks will play. Also the images to icons in my favorites list are starting to disappear again making them blank like printer paper and that is also how the .dll processes that pop-up and disappear look. Which leads me to the question, should or do all system files have an image on their icon? I wanted to know if that is a sign of malware because I do have a couple of system files that are blank.

 

From what I can tell, most of your concerns are browser related. Have you tried using a different browser? Mozilla Firefox is good. Another popular option is Google Chrome. You can download either one or both and see if you get a more positive experience than Internet Explorer. Firefox and Chrome offer you many customization options that allow you to fine tune it to your personal preferences. Here are their respective download links:

Firefox and Chrome.

 

Regarding your question about image icons and system files: There are thousands of system files stored on your computer. They are not meant to have specific program associations that would then attribute a specific Windows program icon. This is normal. There is no reason to open a .sys file with an MP3 player or a picture viewer and therefore you may just see the bland, generic, no-association-is-made icon.

 

Just to recap the important points:

 

Using Task Manager as a diagnostic tool has very limited effectiveness. Trust your malware removal and anti-virus programs to do the "heavy lifting." On a similar note, I noticed you're using Windows Defender as your AV program. You may want to try some other ones. If you don't like them, you can always return to Windows Defender later. Just make sure you uninstall one before installing another one. Two good antivirus programs, free for non-commercial home use, are Avast! and Bitdefender If you do select Avast, make sure you uncheck any boxes that offer you additional software during the installation process unless you really would find it useful. By default, these offers are installed unless you uncheck the boxes..

 

Task Manager is a fine tool but don't get the idea that you're going to be able to find malware there that the automated scanning programs can't find.

 

Let me know if you decide to try a different browser or AV program and what your experiences are with them.

 

polskamachina

 



#14 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 AM

Posted 28 August 2015 - 03:06 PM

Thank you for all the time and effort you put in to helping me. I'm sorry it was all for nothing, but I really did think ad.doubleclick and googleads.g.doubleclick were savvy and very stubborn malware that I was finding impossible to get rid of. So I'll take your word for it and just be thankful nothing was found and I'll end my witch hunt here. I'll also give Mozilla Firefox a try. I've heard people say IE is crap compared to Firefox but I brushed it off because my OS and IE is more current than theirs. Also, if you know of any reading material that would be helpful to me about understanding internet security features or settings along with some basic computer ed. it would be greatly appreciated. I changed some settings not fully understanding what would be affect and how. Thank you and sorry, I hope I didn't cause you any inconvenience.


Edited by Caramello222, 28 August 2015 - 04:07 PM.


#15 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 30 August 2015 - 03:43 PM

Hi Caramello222 :)
 
You're quite welcome for the help. It's always good to ask questions (especially about computer security) if you're not sure about something so please don't feel that you've wasted anyone's time.
 
I try not to play favorites with my recommendations but Mozilla Firefox is definitely worth a try. I think you'll like it.
 
FINAL STEPS

If you are not experiencing any other malware related issues, it is time to do our final steps:
:
bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.

When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

Be safe :hello:
 
polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users