I was advised to repost my malware topic "Win32/Virtumonde & Reinfecting Friends" here by a fellow staffer, to receive assistants from someone with the same OS as me, Windows 8.1. The source of the reinfecting malicious ads and tracking cookies in my appdata, banner ads in flashplayer, and audio pop-ups by ad doubleclick net and stalker banner ads on some websites couldn't be found. I've added MVP's host file list to my hosts file but some it's being bypassed and the very first entry on the host list "fr a2dfp net" is always listening. The information below came from Process Explorer properties TCP/IP tab and all the empty spaces in the web addresses and IPs is a dot, I left out the dots to try to prevent hyperlinks.
Protocol Local Address Remote Address State Service
TCP cornbread cfl rr com:netbios-ssn fr a2dfp net:0 LISTENING
TCP fr a2dfp net:microsoft-ds fr a2dfp net:0 LISTENING TCP fr a2dfp net:8092 fr a2dfp net:0 LISTENING
UDP cornbread cfl rr com:netbios-ns *:*
UDP cornbread cfl rr com:netbios-dgm *:*
TCPV6 cornbread:445 cornbread:0 LISTENING
TCPV6 cornbread:8092 cornbread:0 LISTENING
That website is also in mDNSResponder.exe:1472 (Bonjour service), CLMSServerpDVD12.exe:114544 & 212872 (CyberLink PowerDVD12 Media Server Service), lass.exe:612, services.exe:604, spoolsv.exe:1276, svchost.exe:760 (RPCSS service), svchost.exe:928 (Local Service Network Restricted, Event Log service), svchost.exe:929 (Dhcp service), svchost.exe:976 (Netsvcs, Schedule service), svchost.exe:1072 (Network Service, (Dnscache service), svchost.exe:2720 (Local Service And No Impersonation) has a local address 0.0.0.0:1900 communicating with a remote address *:* using SSDPSRV service, fr a2dfp net is in wininit.exe:552, and iexplorer along with 5 established connections with 'ec2-52-19-170-37 eu-west-1 compute amazonaws com' 2 connections with 'server-54-192-48-122 jfk5 r cloudfront net' 1 connection with 'server-54-230-82-121 mia50 r cloudfront net' 4 connections with an IP '72 21 91 127' and 2 connections with IP '72 21 91 96', also 'yv-in-f100 1e100 net' and '104 20 92 192' and more will pile on the longer I stay connected to the internet. I think this malware is using DLLs app extentions because I see a lot of them have an unknown source that uses them. I also have lagging issues with graphics and sound, the problem only starts when I have my computer running for about 2 hours then the cursor, graphics, and sound become choppy. The problem happens faster if about 4-6 times a schedule task starts after 4 mintues of idle time or 2 sleep modes which causes apps that were open to crash. I've tried to stop task scheduler from starting every 4 idle minutes by disabling idle tasks but it's always enabled again after every restart or shut down. The images on my icons are slowly disappearing from my taskbar, my favorites list in Internet Explorer 11, and the apps and pinned sites in the lower half of the start screen. Oddly I can see them when I boot into safe mode and when boot normal after safe mode but again after my computer has been running for awhile they disappear again. I'm also having moments of is it me or malware because I can't prove it and I'm not 100% sure. But I don't remember seeing so many blue lettered folders and files (the names are in blue instead of black, and is that a sing of packed or compressed?) odd named folders and files, lower cased letters used for the names of files and folders, info missing from details tabs on files especially missing copyrights, folder and files with a blank sheet of white paper as it's icon and processes in task manager that pop in and out fast. If you know of an article I can read about files and folders what is odd but normal and what's malicious I would truly appreciate it. I know some of the things I listed above can be normal but I learned that slowly by thinking I found malware only to be told no I didn't that's normal.
I did get some warings of malware from Virus Total when I recently used Processes Explorer and Autoruns.
File Name AV company AV Dectection
"SOMAW81.dll" Bkav W64.HfsAutoA.ADC0
"Microsoft.Live.dll" Bkav W64.HfsAutoA.3918
967cc606b1d3040bc5d6b5b45072aa0.tmp" Bkav HW64.packed.CA7C
0826471bf829234aa02f3c8358d6a3ca.temp" Bkav HW64.packed.698C
dnsapi.dll Antiy-AVL Trojan/Win32.BTS Generic
If more information is need please let me know, I'll be more than happy to give it. Thank you for your time.