Nezkeys79

Member
Hi guys. I was wondering if anyone could explain something weird I found today. I went to my recycle bin and found some files in there that while I have no idea what they are for, I have a feeling they are not supposed to be there. I'm using windows 10 64 bit btw. These are the files in there...

isa.dll
Microsoft.win32.TaskScheduler.dll
wbsvc (WebBarService)
wbsvc.exe.config
Unins000 (WeBarService)
 
Hi guys I recently noticed windows 10 (64bit) is running 80 background processes, and then one day the background processes tab disappeared altogether so they are all now just in with forefront processes (if that's what I can call them).

Anyway my question is what can safely "end task" on, or better still prevent it from even running in the first place and are these things normal. I recently performed a system restore and unfortunately after the process it told me the system had recovered from a serious error but everything seems to be working as normal despite that. One thing I have noticed is windows doesn't send me those pictures anymore on startup that I tick yes/no if I like them but I don't know if this is important anyway.

I'll post some screenshots of this stuff in a few mins.

ps. there is a file in process called DNSLOCKINGTON which keeps starting itself even if I "end task" on it. Mind you Cortana restarts itself too so I'm not sure if this is anything to worry about either.
 
ugh so imgur is being retarded on my phone. took the screenshots but it isn't uploading the images. ill try without using the app one min
 
Hi,
It appears you may have an Adware Virus; check here for removal instructions:
DNSLockington.exe "Virus" Ads Removal - Virus Removal

Rescan with your existing AV virus scanner, and then download the free MALWAREBYTES from Malwarebytes.org and scan/disinfect any more found spyware viruses and retest your computer.

We'll wait for your screenshots and advise you further. You should be able to do the above in the mean time.

Best of luck,:encouragement:
<<<BIGBEARJEDI>>> Windows Forum Guy
 
Hi again,
Looks like these 2 highlighted in RED, are toolbar spyware viruses.

isa.dll
Microsoft.win32.TaskScheduler.dll
wbsvc (WebBarService)
wbsvc.exe.config
Unins000 (WeBarService)

Rescan with your existing AV virus scanner, and then download the free MALWAREBYTES from Malwarebytes.org and scan/disinfect any more found spyware viruses and retest your computer.

I would leave those alone until after you run your AV scans and MALWAREBYTES. Power-cycle your computer and then login to Windows again and see if the remaining 3 files are still in your Recycle bin. If they are, you can probably delete them now, as they are legitimate Windows processes being spawned by spyware viruses to further infect your system. Leaving them their without taking action can cause reinfection problems down the road.:nerves: If you are really worried about them, you can tell your AV to simply quarantine them or move to chest and instruct the AV to ignore them. They will be automatically regenerated by other legit Windows programs when needed.:wink: The isa.dll is almost never used in computer made in 2011 or newer; as the hardware no longer supports ISA slot cards.

<<<BIGBEARJEDI>>> :)

 
Speccy Image of Rig Imgur: The most awesome images on the Internet

Task Manager - Performance Tab Imgur: The most awesome images on the Internet

Task Manager - Details Tab multiple processes of same type. Also system idle process says 89 whilst the rest all say 00. That's looks a bit suspicious to me also. Imgur: The most awesome images on the Internet

Task Manager - Processes 1 Imgur: The most awesome images on the Internet
Task Manager - Processes 2 Imgur: The most awesome images on the Internet
Task Manager - Processes 3 Imgur: The most awesome images on the Internet
Task Manager - Processes 4 Imgur: The most awesome images on the Internet
Task Manager - Processes 5 Imgur: The most awesome images on the Internet

There is also a screenshot I forgot to import which just showed the background processes tab displayed as oppose to it's current state where no background tab is displayed and all the process are just together with the apps running. And in task manager-startup I have java installer disabled because it was bringing up like 20 processes of it and hogging the cpu in performance tab
 
Last edited:
I have Bullguard as my AV but honestly I got rid of malware bytes, adwcleaner, hitmanpro, and JunkwareRemovalTool, because all of them were failing to detect a browser redirect I had before the system restore I did. They all just kept saying I my system was threat free which wasn't the case at all as I had this obvious browser redirect on every god damn page I went to by the name of acdm01.findgirl or something. I tried one called Zemana which actually detected like 17 threats after that, but then new ones appeared so that's why I decided to just system restore.

When I installed Bullguard it was blocking browser redirects before they could happen which I thought was cool tbh. I haven't had any browser redirects or fake software/drivers out of date messages at all since the system restore. However one thing that makes me anxious is after the system restore finished windows failed to load up 5 times before eventually saying "windows has recovered from a critical error". The only thing I notice different with my laptop now is I don't get those pictures posted to me when I startup...the ones they ask for for feedback
 
Hi again,
Looks like these 2 highlighted in RED, are toolbar spyware viruses.

isa.dll
Microsoft.win32.TaskScheduler.dll
wbsvc (WebBarService)
wbsvc.exe.config
Unins000 (WeBarService)

Rescan with your existing AV virus scanner, and then download the free MALWAREBYTES from Malwarebytes.org and scan/disinfect any more found spyware viruses and retest your computer.

I would leave those alone until after you run your AV scans and MALWAREBYTES. Power-cycle your computer and then login to Windows again and see if the remaining 3 files are still in your Recycle bin. If they are, you can probably delete them now, as they are legitimate Windows processes being spawned by spyware viruses to further infect your system. Leaving them their without taking action can cause reinfection problems down the road.:nerves: If you are really worried about them, you can tell your AV to simply quarantine them or move to chest and instruct the AV to ignore them. They will be automatically regenerated by other legit Windows programs when needed.:wink: The isa.dll is almost never used in computer made in 2011 or newer; as the hardware no longer supports ISA slot cards.

<<<BIGBEARJEDI>>> :)
and what is the windows32taskscheduler for? also why is skype host and skype(32) in my processes when I uninstalled skype? also can't i just go ahead and empty those two from the recycle bin thus removing from my laptop for good? also I'm on windows 10 (64bit) so why do some processes say 32...shouldn't they all be 64?
 
also this is prob gonna sound dumb but i activated a free 90 day licence of bullguard that came with laptop, but when I did system restore bullguard was uninstalled. It also had several processes active in the task manager and I'm convinced it was slowing my laptop down...even though it was doing a good job at blocking threats. Now it just directs me to the website...will i still have my 90 days free cause all i can see is a 60 days free or buy on the website. Oh it still has my details there was a login page so i guess all i need to do is just download it again
 
well that was strange. after the reboot I got a black screen with the text "your antivirus installer will now proceed to clean your system" or something. It loaded for a few seconds then said "deleted". Windows started up but Bullguard is nowhere to be seen on the system
 
I went back to the site and re downloaded/installed it but this time it didn't ask for a reboot. Anyway after I performed an optimization (clean cache etc) it came up with a screen saying this which had really got me worried now as it says I have over 500 broken registry keys

Post Bullguard 'Optimatzion' Screen Imgur: The most awesome images on the Internet
 
All of those processors are fairly normal so the answer would be I wouldn't kill any of them.
 
sigh....every image I try to upload to imgur now just fails. only thing I did was a scan with bullguard and fix the 20 "threats" it found
 
okay this is now getting confusing....I just performed a system scan with regedit using sfc /scannow and it said "Windows Resource Protection did not find any Integrity Violations. On the one hand I think...if the laptops registry is fucked up...how is it gonna be able to detect it, but on the other hand I think...do AV software programs just post fake errors scaremongering you into clicking "fix" and when you do it fucks something up, or deletes something you actually need.

Right now apart from this dnslockington being there in the task manager...ive had no browser redirects, or slow pc. Bullguard hasn't had to block anything at all in the last two days.

Current things that are not the same as when I opened the laptop on its first day a month ago....I don't get pictures posted to me anymore for my screen saver. Windows Defender wont turn on
 
okay here is an update. After getting Bullguards settings all up and running with Firewall etc I redownloaded Malwarebytes. It detected 64 threats. I noticed a few of them were dnschangers but all kinds of things like pup, malware, and trojans. I deleted them all and dnslockington appears to be gone now. Also as soon as Malwarebytes deleted everything Bullguard suddenly started having to block stuff. This makes me dubious...it didn't have to do anything before and all of a sudden I remove these files to so call make things better and then within the next 5 minutes I get an attempted browser change three times and a two network attacks. It killed them all but I'm just dubious that it had to do this in the first place because it wasn't having to do anything before.

ps...Windowers Defender seems to have turned itself off during the bullguard installation and I can't seem to turn it back on now. I still don't have the pictures posted to me on startup. Oh and I can't upload images to imgur anymore it gives me an error...so something I have done with adding bullguard/amlwarebytes must have done that because it wasn't doing it before
 
Hi! I'm thinking you mean you ran sfc /scannow from command prompt. It is my understanding that Windows Defender won't turn on if you have another AV running . I do not understand what you mean by not getting pictures from screen saver. Your language needs to be cleaned up.
Also don't understand "Current things are not the same as they were a month ago.;)
 
Hi! It appears to me that you have two threads open here on the forum. I'm not sure what that's all about??
It seems to me both threads are having the same issue. I tried to answer you on the other thread.
I'm going to wait to see what staff have to say about this;;):(before responding further!
 
Back
Top