Malwarebytes Malicious Site Blocked PopUp

I have a system I am working on...

Malwarebytes Malicious Site Blocked / Outbound pop up keeps coming up... port 49583...
  gives a site.. different ones.. search   Outbound ...

I ran a couple of cleanup utilities...
Iobit Malware Fighter
Junkware Removal Tool JRT
Eset Nod32 - Ran scan

NONE of these programs are finding anything, accept AdwCleaner did some cleanup

I need help, I don't know what to do from here?

It also is attacking Internet Options - Disables Downloads.. not sure what else, but that is getting turned off...

Hope someone can help.

Thanks!  :-)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hulseboschSystem administratorCommented:
Give Hitmanpro a chance.
It's freeware and contains a coctail of software.
No waranty, but it has helped me out several times.
EirmanChief Operations ManagerCommented:
A technicality hulsebosch
Hitmanpro is not freeware - You can get a free one month trial, (and it is really excellent).
hulseboschSystem administratorCommented:
Your right Eirman, it has become trial software.
Still, fully functional during this one month period. (which gives you more then enough time to fix the issue)
Thanks for correcting me.
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

etronics6Author Commented:
Tried HMPro.. Still popping up

Tried Norton PEraser
Microsoft Malware scanner msert...

Still have popups.. Multiple Outbound websites... Different files in system32 & WOWsys (I think that's the folder)...

Any other suggestions??
hulseboschSystem administratorCommented:
You can follow the instructions on this website  :
You will find info about pop up adds, but also other malware.

Hope this will help you out.
For, if none of the software mentioned helps, probably something has been installed in a sneeky way.
(These a**holes get better and better in hiding this kind of stuff.)
etronics6Author Commented:
Here is the MalwareBytes graphic of "one of the pop-ups".. but there are many different ones that popup...

Let me know if that helps... any other ideas pleaseeeee :-)

hulseboschSystem administratorCommented:
See if sfc /scannow from the command prompt finds any system files that were tampered with.
Did you try using system restore to put your system files to a state before this issue started?
etronics6Author Commented:

I tried all above..

Do you all agree that there is something (malware) somewhere that I am not getting to?  With this graphic I think there is malware of sorts still in system & NOT CLEAN, right?  Something is embedded in the system...

My client sounds like we will REPLACE system... I think that is the route we will go... If I give back like this.. I feel its still infected somehow that I just can't get... ONLY fix is to without reformat & rebuild... Correct?

Do you guys agree??

Thanks for all your help... please respond your thoughts on above...
hulseboschSystem administratorCommented:
one last shot, what would happen when you change the extention for the file ? (regsvr)
Have you tried booting from usb (winpe or Linux) and scan the pc? Some virusses are very good at hiding themselves on a running OS.
Check Kaspersky for bootable software to scan your machine.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
etronics6Author Commented:
its multiple popups with multiple files... not just the regsvr file...

I haven't used those tools before... thanks for all ur help!!  

I appreciate your fast responses too!
David AndersTechnician Commented:
There are google results for the IP Address
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.