Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Augh, malware & popups and I can't find the cause... need help.

  • Please log in to reply
10 replies to this topic

#1 RobinNJ


  • Members
  • 6 posts
  • Local time:06:38 PM

Posted 13 September 2014 - 08:01 AM

I started seeing popups about two weeks ago and recently they seem to be increasing in variety and frequency.

I get a popup called Customer-Poll Survey and also Google Survey.  I've been able to eliminate the audio part that included an alarm tone and woman's voice but cant eliminate the popup.  The introduction begins with, "Hi, my name is Lara Grace and we have selected you to participate in a 30 second survey about Customer-poll."
Another issue includes an address bar that sometimes comes up with www.ckntrk.com, or cltrk.com, or with trknck.com, ...  All include a dialog that makes varying claims including "the page at http//:pctrustalert.com says: Attention Comcast User!..." and tells me that firefox is running slow and to contact technical support, and something about my browser out of date and needing a critical security update. I then see another dialog box telling me I've chosen to open fl_setup.exe.
Next... I get something called "Savifier".  It's some sort of price comparison popup.  This needs to go. Today I started seeing ad popups that are marked "Display Settings" in their corner.

I've tried multiple malware, adware and virus detectors.  Checked my firefox addons, etc.  Used Gooredfix, Spybot, Malwarebytes, YAC, ADWCleaner, and a bunch of other things.  I've exhausted my limited skill set and need some advanced help for a solution.  These popups suck and are driving me nuts.  Or at least more nuts than I was already.

Edited by hamluis, 13 September 2014 - 08:13 AM.
Moved from Win 7 to Am I Infected - Hamluis.

BC AdBot (Login to Remove)


#2 rockysosua


  • Members
  • 772 posts
  • Gender:Male
  • Location:Caribbean
  • Local time:06:38 PM

Posted 13 September 2014 - 08:23 AM

I am guessing that your thread will get transferred to another section that deals with virus' & malware, but in the meantime, you could clean up your Internet browsers.

I have cleaned computers of all malware and virus, only to have stuff still popping out at me, or URL redirects, etc, as the addons/extensions are still in the internet browsers.

Do you know what I mean?

All is well in Paradise.

#3 dc3


    Bleeping Treehugger

  • Members
  • 30,754 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:38 PM

Posted 13 September 2014 - 10:06 AM

Please run the following scans.

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
Click on Update Now, after Malwarebytes is updated click on Scan.
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
You will be prompted to update Malwarebytes, to do so click on Update Now.
3)  The scan will automatically run now.
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
6)  Please post the Malwarebytes log.
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
Please download AdwCleaner and install it.
When AdwCleaner opens you will see an image like the one below.
Click on Scan to start the scan.
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





#4 RobinNJ

  • Topic Starter

  • Members
  • 6 posts
  • Local time:06:38 PM

Posted 13 September 2014 - 03:47 PM

Thanks, I'll run the program and post the results. 

#5 RobinNJ

  • Topic Starter

  • Members
  • 6 posts
  • Local time:06:38 PM

Posted 13 September 2014 - 06:59 PM

I ran ESET but it reported nothing wrong.  I have run this recently but don't recall if it yielded any results.


Results for the Malwarebytes and ADWcleaner are below.  I included two logs for Malwarebytes.  This evening's scan was clean but this morning's log shows results.





MBRCheck, version 1.2.3
© 2010, AD

Windows Version:        Windows 7 Home Premium Edition
Windows Information:        Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:    Acer
BIOS Manufacturer:        Acer
System Manufacturer:        Acer
System Product Name:        Aspire V3-551
Logical Drives Mask:        0x0000000c

Kernel Drivers (total 173):
  0x03064000 \SystemRoot\system32\ntoskrnl.exe
  0x0301B000 \SystemRoot\system32\hal.dll
  0x00BB5000 \SystemRoot\system32\kdcom.dll
  0x00C3C000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C49000 \SystemRoot\system32\PSHED.dll
  0x00C5D000 \SystemRoot\system32\CLFS.SYS
  0x00CBB000 \SystemRoot\system32\CI.dll
  0x00E11000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00ED3000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00EE3000 \SystemRoot\system32\drivers\ACPI.sys
  0x00F3A000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00F43000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00F4D000 \SystemRoot\system32\drivers\pci.sys
  0x00F80000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00F8D000 \SystemRoot\System32\drivers\partmgr.sys
  0x00FA2000 \SystemRoot\system32\drivers\compbatt.sys
  0x00FAB000 \SystemRoot\system32\drivers\BATTC.SYS
  0x00FB7000 \SystemRoot\system32\drivers\volmgr.sys
  0x00D85000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00FCC000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00FE6000 \SystemRoot\system32\drivers\atapi.sys
  0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
  0x00FEF000 \SystemRoot\system32\drivers\msahci.sys
  0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00C2A000 \SystemRoot\system32\drivers\amdxata.sys
  0x010F7000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01143000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01243000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01157000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01000000 \SystemRoot\System32\Drivers\cng.sys
  0x0121B000 \SystemRoot\System32\drivers\pcw.sys
  0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01447000 \SystemRoot\system32\drivers\ndis.sys
  0x01539000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01599000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01601000 \SystemRoot\System32\drivers\tcpip.sys
  0x01072000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x015C5000 \SystemRoot\system32\drivers\wd.sys
  0x01832000 \SystemRoot\system32\drivers\volsnap.sys
  0x0187E000 \SystemRoot\System32\Drivers\spldr.sys
  0x01886000 \SystemRoot\System32\drivers\rdyboost.sys
  0x018C0000 \SystemRoot\System32\Drivers\mup.sys
  0x018D2000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x018DB000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01915000 \SystemRoot\system32\drivers\disk.sys
  0x0192B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x0195B000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
  0x01968000 \SystemRoot\system32\DRIVERS\avgloga.sys
  0x019B6000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
  0x019D5000 \SystemRoot\system32\DRIVERS\avgidsha.sys
  0x019EA000 \SystemRoot\system32\DRIVERS\amdkmpfd.sys
  0x01400000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x01825000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
  0x011B5000 \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys
  0x019F6000 \SystemRoot\System32\Drivers\Null.SYS
  0x0142A000 \SystemRoot\System32\Drivers\Beep.SYS
  0x01431000 \??\C:\Windows\system32\drivers\avgtpx64.sys
  0x015E0000 \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
  0x013EC000 \SystemRoot\System32\drivers\vga.sys
  0x010BB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x010E0000 \SystemRoot\System32\drivers\watchdog.sys
  0x01236000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x00DE1000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x00DEA000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x00DF3000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x03AAC000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03ABD000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03ADF000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03AEC000 \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys
  0x03AFA000 \SystemRoot\system32\DRIVERS\avgtdia.sys
  0x03B39000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03A00000 \SystemRoot\system32\drivers\afd.sys
  0x03A89000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03B7E000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03BA4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03BBA000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03BC9000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03EFD000 \SystemRoot\System32\drivers\truecrypt.sys
  0x03F3E000 \SystemRoot\system32\drivers\termdd.sys
  0x03F52000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03FA3000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03FAF000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
  0x03FC2000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
  0x03FCA000 \SystemRoot\system32\drivers\mssmbios.sys
  0x03FD5000 \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
  0x03FE7000 \SystemRoot\System32\drivers\discache.sys
  0x03E00000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03E1E000 \SystemRoot\system32\drivers\blbdrive.sys
  0x03E2F000 \SystemRoot\system32\DRIVERS\avgldx64.sys
  0x03E66000 \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
  0x03ECF000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x03CC5000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x048D6000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x02C77000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x02D6C000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x02DB2000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x02DD6000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
  0x0566E000 \SystemRoot\system32\DRIVERS\athrx.sys
  0x05600000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x0560D000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\amdxhc.sys
  0x05665000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x02C39000 \SystemRoot\system32\DRIVERS\usbfilter.sys
  0x059F6000 \??\C:\Windows\system32\drivers\UBHelper.sys
  0x02C4A000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
  0x02C52000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x0538A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x02C5D000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x053E0000 \SystemRoot\system32\drivers\i8042prt.sys
  0x02DF1000 \SystemRoot\system32\drivers\kbdclass.sys
  0x04800000 \SystemRoot\system32\DRIVERS\ETD.sys
  0x0483E000 \SystemRoot\system32\drivers\mouclass.sys
  0x05667000 \SystemRoot\system32\drivers\CmBatt.sys
  0x0484D000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x04856000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x04866000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x0487C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x048A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x03D1A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x048AC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x03D49000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x03D6A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x02C6F000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x048C7000 \SystemRoot\system32\drivers\ksthunk.sys
  0x03D84000 \SystemRoot\system32\drivers\ks.sys
  0x0566C000 \SystemRoot\system32\drivers\swenum.sys
  0x03DC7000 \SystemRoot\system32\DRIVERS\btath_bus.sys
  0x03C00000 \SystemRoot\system32\DRIVERS\sxuptp.sys
  0x03C4A000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x03C5C000 \SystemRoot\system32\DRIVERS\amdhub30.sys
  0x060F4000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x0614E000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x06163000 \SystemRoot\system32\drivers\AtihdW76.sys
  0x0617D000 \SystemRoot\system32\drivers\portcls.sys
  0x061BA000 \SystemRoot\system32\drivers\drmk.sys
  0x068E4000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x06D68000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x06D85000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x06DB3000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x06DC1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x06DCD000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x06DD8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x000C0000 \SystemRoot\System32\win32k.sys
  0x06DEB000 \SystemRoot\System32\drivers\Dxapi.sys
  0x06800000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00430000 \SystemRoot\System32\TSDDD.dll
  0x00670000 \SystemRoot\System32\cdd.dll
  0x0680E000 \SystemRoot\system32\drivers\luafv.sys
  0x06831000 \??\C:\Windows\system32\drivers\mbam.sys
  0x0683B000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x06850000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x068A3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x068B6000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x06000000 \SystemRoot\system32\drivers\HTTP.sys
  0x060C9000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x061DC000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x03C78000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x070B9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x07107000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x0712B000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x07135000 \SystemRoot\system32\drivers\peauth.sys
  0x071DB000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x07000000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x07031000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x07043000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x09613000 \SystemRoot\System32\DRIVERS\srv.sys
  0x096AB000 \??\C:\Windows\system32\drivers\mwac.sys
  0x096BD000 \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
  0x0974F000 \SystemRoot\system32\drivers\MSPQM.sys
  0x771B0000 \Windows\System32\ntdll.dll
  0x47750000 \Windows\System32\smss.exe
  0xFF4D0000 \Windows\System32\apisetschema.dll

Processes (total 108):
       0 System Idle Process
       4 System
     312 C:\Windows\System32\smss.exe
     556 C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
     596 avgcsrva.exe
     864 csrss.exe
     924 C:\Windows\System32\wininit.exe
     960 csrss.exe
     984 C:\Windows\System32\services.exe
    1008 C:\Windows\System32\lsass.exe
    1016 C:\Windows\System32\lsm.exe
     544 C:\Windows\System32\winlogon.exe
     936 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\atiesrxx.exe
    1220 C:\Windows\System32\svchost.exe
    1248 C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    1432 C:\Windows\System32\svchost.exe
    1468 C:\Windows\System32\svchost.exe
    1692 C:\Windows\System32\svchost.exe
    1832 C:\Windows\System32\svchost.exe
    1944 C:\Windows\System32\atieclxx.exe
    2044 C:\Windows\System32\wlanext.exe
    1084 C:\Windows\System32\conhost.exe
    1740 C:\Windows\System32\spoolsv.exe
    1116 C:\Windows\System32\svchost.exe
    2184 C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    2364 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    2396 C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    2428 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    2476 C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    2536 C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    2624 C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    2648 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    2680 C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    2732 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    2740 C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
    2756 C:\Windows\System32\conhost.exe
    2796 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    2804 C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    2828 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    2856 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    2904 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    2996 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    3036 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    1992 C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    2488 C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    2564 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    2544 C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
    2548 C:\Windows\System32\conhost.exe
    3620 C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    3676 C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    3880 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    3980 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    4056 C:\Windows\System32\taskhost.exe
    4068 avgcsrva.exe
    3692 C:\Windows\System32\dwm.exe
    3764 C:\Windows\explorer.exe
    3760 C:\Windows\System32\taskeng.exe
    4456 C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    4160 C:\Program Files (x86)\Google\Update\\GoogleCrashHandler.exe
    4240 C:\Program Files (x86)\Google\Update\\GoogleCrashHandler64.exe
    4692 C:\Windows\System32\svchost.exe
    4512 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    4732 C:\Windows\System32\escsvc64.exe
    4184 WmiPrvSE.exe
    3900 C:\Windows\System32\svchost.exe
    5912 C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    5288 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    5948 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    5836 C:\Program Files\Elantech\ETDCtrl.exe
    4972 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    5464 C:\Program Files (x86)\AdFender\AdFender.exe
    5552 C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    1408 C:\Dolby PCEE4\pcee4.exe
     320 C:\Program Files (x86)\Launch Manager\LManager.exe
    6104 C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    5320 C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    1372 C:\Windows\System32\wbem\unsecapp.exe
    5064 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    1460 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
    1376 C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    5520 C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    5960 C:\Windows\System32\SearchIndexer.exe
    5792 C:\Program Files\Elantech\ETDCtrlHelper.exe
    5888 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    6088 C:\Program Files (x86)\Launch Manager\LMworker.exe
    5924 WmiPrvSE.exe
    6912 C:\Windows\System32\svchost.exe
    6812 C:\Windows\System32\svchost.exe
    7084 dllhost.exe
    6768 C:\Windows\System32\taskeng.exe
    6212 C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    2920 C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe
    4896 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    7148 C:\Windows\System32\audiodg.exe
    1120 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    3276 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    5244 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    5444 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    7028 C:\Program Files\EgisTec IPS\PmmUpdate.exe
    5240 C:\Program Files\EgisTec IPS\EgisUpdate.exe
    1032 C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
    6488 C:\Windows\System32\SearchProtocolHost.exe
    6248 C:\Windows\System32\SearchFilterHost.exe
    6304 C:\Users\Rob\Downloads\MBRCheck.exe
    1228 C:\Windows\System32\conhost.exe
    6084 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`86500000  (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0001SDM1

      Size  Device Name          MBR Status
    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79







Malwarebytes Anti-Malware

Scan Date: 9/13/2014
Scan Time: 7:09:09 PM
Logfile: MBRCheck_09.13.14_08.11.20.txt
Administrator: Yes

Malware Database: v2014.09.13.06
Rootkit Database: v2014.09.13.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312715
Time Elapsed: 20 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)






# AdwCleaner v3.310 - Report created 13/09/2014 at 19:47:39
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rob - ROB-PC
# Running from : C:\Users\Rob\Downloads\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Rob\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Rob\AppData\Roaming\iSafe

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\iSafe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\xdwjbhp1.default-1410126141402\prefs.js ]

-\\ Google Chrome v


AdwCleaner[R0].txt - [6854 octets] - [07/09/2014 11:57:44]
AdwCleaner[R1].txt - [6914 octets] - [07/09/2014 17:18:50]
AdwCleaner[R2].txt - [1124 octets] - [07/09/2014 17:51:02]
AdwCleaner[R3].txt - [1387 octets] - [07/09/2014 22:31:19]
AdwCleaner[R4].txt - [1365 octets] - [08/09/2014 19:10:38]
AdwCleaner[R5].txt - [1325 octets] - [10/09/2014 22:19:12]
AdwCleaner[R6].txt - [2020 octets] - [13/09/2014 09:56:49]
AdwCleaner[R7].txt - [1964 octets] - [13/09/2014 19:45:31]
AdwCleaner[S0].txt - [7064 octets] - [07/09/2014 17:22:11]
AdwCleaner[S1].txt - [1186 octets] - [07/09/2014 17:58:14]
AdwCleaner[S2].txt - [1452 octets] - [07/09/2014 22:32:47]
AdwCleaner[S3].txt - [1386 octets] - [10/09/2014 22:20:26]
AdwCleaner[S4].txt - [1916 octets] - [13/09/2014 09:58:18]
AdwCleaner[S5].txt - [1714 octets] - [13/09/2014 19:47:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1774 octets] ##########


#6 dc3


    Bleeping Treehugger

  • Members
  • 30,754 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:38 PM

Posted 14 September 2014 - 07:59 AM

Are you still getting the popups?

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





#7 RobinNJ

  • Topic Starter

  • Members
  • 6 posts
  • Local time:06:38 PM

Posted 14 September 2014 - 09:37 AM

Yes.  Still getting them.  They are incidious.


I've run the cleaners previously.  In SAFE mode, disconnected from the internet, etc.  I've run Malwarebytes, Goored, YAC, SpyBot, FixTDSS, Hitman, etc.  I also reset my modem.  All based on suggestions in other websites and forums.  Each time things get cleaned but return.

I also notice, nothing new, that the tabs in my webpages a the top of the screen continue to cycle through connecting to the internet.

#8 dc3


    Bleeping Treehugger

  • Members
  • 30,754 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:38 PM

Posted 14 September 2014 - 10:13 AM

Have you tried uninstalling Savifier in the Control Panel under Programs and Features?


Did you look in your browsers to make sure that your choice of a search engine is still set and the one being used.


Remove from Internet Explorer

Press Alt+T and click Internet Options.
Open the General tab.
Change the home page and click OK.
Press Alt+T and click Manage Add-ons.
Click Toolbars and Extensions and remove unwanted extension.
Click Search Providers and set a new default search engine.
Remove from Google Chrome
Press Alt+F and point to Tools.
Click Extensions.
Remove unwanted extensions.
Click Settings.
Under On startup, select the last option and click Set pages.
Set a new startup page.
Under Search, click Manage search engines and click enter the URL of your new default search provider. Click Ok.
Remove from Mozilla Firefox
Press Alt+T and click Options.
Open the General tab and change the home page.
Click OK.
Press Ctrl+Shift+A and click Extensions.
Remove unwanted extensions.
Close the tab.
Click the search engine icon next to the search box and select a new search provider.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





#9 RobinNJ

  • Topic Starter

  • Members
  • 6 posts
  • Local time:06:38 PM

Posted 14 September 2014 - 09:25 PM

Nothing has worked.  However.... I tracked something back to a file syswow64.  After doing some research it seems I have my hands full with syswow64 trojan.

Assuming this is the root of my problems, what do I do next?

#10 dc3


    Bleeping Treehugger

  • Members
  • 30,754 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:38 PM

Posted 15 September 2014 - 10:31 AM

There are tools or techniques which cannot be used in this forum which will be needed to clean your computer.  For this reason you will need to open another topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum.
Before posting your topic there you will need to read and follow the instructions in the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.
This forum is always busy, for this reason it may take a couple of days before a member of the Malware Removal Team will be able to get to your topic.  Do not add anything once you have posted your log.  The Malware Removal Team members look for topics which have not been addressed, if you post any additional information it will make it appear that the topic is being addressed.
After you have posted your new topic a Moderator will close this topic.  If after cleaning the infection it is determined that you have a software or hardware issue you can contact a Moderator to have your topic reopened.  

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





#11 jmscreator


  • Members
  • 1 posts
  • Local time:05:38 PM

Posted 12 October 2014 - 05:36 PM

I am familiar with the reason you are getting Ads. I very recently removed a very annoying AdWare from one of my client's computers. What it did was change the proxy to a localhost server, then it would redirect ads based on the networks traffic and finish with the direct connection to the internet.


How to FIX your problem. I noticed in your Analysis List you have "C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe" and "C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe" This is the AdWare. You need to completely remove the Diagnostics folder.

How to do so, follow instructions carefully:

Open a command prompt (MUST be with Administrator privileges)


Type the following and press enter after each line:

You can also copy and paste this code into a *.bat file and run it.

sc stop Proxy
sc stop Diagnostics
sc delete Proxy
sc delete Diagnostics
rd /S /Q %CommonProgramFiles%\Diagnostics
rd /S /Q %CommonProgramFiles(x86)%\Diagnostics
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d "" /f
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

After running these commands with Administrator privilege, you should restart the computer and it should work fine. This will simply remove the Node.exe AdWare.


Thanks! Hope it helps.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users