Logs for cid pop up removal

[adds416]

Here are all the logs I could post.

NoLop said that it found no infections, so i don't have a log for that one.
I do have an old NoLop log tho. It was about 1 or 2 months ago. When I scanned now from NoLop, it shoes no infections. I will post that also if anyone might need it.
View attachment 34390

View attachment 34391

View attachment 34392

View attachment 34393

 

[raybay]

Run Antivir Antivirus free download, free MBam MalwareBytes, free SuperAntiSpyware, and free Adaware 2008
Then reboot, and run the free scan of Spyware Doctor 5.5...
Then decide it it is worth it to you to pay the $25 to buy it, as it is very good for this infestatioin.
But I think the other stuff will get rid of it for you.

 

[raybay]

At the end of this, run the free HiJack This, and ComboFix, and post their logs here if the problem continues.

 

[LookinAround]

See/follow instructions in this TechSpot post (which will directs you through a number of scanning/removal steps and then has you run and post HijackThis log at the end)

Viruses/Spyware/Malware, preliminary removal instructions

 

[adds416]

I have tried SuperAntispyware, SpywareDoctor, Mcfee virus scan, HijackThis, Combofix, and NoLop. The cid popups is still coming after I have used all these softwares. There must be another way than just scanning, because it seems that it's not doing anything, such as maybe manually delete some files or something.

 

[adds416]

Here is the updated HJT Log.
View attachment 34401

 

[LookinAround]

Check the following in HijackThis output

• O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
• O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
• O4 - HKLM\..\Run: [BOOK BITS GRID FORD] "C:\Documents and Settings\All Users\Application Data\Mapi Meta Book Bits\CURB SKIP.exe"
• O4 - HKCU\..\Run: [cake grim] C:\DOCUME~1\Harshil\APPLIC~1\UPLOAD~1\name noun.exe

Then click Fix Checked and restart computer. Those last two items look like trouble to me. Report back. If still problems i would also suggest Autoruns (see below) and Hijackthis again

1. Download/run Autoruns
2. Start Autoruns but hit Escape immediately to stop the scan
3. Click to set (turn on) Options -> Verify Code Signatures and Options -> Hide Microsoft Entries
4. File -. Refresh to restart the scan. Look in lower left of the window for scan status
5. When scan is done, File -> Save As to save it as a text file. Post the file to the thread

 

[adds416]

Grrr. I give up. I still see the cid popup ads. There is just one thing left to do, I will have to format the system. This may be my last post. It was nice working with all of them.

 

[LookinAround]

Please post the Autoruns scan.

The infection is clearly "regenerating" itself so it's starting somewhere. Autoruns will give me a look at everything without a digital signature and not from Microsoft. Can help to find the real source.