CID Popups cant get rid off might have to reformat

[Noxah]

Hello, guys i posted my log on another forum, and didnt get any replies so i hope this is the right place, i got a virus from msn messneger ive tried all the removal methods but it didnt work. ive scanned it with lavasoft it didnt find. please help.

 

[Blind Dragon]

Cid popups are no cause to reformat -

Please post over at techguy that you are already receiving help here so that they don't waste time going through instructions and we don't give conflicting advice.

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKCU\..\Run: [hidebalm] "C:\ProgramData\ListIdleIdle.qy1mu3
  O4 - HKCU\..\Run: [SHIM LINK FREE BALL] "C:\ProgramData\REAL JOY SIGN.1szi1xd"

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

---------------------------------------------------------------------

OTMoveit2 by OldTimer
Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [b]C:\ProgramData\ListIdleIdle.qy1mu3
  C:\ProgramData\REAL JOY SIGN.1szi1xd[/b]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

------------------------------------------------------------------------

Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach this log with your reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

-------------------------------------------------------------------------

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

----------------------------------------------------------------------------

Run a fresh Hijackthis scan for me

Attach here:
1) OTMoveit2 log
2) MBAM log
3) Fresh Hijackthis log

 

[Noxah]

Thanks ok ill do that, im going to use your technqiues. btw this seems pretty long atm so im going to do it tommorow and give you the response. because the virus is on my sisters pc not mine.

 

[Blind Dragon]

That's fine, its not as bad as it looks -> just very detailed steps for each program

 

[Noxah]

will this 100% get rid of it, you sure those processes are causing the problem?

 

[Blind Dragon]

I am positive they are, and there is no 100% garuntee that this will be the end of the instructions, but after you show me the logs I can verify that they are gone and we can run a few more scans to be sure. After I see the requested logs then we can go from there in making sure that it is gone

 

[Noxah]

otmoveit log
malware log
fresh hijackthis log
also prefetched was disabled in ATF Cleaner.exe

Im still getting cid popups after doing all those methods

 

[rf6647]

Welcome back!

HJT is out-of-date.

SAS added to bag of tools. See pinned 8-step malware removal

Update all tools; post fresh logs.

See ya.