Having Sagipsul popups - did 8 step clean, logs included

[TheChinglish]

Could someone please tell me if my system is clean or not after running the steps?

Thanks in advance.

 

[Blind Dragon]

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  O2 - BHO: (no name) - Disabled:{00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
  O2 - BHO: (no name) - Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
  O2 - BHO: (no name) - Disabled:{F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
  O20 - AppInit_DLLs: agrsstx.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program Files\RelevantKnowledge\rlai.dll hpucnv.dll eavlpo.dll

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

===============================

OTMoveit3 by OldTimer
Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  explorer.exe
  
  :Files
  C:\windows\system32\agrsstx.dll
  C:\windows\system32\hpucnv.dll 
  C:\windows\system32\eavlpo.dll
  C:\Program Files\RelevantKnowledge
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Attach the OTMoveit3 log with a fresh hijackthis log

 

[joeshmo473]

i am having similar pop ups and need help,
this is my hijack this log, please help!

 

[Blind Dragon]

Hi joeshmo473

I see the problem in your log

Welcome to Techspot!

Please have a read here-> Is your system infected? Read this before Cleaning or Formatting

If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in YOUR OWN thread with the requested logs, you can start your own thread https://www.techspot.com/vb/menu28.html. There should be at least 3.

1)MBAM log
2)SAS log
3)Hijackthis log (last step)

This thread is for the use of TheChinglish only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[TheChinglish]

Blind Dragon - Thanks so much for your help thus far... I can't even begin to comprehend the amount of skill needed to decode all of this isht.

Here is my OT log and the updated HJT log.

 

[TheChinglish]

can anyone check these new logfiles in the post directly above?

 

[Blind Dragon]

Looking better, how is the system doing now? Still popups?

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt