Having Sagipsul popups - did 8 step clean, logs included

By TheChinglish
Dec 30, 2008
  1. Could someone please tell me if my system is clean or not after running the steps?

    Thanks in advance.
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      O2 - BHO: (no name) - Disabled:{00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
      O2 - BHO: (no name) - Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
      O2 - BHO: (no name) - Disabled:{F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
      O20 - AppInit_DLLs: agrsstx.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program Files\RelevantKnowledge\rlai.dll hpucnv.dll eavlpo.dll
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    OTMoveit3 by OldTimer
    Please download the OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      C:\Program Files\RelevantKnowledge
      [start explorer]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Attach the OTMoveit3 log with a fresh hijackthis log
  3. joeshmo473

    joeshmo473 TS Rookie

    i am having similar pop ups and need help,
    this is my hijack this log, please help!
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi joeshmo473

    I see the problem in your log

    Welcome to Techspot!

    Please have a read here-> Is your system infected? Read this before Cleaning or Formatting

    If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in YOUR OWN thread with the requested logs, you can start your own thread There should be at least 3.

    1)MBAM log
    2)SAS log
    3)Hijackthis log (last step)

    This thread is for the use of TheChinglish only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. TheChinglish

    TheChinglish TS Rookie Topic Starter

    Blind Dragon - Thanks so much for your help thus far... I can't even begin to comprehend the amount of skill needed to decode all of this isht.

    Here is my OT log and the updated HJT log.
  6. TheChinglish

    TheChinglish TS Rookie Topic Starter

    can anyone check these new logfiles in the post directly above?
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Looking better, how is the system doing now? Still popups?

    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...