Sagipsul popups

[kjk926]

So I've searched this forum for a little bit and it seems like this virus is very popular right now. But i keep getting these popups and I've ran Malwarebytes and it's gotten rid of a lot of stuff but there are two files it keeps coming up with that will not remove properly ....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System

It keeps saying they are removing successfully but every time I run the scan it keeps coming up. Attached is my hijacks log. Anyone who could help I would greatly appreciate it. Also if I could get an idea of where these viruses come from so I can avoid them and have the people in my house know what to look for in the future that would help. Thanks in advance!

 

[kimsland]

I'd suggest you un-install:

Symantec Ghost (and Antivirus, if installed)
Trend Micro Internet Security 12
Spyware Doctor
Spy Sweeper

Then have a look at:

UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Also try Avira Antivirus instead

 

[kjk926]

I took all those steps

I took all the steps listed in that post. I have attached my log files. Also while running Avira these two things are popping up every couple minutes but more so when I restart the computer...

C:\windows\system32\lvjaqk.dll
C:\windows\system32\cqxxse.dll

 

[kimsland]

Just whilst I'm checking the HJT log
Please do a quick scan (not full) with Malwarebytes again

BUT please update it first (it's on the third tab in Malwarebytes program -> Update

Update then quick scan

 

[kimsland]

Main Start Page = http://dslstart.verizon.net/
Please change your Browser start page to www.msn.com


Open HJT, run a scan only, tick and fix the following

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {303d14f6-0843-45fc-8b13-f3ed1b6ba8ea} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [c2c145] C:\WINDOWS\c2c145
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINDOWS\system32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Kim\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Kim\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\Run: [mihaviyehu] Rundll32.exe "C:\WINDOWS\system32\limereju.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kim\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL lvjaqk.dll otasil.dll cqxxse.dll , ,C:\WINDOWS\system32\tewiseni.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: pmnoMGyy - pmnoMGyy.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://layouts.cbimg6.com/25/12379c.gif

Then after fixing, run ccleaner: http://www.ccleaner.com/download/downloading

Then restart