I believe I have a Sagipsul virus. I followed the 8 steps listed in other threads, but my browser still tries to connect to a web adress such as: sagipsul.com/...
I will try to post my recent logs with this

Attached Files

	mbam-log-2009-01-05 (23-50-45).txt (1,016 Bytes, 3 views)
	SUPERAntiSpyware Scan Log - 01-05-2009 - 19-39-16.log (465 Bytes, 2 views)
	hijackthis.log (9.9 KB, 1 views)

Uninstall your McAfee Antivirus
Then run the McAfee Removal Tool

Install Avira free AntiVirus

Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed
By the way, your 5 other posts have been removed from someone elses Introduce yourself thread. You Do Not Need 5 Posts to get support here

I removed McAfee, then used the removal tool.
I installed Avira.
Ran Malwarebytes at least 4 times. The last 2 reported no infected objects.
Could you please have a look at my most recent logs which I have attached, I think I have removed all malicious software.
Thank you very much for your advice Kimsland

This is the most recent Malwarebyte log file. After updating I found 1 more infected object.

Attached Files

	mbam-log-2009-01-06 (19-38-31).txt (854 Bytes, 1 views)
	hijackthis.log (8.8 KB, 1 views)
	SUPERAntiSpyware Scan Log - 01-06-2009 - 20-10-44.log (465 Bytes, 1 views)
	mbam-log-2009-01-06 (20-22-01).txt (905 Bytes, 0 views)

Your almost there. Update MBAB & SAS. Your version of MBAM is about 100 updates behind the current version.

Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

HJT scan informs what has not been handled (computer restart before HJT scan)

Caught by HJT.
If symptoms remain, post new logs and describe conditions.


Following clean scans, Establish a new clean restore point and Clear your existing System Restore points:

• New
  • Go to Start > All Programs > Accessories > System Tools > System Restore>
  • Select Create a restore point> OK.
• Clear Old
  • go to Start > Run > cleanmgr > Select the More options tab >
  • Choose the option to clean up System Restore > OK
    • This will remove all restore points except the new one you just created.

I updated SAS and Malwarebytes.
Ran them both at the same time. Both gave clean reports (attached)
Restarted computer.
Ran HJT, (log attached)

Thanks for your help. Is my system clean now?

Attached Files

	SUPERAntiSpyware Scan Log - 01-06-2009 - 22-25-15.log (465 Bytes, 1 views)
	mbam-log-2009-01-06 (23-02-05).txt (854 Bytes, 2 views)
	hijackthis.log (9.0 KB, 3 views)

Add note - RE: O6 items


Ok! And I need to improve my wording - run as pair - should been understood as 'back-to-back'. Run MBAN. Run SAS. Repeat sequence until clean. I have this trouble when I try to save a few words. I was trying to correct the other interpretation where repeatedly run the first until clean and then repeat for the second.

Perhaps Kimsland will drop in on this thread. I do not recall how to control this or make it normal other than to reset the Internet Explorer settings (RIES)
PostScript
HJT Tick & Fix
Establish a new clean restore point and Clear your existing System Restore points:

• New
  • Go to Start > All Programs > Accessories > System Tools > System Restore>
  • Select Create a restore point> OK.
• Clear Old
  • go to Start > Run > cleanmgr > Select the More options tab >
  • Choose the option to clean up System Restore > OK
    • This will remove all restore points except the new one you just created.

ok cleared my restore points.
ran SAS and malwarebytes after each other. logs attached.
used HJT to remove 020 as instructed above.
Reset internet Explorer.
ran HJT again, log is below.

Thanks for all your help. Is my sistem clean now?

Attached Files

	mbam-log-2009-01-07 (19-30-34).txt (853 Bytes, 2 views)
	SUPERAntiSpyware Scan Log - 01-07-2009 - 18-21-47.log (465 Bytes, 1 views)
	hijackthis.log (8.5 KB, 2 views)

I believe your system is clean.

The 'toolbar restriction' is probably coming from one of them (such as Goo gle, Real, Mes senger, Java, or anything appearing as a button or menu item).

Tick/fix of O6 entries is not a fix. It suppresses the appearance in the log (unless re-generated by some program action that is reflected here). See #O6Diag

CCleaner has a 'registry' analyze/fix capability. Perhaps it can flag other keys that trigger the O6 toolbar restriction.

An perhaps it is 'residue' in its own right. HJT in safe mode has remove entries that were not touchable in normal mode.

If you have any doubts, Combo_fix scan can be used. In addition to its ability to root out stubborn infections, it picks out residue left by other scanners, and provides diagnostic information. (Combo_fix is spelled without '_' )

Two more cosmetic changes -
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - >> mcafee installer

Tag back with logs or other concerns.