Sagipsul help please

[Josiechiu12]

I've been gettin pop-ups from the site sagipsul.com please help me get rid of it. I've attached the following log.

 

[gillianbrown]

Go HERE, follow the instructions and post the log files once done.

 

[kimsland]

I have also removed your other thread Josiechiu12 (2 members have done this today!)
You only need 1 thread

By the way, you should remove both Symantec and AVG7 (both are bad in my opinion, and likely corrupted)
You can find the removal tools for them here: https://www.techspot.com/vb/post700392-2.html

 

[Josiechiu12]

i've scanned the computer with superantispyware and Malwarebytes' Anti-Malware. there are no more pop-ups but i'm not sure if it is completely gone

sorry i forgot to attach the hijackthis log
here it is

 

[kimsland]

you should remove both Symantec and AVG7 (both are bad in my opinion, and likely corrupted)
You can find the removal tools for them here: https://www.techspot.com/vb/post700392-2.html

You need to do the above. ie You can only have 1 AntiVirus installed at a time (not 3)
Also your Malwarebytes' Database version is old, you will need to update it, and then run another full scan.

Due to you not completing the Antivirus removal tools (in my original post) you will need to re-submit all fresh logs again (after doing the above )

By the way, use Edit instead of replying to yourself, if your posts is still the last post in the thread (presently not)

 

[Josiechiu12]

ok i removed avg7 and symantec
i reinstalled malwarebytes and rescanned the computer.
here are the logs

 

[kimsland]

More wasted time and posts!


-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) a new HJT log

 

[Josiechiu12]

I've rescanned. Here are the logs

 

[kimsland]

Well done :grinthumb

Please re-scan HJT and place a tick and then fix all of the following entries (some bad, some not required)
Note: Before "fixing" confirm all Internet browser windows (ie Internet Explorer) are closed

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {40C1D615-8BC6-4AF9-8586-E2EAAB833CF1} - C:\WINDOWS\system32\ddcApMcc.dll (file missing)
O2 - BHO: (no name) - {606C59B3-7394-4EE0-A3BA-B33F0A783BF3} - C:\WINDOWS\system32\khfDSlJy.dll (file missing)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/interim/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Filter hijack: text/html - {ee19076c-2713-4b70-a2b0-19b6baa90e1e} - C:\WINDOWS\system32\iehlpr32.dll
O20 - AppInit_DLLs: dglbdp.dll nfgwxx.dll
O20 - Winlogon Notify: byXOhhFX - byXOhhFX.dll (file missing)
O21 - SSODL: RamSrvc - {b192c115-341d-4308-bfed-625fc1b627b2} - C:\WINDOWS\Resources\RamSrvc.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Before restarting

Un-install: Viewpoint (Removal Tool: http://prm753.bchea.org/viewpointkiller.zip)

Then download Combofix
Lots of info on its use here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Direct download here: https://www.techspot.com/downloads/5587-combofix.html

Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
Log into your Administrator account
Locate the previously downloaded Combofix
Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

Once Combofix has finished, save the log file to be attached to a new reply
Restart back to Normal mode, and attach the Combofix log

Whilst waiting for my reply, you may want to re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove) I would do this

Waiting for your reply...

 

[Josiechiu12]

Okay i deleted the files except:
O2 - BHO: (no name) - {40C1D615-8BC6-4AF9-8586-E2EAAB833CF1} - C:\WINDOWS\system32\ddcApMcc.dll (file missing)
O2 - BHO: (no name) - {606C59B3-7394-4EE0-A3BA-B33F0A783BF3} - C:\WINDOWS\system32\khfDSlJy.dll (file missing)

because I couldn't find them.

And I also ran combofix. Here is the log:

 

[kimsland]

Good

Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Run CCleaner once more

Restart

Let me know how it's now running

 

[Josiechiu12]

Everything's fine now. Thanks for helping!

 

[kimsland]

Thanks for the update :grinthumb