spyware with popups & popunders

Dear readers of this forum

My name is paul from the netherlands and i have an annoing problem.
When i am connected to the internet i constantly get popunders and some times popups. Normally my google bar would stop this from happening but as it seems it got skrewd. It is still there but it doenst work anymore. I had something called omuz.exe on my pc but its gone now. The system scan i had to do all failed at finding anything so you people are my last hope.

i use avg av, spybot s&d, A squared full version, regfreeze, adaware, xoftspy, etrust pestpatrol, security task manager, ccleaner, cwsschredder and kill2me

all of the above dont find consistent results. And most of them find nothing but still i get the popups and popunders

i hope you can do something for me.

thank paul

 

Please see the below thread on running the L2MeFix Tool.

• Look2Me VX2 Removal

 

done here are the results

 

Please see the below thread on how to install and run Ewido Security Suite.

• Running Ewido Security Suite ...

 

done here are the results

 

same topic just a little different which programs should i keep of the following and which should i get, probably a fire wall and what more and what can i delete?

AVG anitvirus
xsoftspy
Spybot search and destroy
a squared guard/startcenter
regfreeze
adaware
etrust pestpatrol
security task manager

ccleaner
ewido
cwshredder
kill2me
l2mfix
hijackthis
microsoft malicious ...

and which firewall is recommended?

 

AVG AntiVirus, Ad-Aware, Spybot S&D & CCleaner. The others are tools and programs used for cleaning. You can remove those as if needed you can download again. They are updated often so after a few weeks they will be out dated.

ZoneAlarm Free is the best firewall IMO.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O20 - Winlogon Notify: Mixer - sndmix.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\i6jq0g15e6.dll (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

After you complete the above, reboot and procede with the below...

Finally, I would like you to Flush your System Restore Points. Please follow the instructions in this link --->Disable and Re-enable System Restore

• First, turn OFF System Restore to flush any bad Restore Points.
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete this fix, reboot and attach a fresh HJT log and let me know how things are running.

 

system is running without popups or popunders
installed zonealarm

still spybot sd found a problem with command services could only fix 2 out of 3 problems?

what is cli.exe is it related to my videocard and should it have access to my inet?

for the tweaking part i will look under the tweaking zone.

I would sincerely like to thank you

paul

 

Yes, that file is part of ATI, I dont see a need to internet access so I wouldnt allow it.

Click Start > Run > type in regedit

Manually navigate to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Right click on cmdService and select "Permissions". In the list click on "Everyone" and at the bottom, check the box next to "Full Control. Click OK to exit.

Now right click on "cmdService" and delete it. If you get any errors let me know!

Now do the same for the key below:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Right click on cmdService and select "Permissions". In the list click on "Everyone" and at the bottom, check the box next to "Full Control. Click OK to exit.

Now right click on "cmdService" and delete it.

After you complete this, reboot and see if Spybot still detects these entries.

 

done prolbem is solved,

another victory for you in spyware country

greetz paul

 

If your not having any further problems, you should see this article on How to Protect yourself from malware!

Surf Safely!