TechSpot

Still being invaded by annoying pop-up ads :o'

By IMAbomb
Jan 8, 2005
  1. i followed the intructions for removing begin2search and coolwebsearch, which totally removed begin2search from my computer (thank yeh ;o) but i'm still being bombarded by pop-up ads.

    i've also been getting a vccleanup.exe error message everytime i turn on the computer. Is there something i can/should do to fix it or to stop getting that message?

    i've attached my current hijack-this log. (i think)
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You have way too much junk on your PC. After following my thread about How to remove Begin2Search / Coolwebsearch
    it is more than sufficient to keep Adaware and Spybot (and your Antivirus Kaspersky) and throw the rest away.

    You are not supposed to have ANY Symantec stuff on your PC. Let's KILL it.

    Boot in Safe Mode.

    UNinstall anything to do with these, if you can:

    C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\PROGRAM FILES\PALTALK\PNETAWARE.EXE
    C:\Program Files\SpyKiller\spykiller.exe
    C:\PROGRAM FILES\BUGTOASTER\BUGWATCHER.EXE
    C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE

    Run HJT and let it "fix" (if still there):

    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
    C:\WINDOWS\SYSTEM\VCMOZBE.EXE
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\PROGRAM FILES\PALTALK\PNETAWARE.EXE
    C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jesusfreakhideout.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.scourweb.net/nph-search.cgi?partner=wesrch1&look=stmpl1&kw=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Everyones Internet
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZSERV.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [fjhcojq] C:\WINDOWS\SYSTEM\vcmozbe.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE" /Q
    O4 - HKCU\..\Run: [BugWatcherService] "C:\PROGRAM FILES\BUGTOASTER\BUGWATCHER.EXE"
    O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
    O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\Symantec Shared\LiveReg\VcCleanUp.exe

    Whwn HJT is done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
     
  3. IMAbomb

    IMAbomb TS Rookie Topic Starter

    one more question (and a big Thanks)

    Okay. i did everything you said except allow HJT to fix:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jesusfreakhideout.com/

    and

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Everyones Internet

    :wave: Should i have allowed HJT to fix them? cause the only reason i didn't was because i figured that the jesusfreakhideout.com website was listed because i have it saved as my homepage...and i didn't check Everyones Internet cause it's my internet provider..so i figured you wanted it fixed because you probably never heard of it.

    Other than that my computer is running very smoothly and not a pop-up ad in sight :grinthumb Thank yeh! Thank yeh! so much..u rawk
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    It is generally advisable to have a reliable, well-known website as your default-page (such as www.techspot.com), rather than some obsure website.
    But if you are happy with your choices, then that's OK by me.
    Glad you got it sorted.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...