Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AZESearch- yep another one


  • Please log in to reply

#1
joker_chinchilla

joker_chinchilla

    New Member

  • Member
  • Pip
  • 8 posts
Heres the HiJackThis log-

Logfile of HijackThis v1.99.1
Scan saved at 9:53:57 PM, on 2/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\program files\180sol\180searchassistant\saap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JOEGON~1\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebs....joker_chinchila
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotf...count_id=132047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.freewebs....joker_chinchila
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\azesearch.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: AZESearch toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\system32\azesearch.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [saap] c:\program files\180sol\180searchassistant\saap.exe
O4 - HKLM\..\Run: [bel] C:\WINDOWS\bel.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ICQ 5.lnk = C:\Program Files\ICQLite\ICQLite.exe
O4 - Global Startup: MSN Messenger 7.0.lnk = ?
O4 - Global Startup: Yahoo! Messenger.lnk = C:\Program Files\Yahoo!\Messenger\YPager.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...0006_cracks.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azese...l/azesearch.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.co...aploader_v5.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co....VU/launcher.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Please do remember i am new with this so give me clear instructions!
Thanks ahead,
Joe :tazz:
  • 0

Advertisements


#2
joker_chinchilla

joker_chinchilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ohh and if you could tell me how to get rid of another thing called SideFind
  • 0

#3
joker_chinchilla

joker_chinchilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Uhh.. I need somebody... Not just anybody... someone?
  • 0

#4
joker_chinchilla

joker_chinchilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
HELP!!! please!
  • 0

#5
joker_chinchilla

joker_chinchilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Still not HELPING.
  • 0

#6
joker_chinchilla

joker_chinchilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Please?
  • 0

#7
MPVision

MPVision

    New Member

  • Member
  • Pip
  • 3 posts
How to get rid of AZESEARCH :tazz:


START>RUN and then type:
regsvr32 /u /s "%systemroot\system32\azesearch.ocx"

it's now uninstalled and you are able to delete the 3 azesearch.* files in
your %systemroot%\system32 folder.

Additionally you can open the regeditor (regedit.exe oder regedt32.exe) and delete the azesearch registry key under HKLM\SOFTWARE, but this isn't necessary.

Hope this helps.
  • 0

#8
MPVision

MPVision

    New Member

  • Member
  • Pip
  • 3 posts
How to get rid of AZESEARCH :tazz:


START>RUN and then type:
regsvr32 /u /s "%systemroot%\system32\azesearch.ocx"

it's now uninstalled and you are able to delete the 3 azesearch.* files in
your %systemroot%\system32 folder.

Additionally you can open the regeditor (regedit.exe oder regedt32.exe) and delete the azesearch registry key under HKLM\SOFTWARE, but this isn't necessary.

Hope this helps.
  • 0

#9
joker_chinchilla

joker_chinchilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The first step didn't work, somebody help! it's f*king my comp'!
  • 0

#10
joker_chinchilla

joker_chinchilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey, wait just a minute, it worked!!! thanks man, i love you!!!
  • 0

Advertisements


#11
krazykat

krazykat

    Member

  • Member
  • PipPip
  • 19 posts
:tazz: AzeSearch i had it however thanks to this site i got rid of the thing using AD-AWARE, It Helped me thx. krazykat
  • 0

#12
illusions

illusions

    New Member

  • Member
  • Pip
  • 1 posts
hey thanks guys :tazz: ....I finally removed the d***!!! thing :mad: ...it was really geting on my nerves...plus the content was really inappropriate with my children using the computer.... so thanks guys. ;)
  • 0

#13
thefireman

thefireman

    New Member

  • Member
  • Pip
  • 1 posts
It allowed me to delete 2 of the files from the system32 folder but the azesearch.ocx still says it is locked and can not be deleted, anything else I can do to unlock it
  • 0

#14
dm1983

dm1983

    New Member

  • Member
  • Pip
  • 1 posts

hey thanks guys :tazz: ....I finally removed the d***!!! thing :mad: ...it was really geting on my nerves...plus the content was really inappropriate with my children using the computer.... so thanks guys. ;)

View Post


Exactly what did you type in the run menu...in your answer, please do not put some things in quotes and other things out of quotes. Please also be sure not to add or leave out any spaces.
  • 0

#15
MPVision

MPVision

    New Member

  • Member
  • Pip
  • 3 posts
@dm1983

If you haven't noticed it, in my first post there was missing a % sign after systemroot. Here's the correct command again, just write it like it's shown here, with all quotes:

regsvr32 /u /s "%systemroot%\system32\azesearch.ocx"

explanation:
regsvr32 oder regsvr32.exe is the command followed by a space
/u is the option to uninstall/unregister followed by a space
/s is the option for "now comes the path to the program" followed by a space
"..." is the programpath inside quotes, otherwise /s doesn't recognize it as pathname, than it could contain space.


@thefireman

there are 3 altnerative options to delete files which are currently used and so protected by the system.

option 1: close the program or process that is using the file. Since the file is used by the explorer process, this isn't an option this time.

option 2: share the folder that's containing the file, log off the current user, access the share over the network from a second computer and delete the file. After that you can log in and unshare the folder again.

option 3: boot from disk or cd. you can use a ms-dos
boot disk if your partition containing the file is formatted as FAT or FAT32. If the partition is formatted as NTFS you must boot from the windows cd using the reconvery console. After booting you're in a shell like enviroment. To delete the file use the del command.

e.g.: del c:\windows\system32\azesearch.ocx

the path depends on where you installed windows.
Reboot and you are done.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP