Just can't get rid of Blazfind...

[Lm4Hb]

I've tried Ad-aware, CWShredder, and Spybot several times, and I can't seem to get rid of Blazefind. Here is my HT log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\aim\aim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=99
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WINDOW~4\WinSB.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [79871767.exe] C:\WINDOWS\System32\79871767.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\aim\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite\kpp.exe" "C:\Program Files\Kazaa Lite\kazaalite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...2/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...597.4415162037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...13/mcfscan.cab

[Ioman]

This is what I found on the net, try it and see if it works. My guess is you are going to have to follow these instructions to letter if you want it to work correctly.

Use the following manual steps to remove the Blazefind Toolbar:

First close all browser windows. Text instructions are available to print or download HERE (Right click and choose Save As to download to your computer). Now go to your Windows Control Panel in Add/Remove Programs, close the Control Panel window if you can and remove 'IE SearchBar ' from the Add/Remove Programs window. This will lead you the the Blazefind homepage. Now go the homepage you wish to set as your own, and click in browser Tools / Internet Options and in the homepage section 'Use current'. Please reboot to make sure all changes are saved and changed properly for all Windows versions.

[ECA]

I would also SUGGEST you kill WEATHERBUG...
It has the GAIN popup in it.. And it wont run without GAIN.

[Lm4Hb]

Well it didnt work, it just removed my google toolbar, and the blazefind pop-ins still occur.....

btw weatherbug has not given me problems

[Ioman]

What is weatherbug?

[Lm4Hb]

Nothing, don't worry about it.

[ECA]

yes, worry about it.
It carries the GAIN popup advertizer.
1. they Load the adverts on your machine.
2. they can ADD anything they WANT to your machine.

also AIM is not needed, as it is AOL.
you have SVHOST running 2 times, its not needed.
Lexbces, Gearsec, Khost, I dont know.
DPPS dont seem to be working, against popups.

did you lock ActiveX under spyblaster??
Kill all tools under HKLM

Why is there an UPDATE going on here??
QDiagHUpdateObj Class

Why do you NEEd house call...

And it looks like you have 2-3 virus progs... Panda, Mcaffee, and another.

[llbbl]

Boy am I glad more people have been helping out with the Hijack logs. I was getting sick of fixing them...

[Ioman]

I found this on the web, maybe try running this free anti-spyware program: http://www.spysweeper.com/remove-xrenoder.html

First, move Hijack This to a permanent directory like c:\program files\hijack this\hijackthis.exe. This way you can undo any changes, and make backups.

Put a check next to these, click "fix checked" and reboot.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/277b5fa51e60e63...p/RdxIE601.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/bridge-c1.cab

Unknown, remove also.
O2 - BHO: (no name) - {547A8966-85D8-47C7-9980-DE0D280E89A9} - C:\WINDOWS\ygrn.dll
O2 - BHO: (no name) - {B9683AC2-EF4E-BE3C-BBCA-8B9A26FAF290} - C:\WINDOWS\system32\zuhenqum.dll
O2 - BHO: (no name) - {BC8B0DA9-A2EE-C4EB-F4EC-57B545E2A6E7} - C:\WINDOWS\system32\qvsovdnt.dll
O4 - HKLM\..\Run: [ahjxjnae] C:\WINDOWS\zbwwpwdo.exe
O4 - HKLM\..\Run: [VRIZAY] C:\WINDOWS\VRIZAY.exe
O4 - HKLM\..\Run: [j1zc] C:\WINDOWS\xa4rT0bj.exe

After a restart, delete these files if found:
zzb.exe
Belt.exe
C:\WINDOWS\zbwwpwdo.exe
C:\WINDOWS\VRIZAY.exe
C:\WINDOWS\xa4rT0bj.exe

After your done, post another log, so we can check it out

[Ioman]

Also R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
This can't be good, I would remove this also, if you have problems after
you can always put it back.

O4 - HKLM\..\Run: [] c:\WINDOWS\System32\

Let me know if this works.