Azesearch toolbar: I NEED HELP

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by didi1987, May 4, 2005.

  1. didi1987

    didi1987 Private E-2

    I have this Azesearch toolbar that has dramatically slowed my computer down. This toolbar also changes my homepage to a porn site. Any ideas? I would love to post my hijack log. please help me someone =(
     
  2. jarcher

    jarcher I can't handle a title

    First,go through this sticky . .
    READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal:
    Run through it completeley
    if you have to, double check everything and make sure you did do everything
    and all software is up to date

    Then,run through this before attaching a log
    NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting:
    *Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis! Please do this!!!*
     
  3. foot loose

    foot loose Private E-2

    the tool bar is problerbly in add/remove programs
     
  4. didi1987

    didi1987 Private E-2

    OK Jarcher, I ran all the scans at the links you sent me, I did everything exactly as asked. Azesearch doesnt show up on Internet Explorer under when i boot my computer up as "Safe mode" but under regular Mode it's still there. Would you like me to post a Log?
     
  5. jarcher

    jarcher I can't handle a title

    look in your add remove programs fo toolbars. then post it as an attachment after you have gone though the second read me, in my last post.
     
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    didi1987,

    http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

    http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

    http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  8. didi1987

    didi1987 Private E-2

    Htj Log

    Jarcher, I did everything on both links you sent me and Im led to my final resort: Attached is my HJT Log. Thanks.
     

    Attached Files:

  9. jarcher

    jarcher I can't handle a title

  10. didi1987

    didi1987 Private E-2

    I apologize, here is the new Log.
     

    Attached Files:

  11. jarcher

    jarcher I can't handle a title

    make sure you have view hidden files enabled
    update your HJT
    close all windows(including this one)
    and scan with HJT
    check these:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1001732
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1001732
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azesearch.com
    R3 - Default URLSearchHook is missing
    O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
    O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\azesearch3.dll
    O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasadm.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab

    click fix
    add remove programs for wild tangent

    Delete these files

    C:\WINDOWS\system32\azesearch3.ocx
    C:\WINDOWS\system32\iasadm.dll

    reboot
    run spybot S&D
    give me an updated new log
     
  12. didi1987

    didi1987 Private E-2

    I did everything you told me up until the "Delete these files", the azeserch.ocx file was deleted, but when i attempted to delete "C:\WINDOWS\system32\iasadm.dll" it said it was "acess denied." Im working on the new scan and new log ill have it posted in 10 minutes. Thanks.
     
  13. jarcher

    jarcher I can't handle a title

    try it in safe mode
    and if that doesn't work

    dl
    Pocket KillBox
    delete file on reboot

    C:\WINDOWS\system32\iasadm.dll
     
  14. didi1987

    didi1987 Private E-2

    Here is the Log, I did the Spybot scan before i took the log.
     

    Attached Files:

  15. jarcher

    jarcher I can't handle a title

    scan again
    close IE before you scan(you have two windows open)

    check these

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\azesearch3.dll

    if you didn't put it there. . .
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

    close every thing
    click fix

    boot insafe mode
    find and delete
    C:\WINDOWS\system32\iasadm.dll
    either way(manually first)
    emtey recycle bin
    reboot
    run ccleaner(you should have it)
    open only HJT
    scan
    send me a new log
     
  16. didi1987

    didi1987 Private E-2

    Here is the New Log. Thank you. I also saw a "Free download manager" under my program files as I was uploading the Log. Is that supossed to be there?
     

    Attached Files:


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds