Initial Problem was Aze Search. Have followed Read Me First Steps

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by janisr, Apr 5, 2007.

  1. janisr

    janisr Private E-2

    McAfee kept notifying me that it was trying to remove Aze Search. I looked this up and determined that it was a browzer hijacker. I wasn't actually having problems with my browser being redirected (possibly because I use Google.ca to search instead of Google.com), but noticed that when I view the toolbars in IE, I have a blank space with a check beside it. Running these scans has revealed that I have far more serious problems!

    I went through all the steps in the Read and Run me First as well as I could. I had to run Spybot S&D in Normal mode as it would not run in Safe mode. I allowed both Spybot S&D and CounterSpy to fix the problems found, but would now like your help in determining what to do next (I don't want to delete something vital).

    I am attaching my first three logs
     

    Attached Files:

    janisr, Apr 5, 2007
    #1
  2. janisr

    janisr Private E-2

    And here are the next three
     

    Attached Files:

    janisr, Apr 5, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Are you sure that McAfee has not fixed this? Or was it finding it in your System Restore folder. I see no signs of it.

    However, I do have a few things for you to do.


    Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
    C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software

    Also uninstall the below which should have been uninstalled in step 0 of the READ ME.
    Viewpoint Media Player

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...com/ranges/viewpoint/model.html?noreloadredir
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/bounce/install.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniquarium/popcaploader_v6.cab
    After clicking Fix, exit HJT.


    Are you still having the same problems? If so, toggle System Restore per step 8 of the READ ME and then tell if you still have the same problem. If something is detected, tell me where it is detecting it.
     
    chaslang, Apr 5, 2007
    #3
  4. janisr

    janisr Private E-2

    I am not sure if McAfee has fixed this or not. It is no longer popping up with the message, but I still have the blank toolbar (even after having Hijack This fix the "Toolbar no name") I have attached a screenshot if you want to see.




    This has been done.

    This has now been done. Sorry I missed it at the beginning:eek:

    I have also run Hijack This and fixed the items you specified.

    The Toolbar problem still seems to exist, even after reboot. System Restore was already turned off for all drives on my computer. Is it necessary to turn it on?

    Thank you so much for taking the time to look at my problem!
     

    Attached Files:

    janisr, Apr 5, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Actually this is not an issue that should be discussed in this forum. It is not malware. It is probably due to an incomplete uninstall of McAfee's Site Advisor which is what the line in HijackThis was related too. Is the O3 line still in your HJT log? Have you tried unlocking the Toolbars?


    Download Registry Search (see the link titled RegSearch Download Link )
    Extract the files from Regsearch.zip into a folder.
    Doubleclick regsearch.exe to start the program.
    Copy & paste the following string 0BF43445-2F28-4351-9252-17FE6E806AA0 in the top area of the form and then click "Ok".
    Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well). Attach this file to your next reply.
     
    chaslang, Apr 6, 2007
    #5
  6. janisr

    janisr Private E-2

    If this is not malware, then I am not concerned with the problem. I only posted because I thought this was related to the AZE Search Tool. You can close this Thread.

    Thanks for all your help

    Janis
     
    janisr, Apr 7, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Apr 8, 2007
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds