The following instructions have been created to help you to get rid of "AzeSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • malware

Description:
AzeSearch installs a toolbar in the Internet Explorer (IE) without giving the user a possibility to cancel that process.
Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "TrustIn Popups" and pointing to "*".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
  • Products that have a key or property named "TrustIn Bar".
  • Products that have a key or property named "Contextual Ads".
  • Products that have a key or property named "TrustIn Popups".
  • Products that have a key or property named "AZESearch".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\trustin bar\trustin.dll".
  • The file at "<$PROGRAMFILES>\TrustIn Contextual\trustincontext.dll".
  • The file at "C:\Program Files\TrustIn Contextual\trustincontext.dll".
  • The file at "<$WINDIR>\azesearch.bmp".
  • The file at "<$FAVORITES>\Favorites\Cars.url".
  • The file at "<$FAVORITES>\Favorites\Domain Names.url".
  • The file at "<$FAVORITES>\Favorites\Finance.url".
  • The file at "<$FAVORITES>\Favorites\Games.url".
  • The file at "<$FAVORITES>\Favorites\Humor.url".
  • The file at "<$FAVORITES>\Favorites\Movies.url".
  • The file at "<$FAVORITES>\Favorites\Online Pharmacy.url".
  • The file at "<$FAVORITES>\Favorites\Sex Personals.url".
  • The file at "<$FAVORITES>\Favorites\Sports.url".
  • The file at "<$FAVORITES>\Favorites\Viagra.url".
  • The file at "<$FAVORITES>\Favorites\Weather.url".
  • The file at "<$FAVORITES>\Favorites\Web Hosting.url".
  • The file at "<$FAVORITES>\Favorites\Music and Movies\Albums.url".
  • The file at "<$FAVORITES>\Favorites\Music and Movies\Artists.url".
  • The file at "<$FAVORITES>\Favorites\Music and Movies\AudioBooks.url".
  • The file at "<$FAVORITES>\Favorites\Music and Movies\Collections.url".
  • The file at "<$FAVORITES>\Favorites\Music and Movies\Mp3 Search.url".
  • The file at "<$FAVORITES>\Favorites\Music and Movies\New releases.url".
  • The file at "<$FAVORITES>\Favorites\Music and Movies\Ratings.url".
  • The file at "<$FAVORITES>\Favorites\Music and Movies\Soundtracks.url".
  • The file at "<$FAVORITES>\Favorites\Spyware Removers\Adware Sheriff.url".
  • The file at "<$FAVORITES>\Favorites\Spyware Removers\Raze Spyware.url".
  • The file at "<$FAVORITES>\Favorites\Spyware Removers\Reg Freeze.url".
  • The file at "<$FAVORITES>\Favorites\Spyware Removers\Remedy AntiSpy.url".
  • The file at "<$FAVORITES>\Games\Carnival Casino.url".
  • The file at "<$FAVORITES>\Games\Club Dice Casino.url".
  • The file at "<$FAVORITES>\Games\Monaco Gold Casino.url".
  • The file at "<$FAVORITES>\Games\New York Casino.url".
  • The file at "<$FAVORITES>\Games\USA Casino.url".
  • The file at "<$FAVORITES>\Games\You Bingo.url".
  • The file at "<$FAVORITES>\Games\Gambling\Aces & Faces.url".
  • The file at "<$FAVORITES>\Games\Gambling\Baccarat.url".
  • The file at "<$FAVORITES>\Games\Gambling\Black Jack.url".
  • The file at "<$FAVORITES>\Games\Gambling\Caribbean Poker.url".
  • The file at "<$FAVORITES>\Games\Gambling\Casino War.url".
  • The file at "<$FAVORITES>\Games\Gambling\Cinerama.url".
  • The file at "<$FAVORITES>\Games\Gambling\Craps.url".
  • The file at "<$FAVORITES>\Games\Gambling\Deuces Wild.url".
  • The file at "<$FAVORITES>\Games\Gambling\Diamond Valley.url".
  • The file at "<$FAVORITES>\Games\Gambling\Fruit Mania.url".
  • The file at "<$FAVORITES>\Games\Gambling\Gold Rally.url".
  • The file at "<$FAVORITES>\Games\Gambling\Jacks or Better.url".
  • The file at "<$FAVORITES>\Games\Gambling\Magic Slots.url".
  • The file at "<$FAVORITES>\Games\Gambling\Mega Jacks.url".
  • The file at "<$FAVORITES>\Games\Gambling\Pai Gow Poker.url".
  • The file at "<$FAVORITES>\Games\Gambling\Red Dog Poker.url".
  • The file at "<$FAVORITES>\Games\Gambling\Roulette.url".
  • The file at "<$FAVORITES>\Games\Gambling\SafeCracer.url".
  • The file at "<$FAVORITES>\Games\Gambling\Sic Bo.url".
  • The file at "<$FAVORITES>\Games\Gambling\Wall St. Fever.url".
  • The file at "<$FAVORITES>\IcoPorn\Angel Baby.url".
  • The file at "<$FAVORITES>\IcoPorn\Ass to Mouth.url".
  • The file at "<$FAVORITES>\IcoPorn\Babysitter.url".
  • The file at "<$FAVORITES>\IcoPorn\Candys Girls.url".
  • The file at "<$FAVORITES>\IcoPorn\Cheerleader Diaries.url".
  • The file at "<$FAVORITES>\IcoPorn\Double Her Pleasure.url".
  • The file at "<$FAVORITES>\IcoPorn\Extreme Penetrations.url".
  • The file at "<$FAVORITES>\IcoPorn\Girls School.url".
  • The file at "<$FAVORITES>\IcoPorn\IcoNet.url".
  • The file at "<$FAVORITES>\IcoPorn\Kelly the Coed.url".
  • The file at "<$FAVORITES>\IcoPorn\Naughty Nannies.url".
  • The file at "<$FAVORITES>\IcoPorn\Over eighteen.url".
  • The file at "<$FAVORITES>\IcoPorn\Teachers Pet.url".
  • The file at "<$FAVORITES>\IcoPorn\Titty Mania.url".
  • The file at "<$FAVORITES>\IcoPorn\True College Girls.url".
  • The file at "<$FAVORITES>\IcoPorn\Women in Black .url".
  • The file at "<$FAVORITES>\Pharmacy\Carisoprodol.url".
  • The file at "<$FAVORITES>\Pharmacy\Celebrex.url".
  • The file at "<$FAVORITES>\Pharmacy\Cialis.url".
  • The file at "<$FAVORITES>\Pharmacy\Crestor.url".
  • The file at "<$FAVORITES>\Pharmacy\Levitra.url".
  • The file at "<$FAVORITES>\Pharmacy\Lipitor.url".
  • The file at "<$FAVORITES>\Pharmacy\Neurontin.url".
  • The file at "<$FAVORITES>\Pharmacy\Online Pharmacy.url".
  • The file at "<$FAVORITES>\Pharmacy\Paxil.url".
  • The file at "<$FAVORITES>\Pharmacy\Phentermine.url".
  • The file at "<$FAVORITES>\Pharmacy\Tramadol.url".
  • The file at "<$FAVORITES>\Pharmacy\Water Phentermine.url".
  • The file at "<$FAVORITES>\Pharmacy\Xanax.url".
  • The file at "<$FAVORITES>\Pharmacy\Zocor.url".
  • The file at "<$FAVORITES>\Pharmacy\Zoloft.url".
  • The file at "<$FAVORITES>\Travel\Adventure Travel.url".
  • The file at "<$FAVORITES>\Travel\Air Travel.url".
  • The file at "<$FAVORITES>\Travel\Business Travel.url".
  • The file at "<$FAVORITES>\Travel\Discount Travel.url".
  • The file at "<$FAVORITES>\Travel\Food.url".
  • The file at "<$FAVORITES>\Travel\Hawaii Travel.url".
  • The file at "<$FAVORITES>\Travel\Lodging.url".
  • The file at "<$FAVORITES>\Travel\London Travel.url".
  • The file at "<$FAVORITES>\Travel\Travel Agent.url".
  • The file at "<$FAVORITES>\Travel\Travel Insurance.url".
  • The file at "<$FAVORITES>\Travel\Travel package.url".
  • The file at "<$FAVORITES>\Travel\Travel Reservation.url".
  • The file at "<$FAVORITES>\Travel\Travel Spain.url".
  • The file at "<$FAVORITES>\Travel\Travel Web site.url".
  • The file at "<$FAVORITES>\Travel\Vacation Cruises.url".
  • The file at "<$FAVORITES>\Travel\Vacations.url".
  • The file at "<$SYSDIR>\kfsdfksldfk.fgi".
  • The file at "<$WINDIR>\zsettings.dll".
  • The file at "<$SYSDIR>\zlokdfs9.leo".
  • The file at "<$SYSDIR>\zolker010.dll".
  • The file at "<$SYSDIR>\ztoolb010.dll".
  • The file at "<$SYSDIR>\iasadm.dll".
  • The file at "<$SYSDIR>\iasada.dll".
  • The file at "<$SYSDIR>\iasad.dll".
Make sure you set your file manager to display hidden and system files. If AzeSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "C:\Program Files\TrustIn Contextual".
  • The directory at "<$FAVORITES>\IcoPorn".
Make sure you set your file manager to display hidden and system files. If AzeSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • A key in HKEY_CLASSES_ROOT\ named "TrustIn.activator", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "TrustIn.activator.1", plus associated values.
  • Delete the registry value "{a19ef336-01d4-48e6-926a-fe7e1c747aed}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
  • Delete the registry value "{a19ef336-01d4-48e6-926a-fe7e1c747aed}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
  • Delete the registry value "{a19ef336-01d4-48e6-926a-fe7e1c747aed}" at "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
  • Delete the registry key "TrustIn Bar" at "HKEY_LOCAL_MACHINE\Software\".
  • Delete the registry key "TrustIn Bar" at "HKEY_CURRENT_USER\Software\".
  • A key in HKEY_CLASSES_ROOT\ named "TrustIn.StockBar", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "TrustIn.StockBar.1", plus associated values.
  • Delete the registry key "{07A78AEA-4A54-4967-9A60-4B68592D30C7}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{07A78AEA-4A54-4967-9A60-4B68592D30C7}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{8C88AAE2-A341-4DE8-B064-062194307E5F}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{506146FD-9499-49A8-AEDE-692C173B2AA4}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{81CDDAE8-3B92-4F0D-86C1-8DD5DB6A8471}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{EFA1EC0F-8359-41B7-A178-7DD6805A0C79}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{FE6C16C4-16AD-47B6-B250-26AD1829E49A}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{FE6C16C4-16AD-47B6-B250-26AD1829E49A}" at "HKEY_CLASSES_ROOT\CLSID\".
  • A key in HKEY_CLASSES_ROOT\ named "TrustInContext.ContextualAds", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "TrustInContext.ContextualAds.1", plus associated values.
  • Delete the registry key "{C28EB22A-6966-4E4B-8592-E84C28D38402}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{B1C54189-72F0-4353-987B-18FA221BEF09}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "TrustIn" at "HKEY_LOCAL_MACHINE\Software\".
  • Delete the registry key "TrustIn Popups" at "HKEY_LOCAL_MACHINE\Software\".
  • Delete the registry key "TrustIn Popups" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "{FFF5092F-7172-4018-827B-FA5868FB0478}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
  • Delete the registry key "{38252777-2500-456E-8B3D-A55850306DA2}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry value "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
  • Delete the registry key "{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{f65b197f-8260-4d52-909a-f70118e646eb}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry value "{a19ef336-01d4-48e6-926a-fe7e1c747aed}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
  • Delete the registry key "{a19ef336-01d4-48e6-926a-fe7e1c747aed}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{ba048011-957f-4ba0-a804-62c28d96f878}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{f65b197f-8260-4d52-909a-f70118e646eb}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{42FC3840-020C-4E93-A34C-4DF1A6330FBB}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{DEA43CE3-D57B-45F6-A4D1-110E652CED11}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{1474CE44-8057-4AE3-8F3E-ED37C7C63D8A}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{D7BF3304-138B-4DD5-86EE-491BB6A2286C}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{FFF5092F-7172-4018-827B-FA5868FB0478}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{84C94803-B5EC-4491-B2BE-7B113E013B77}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{B5456470-1BDE-4807-B74D-1D2B83FAA264}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • A key in HKEY_CLASSES_ROOT\ named "AddressBar.Loader", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "AddressBar.Loader.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "ZToolbar.activator", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "ZToolbar.activator.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "ZToolbar.ParamWr", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "ZToolbar.ParamWr.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "ZToolbar.StockBar", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "ZToolbar.StockBar.1", plus associated values.
  • Delete the registry key "AZESearchCo" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry key "LoaderCo" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry key "{1474CE44-8057-4AE3-8F3E-ED37C7C63D8A}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{FFF5092F-7172-4018-827B-FA5868FB0478}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
If AzeSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.