AZESearch troubles and other spyware/malware(possibly?)

Hello folks, thank the Lord that I stumbled upon this site. I must congratulate you all for the great work. A very helpful site indeed ! I am new here so If I dont post something right or anything else, make sure to let me know so I can learn from you all.

Well, here I go: Just yesterday AZESearch toolbar got installed on my comp. I tried removing the files in system32 but there still appears to be traces of the spyware on my comp due to google and yahoo problems (wont let me search properly, seems like the pages are loaded from somewhere else, not the "original" working pages). I have adaware SE, avg antivirus(free edition), Norton Systemworls 2005 and HighJackThis. I would greatly appreciate if someone could guide me in fixing this problem as it is annoying and troublesome. (I have attached the log file from HJT)

And secondly, this past month I have notice that when my comp loads (WinXP Home) into the login screen -> it makes a long trrrrrrrrrr sound (sry dont know how to explain better than that lol). Its quite loud and it seems to make this sound for a longer period of time than b4. (ie. b4 it used to be half a second of this sound, now it seems to go on for 2-3 secs). And also, when I login it takes soo long to load the desktop and everything else (ie. once i login, the login page may take a whole min until it loads desktop and icons ,etc..). I believe this to be some kind of Malware, spyware, that is affecting comp and I wasnt able to delete. So again, if someone would be so kind in assisting me in these dilemmas I would be GREATLY obliged.

I thank you all in advance.
Estel_MM

 

First:
Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Second:
Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

Third:
Please close ALL browsers while running HJT!

• C:\Program Files\Internet Explorer\iexplore.exe

Fourth:
Please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above, reboot and post a new HJT log!

 

Hello, I have followed all the steps as required and it seems that things are working properly, for certain azesearch google/yahoo problems are gone.
You have my thanks!
Here is the updated log, tell me please if I need to do anything else.

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AddressBar Class - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} -C:\WINDOWS\system32\iasad.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)

O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c283.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/Lycos/Sidesearch.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab


Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\couponsandoffers ←–– Delete this whole folder if it exist!

NEXT:
Run CCleaner

Reboot to Normal Windows


FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.



After doing the above, Scan with HijackThis and attach the new log.

 

Hey bjgarrick, your help has worked like a charm. I am in your debt. Many thanks to you sir.
All done as specified, posted the latest log.

 

I notice a few minor issues we need to remove!


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Common Files\tsa ←–– Delete this whole folder if it exist!

NEXT:
Run CCleaner

Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

sry I havent responded in so long, i have a few things i must attend to first before changing anything on comp. So as soon as I can I will post my log. Again, thanks a lot.

 

Okay! Just be sure you complete the fix. Will be awaiting new log.