2 malware programs

Hello,
For starters i tried to read earlier post to see if i could find and answer but i couldn't/didn't understand so i guess i will have to bother you. Ok well i have done everything that was said in the sticky post, ad-aware,vx,spybot,cwshredder.. etc. but i still have 2 malware programs that keep coming back. The two are coolwebsearch(read the other post), and peopleonpage. If you could help me out with these two i would greatly appriciate it. Also one more thing, i got these two programs plus other like ad-destroyer from lyrics.com!(100% sure!!!) Is it legal for websites to do that? Can it be stopped? Please help me. I was clean for so long

 

Hi Adx87,

Please look in Add or Remove Programs for POP, Apropos Media, and other suspicious entries.


If you are certain that you've exhausted the Tutorial's options, then go ahead and send us a HijackThis Log. Make sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Somebody will try to take a look at your Log when they get a chance.

Best
PP

 

I wasn't sure if I should, so I ran ccleaner, spybot(got POP), then ad-aware(found coolwebsearch, and froze while removing it). This might have taken care of the problem for now, but they will come back.

P.S. I am truly sorry if I am wasting your time by posting my log. I think you guys do a great job!

 

Hey PP, see if I missed anything
disable system restore if you have not already
http://forums.majorgeeks.com/showthread.php?t=31668

open your task manager ctrl>alt>del and end this process
appvk32.exe
find it and remove it
C:\WINDOWS\system32\appkf32.exe
(maybe that can be taken care of with about:buster,its in the read me
)
anyway
and if you havent yet(per the sticky's)
go to Start->Run and type "Services.msc" (without quotes) then hit OK. Scroll down until you find one of the following:

Workstation NetLogon Service
Network Security Service
Remote Procedure Call (RPC) Helper

When you find it, double-click the service, then hit Stop, and set its startup type to Disabled, hit Apply and OK
close everything and run HJT, check these entries:


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [appvk32.exe] C:\WINDOWS\appvk32.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra ''Tools'' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

close all browsers(even this one) and click fix


I don't know what these are,do you?
C:\WINDOWS\System32\ole1_qcx.exe
C:\WINDOWS\iphi32.exe

 

thanks for the help guys, it worked!