Malware I cant shift

  CaleI 09:45 21 Jun 04

Hi, I've been infected by a browser Hijacker which I cant remove. I've tried the usual progs, Hijackthis and adware, but the trojan keeps overwriting my home page, search page etc etc. It's not even on reboot, it reactivates a dew munutes after I've removed it with HJT. The ones that look like kcxhw.dll/sp.html#23851 are the ones I'm talking about.

Does anyone know how to remove this?

Here's the HJT log report

Running processes:
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SSUK\My Documents\My Downloads\Hijack\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kcxhw.dll/sp.html#23851
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kcxhw.dll/index.html#23851
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kcxhw.dll/index.html#23851
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kcxhw.dll/sp.html#23851
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kcxhw.dll/index.html#23851
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kcxhw.dll/sp.html#23851
O2 - BHO: (no name) - {B756513C-B2A5-1805-60FF-E40570DBC936} - C:\WINDOWS\crqa.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [addel.exe] C:\WINDOWS\system32\addel.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KeyWallet] C:\PROGRA~1\KEYWAL~1\KWallet.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Startup: AOL 9.0.lnk = C:\Program Files\AOL 9.0\aol.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O10 - Unknown file in Winsock LSP: c:\windows\safetp\stplayer.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - click here
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here

  Lozzy 09:52 21 Jun 04

Try Reg Healer it worked for me. click here

  Gongoozler 10:02 21 Jun 04

Search page hijackers can often be removed by CoolWebShredder click here

  CaleI 10:03 21 Jun 04

Thanks, but I'd rather explore the 'free' options first. I'm not going to for out £20 on a product that 'may' work.

  CaleI 10:08 21 Jun 04

Gonogoozler I tried that.. no joy

  Lozzy 10:14 21 Jun 04

Unfotunately some times in life you get what you pay for. That was the only thing that cured my issue and it was the same as yours.

I could not find a freeware to sort.

  CaleI 10:20 21 Jun 04

Well if I pay for a program, then they have won. It's the principal. I'll explore every option before I pay. It's funny, most of the ads that pop up with this thing are for spyware removal. Kidda ironic. wouldnt surprise me if it was the same comanies who set up these scams!

  CaleI 10:20 21 Jun 04

Well if I pay for a program, then they have won. It's the principal. I'll explore every option before I pay. It's funny, most of the ads that pop up with this thing are for spyware removal. Kidda ironic. wouldnt surprise me if it was the same comanies who set up these scams!

  Gongoozler 10:43 21 Jun 04

Hi CaleI. I think your best bet now is to post your HJT log on a specialist forum such as click here

  Gongoozler 10:44 21 Jun 04

---- or Computercops click here

  Newuser4165 11:25 21 Jun 04

Have you switched off system restore before cleaning it?
From your desciption it's in the restore folder.

This thread is now locked and can not be replied to.

Amazon Fire HD 8 review: A brilliant combination of function and value – with one massive caveat

1995-2015: How technology has changed the world in 20 years

How to create an introvert-friendly workplace

Apple Watch Series 2 review | Apple Watch 2 review: New Apple Watch is faster, brighter,…