Not sure if it's a trojan but..

Hey- thanks for any help, in advance.
I've got this trojan / hijack or something on my browser. It's changed my homepage to this: res://kbzgw.dll/index.html#96676 and is coupled with spyware in the form of popups. I've done hijackthis etc, found it to be this BHO: O2 - BHO: (no name) - {7F33EE95-71F6-CC46-9B9F-9B4D5BE2D80B} - C:\WINDOWS\d3fr32.dll
and this is suspect too: O4 - HKLM\..\Run: [mfcpv32.exe] C:\WINDOWS\mfcpv32.exe..
I've tried to remove them, but they are constantly reinstalled. I've got 2 programs (ShoppingWizard and SearchExtender) in my add/remove programs registry, but I cant uninstall them..when I try to remove, I get an error that it can't load "http://looking-for.cc/uninstall/shoppingwizard.html".
That's as comprehensive as I can be. Its also of note that if I reset my homepage / settings, they are immedietly reversed to the aforementioned, and spywareguard completely misses it. Also, if I type any address without the www. prefix, IE adds a # before the url and directs me to another page similar to the spyware-ridden first. Example- wilderssecurity.com turns out as #wilderssecurity.com and 15 pop ups. Rather annoying.
Thanks again.

 

dear Emosem, have you tried running Spybot Search 'n' Destroy? some spywares requires the uninstaller to be downloaded from a webpage. probably thats why the page was being loaded. there has been some change in policy regarding HJT log cleaning so i can't tell you more.

 

Hi Emosem, and welcome to Wilders.

What you have is one of the newer, and nastier variants of CoolWebSearch, which involves using specific removal tools, posting a hijackthis log, and step-by-step instructions by someone experienced in removing this type of hijacker.

As AMRX has mentioned above, we no longer provide this type of system cleaning service, but you can find a list of other security sites that do provide HijackThis log analysis at this link: http://a-sap.org/

Whichever site you decide to go to, please be sure and follow their posting policy before you post your hijackthis log.

Regards,

snap

 

Well that's good news that it's identified, but then bad news twice. Thanks for the info though. Curious: Why the exodus from helping with problems like this? I'd guess it's time consumption, but eh..I'm sure there's a good reason. Thanks anyway.