Homepage keeps changing when i reboot

My homepage keeps changing when i reboot my computer!!! Been reading the last few thread and i downloaded HijackThis... I realli new to this. So can someone hwlp me pls!!!

StartupList report, 05/10/2004, 23:55:19
StartupList version: 1.52.2
Started from : C:\DOCUME~1\Stephen\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\mapiicon.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\iM Networks\iM Radio Tuner\iM_Tray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Stephen\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
iM StartCenter.lnk = ?
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

C-Media Mixer = Mixer.exe /startup
AtiPTA = atiptaxx.exe
NeroCheck = C:\WINDOWS\System32\NeroCheck.exe
ADSL_A2 = A2Installed
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
EPSON Stylus C43 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
WINDVDPatch = CTHELPER.EXE
UpdReg = C:\WINDOWS\UpdReg.EXE
Jet Detection = C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\DAP\DAPBHO.dll - {0000CC75-ACF3-4cac-A0A9-DD3868E06852}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Tubby - C:\WINDOWS\System32\TBC.dll - {9EAC0102-5E61-2312-BC2D-544243544243}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\WINDOWS\System32\ncg.dll (file missing) - {CBBA07A5-5E04-4F40-8546-AEC5DBD5652B}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer - Stephen.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[{11010101-1001-1111-1000-110263637096}]
CODEBASE = ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni/kill.chm::/d_Main.exe

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[AllmDisplay Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ALLMDI~1.OCX
CODEBASE = http://www.3monster.com/AllmDisplay.cab

[CR64Loader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll
CODEBASE = http://www.miniclip.com/platypus/miniclipGameLoader.dll

[Scanner Class]
InProcServer32 = C:\temp\TDECntrl\TDECntrl.dll
CODEBASE = http://www.trojanscan.com/trojanscan/TDECntrl.CAB

[ScanFile.FileScan]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ScanFile.ocx
CODEBASE = http://www.contentpurity.com/ScanFile.CAB

[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://207.188.7.150/0989657ae6ed4e8b6e05/netzip/RdxIE601.cab

[Autodesk MapGuide ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MgAxCtrl.dll
CODEBASE = http://www.can.com.sg/mwf/mgaxctrl.cab

[{652524F4-F52B-4951-9C1E-30DB62B2B34D}]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3sg.cab

[sBChecker Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SBCHEC~1.OCX
CODEBASE = http://maxonline.starhub.com/smartbridge/sBChecker.cab

[AvxScanOnline Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX
CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab

[MSN File Upload Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MsnUpld.dll
CODEBASE = http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38031.1024537037

[ScorchPlugin Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\NPSibelius.dll
CODEBASE = http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

[Live365Player Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Play365.dll
CODEBASE = http://www.live365.com/players/play365.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab

[Microsoft Common Dialog Control, version 6.0]
InProcServer32 = C:\WINDOWS\System32\comdlg32.ocx
CODEBASE = http://activex.microsoft.com/controls/vb5/comdlg32.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,792 bytes
Report generated in 0.063 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Have you checked for the problom about.blank. That was a problem I had. Ther are a number of specific Trojan destroyers that will correct the problem.

Thanks for replying!!!

I did a system check with adaware SE and also with norton anti-vrus...However it does not help!!!!

My hopepage keeps re-directing to search-control.com

I had a look at that web page. Some of the anti virus and pop up software people are quite rude. They load their program so that it hijacks your internet and has pop ups occur advertising their product. Unfortunatley I cannot remember how to get rid of it. Maybe someone else can help here it seems to be adaware

Hi GoVeg,

Download HijackThis (link below). Make sure you install HijackThis to a permanent folder such as C:\HJT as it creates backups of what we will fix. Run the program, press Scan, after a brief pause press Save log. Notepad will open, copy and paste the entire log into your post. Do not fix anything yet, most of what's in the log is needed!

Tom

Hi

I've have installed HijackThis onto my c drive.... Here is the Log

Logfile of HijackThis v1.98.2
Scan saved at 07:57:54, on 09/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Stephen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {23213025-E261-4396-A4C7-5F1216037661} - C:\WINDOWS\System32\bnige.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-544243544243} - C:\WINDOWS\System32\TBC.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: iM StartCenter.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11010101-1001-1111-1000-110263637096} - ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni/kill.chm::/d_Main.exe
O16 - DPF: {193F7872-BDA9-4117-A3A1-253C12D75D73} (AllmDisplay Control) - http://www.3monster.com/AllmDisplay.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/ScanFile.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0989657ae6ed4e8b6e05/netzip/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {652524F4-F52B-4951-9C1E-30DB62B2B34D} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3sg.cab
O16 - DPF: {6A607D08-EEC4-11D5-AB13-000102C5D598} (sBChecker Control) - http://maxonline.starhub.com/smartbridge/sBChecker.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O18 - Filter: text/html - {C775C36B-1385-481F-86EE-0BB8CB36AF21} - C:\WINDOWS\System32\bnige.dll
O18 - Filter: text/plain - {C775C36B-1385-481F-86EE-0BB8CB36AF21} - C:\WINDOWS\System32\bnige.dll

This variant of CWS often installs a hidden dll file which causes the infection to be reinstalled every time you Restart the computer.

1. Please download DllCompare

2. Start the Program with its default settings and put a check mark in the include subdirectories. Click the Run Locate.com and wait until the scan says complete.

3. Click the Compare button to start the next process.

4. Files in the upper portion have been verified to "exist", Files in the bottom section were not able to be accessed. Very few files should be listed in the bottom section when the Compare scan is complete.

5. Click on each of the listed entries in the lower section to select them. Right-click on the file and use the Option Rescan.

6. This will cause Windows Find to see if the file does exist, and then it will be removed from the list (to reduce the number of identified files)

7. Click the Make a Log of what was found button, and post the log here in this thread using Add Reply to receive further instructions.

Tom

Hi Goveg,
try the following Removal Instructions copied from SpywareInfo web site:

Merijn, author of HijackThis and StartupList, has created CWShredder specifically to remove this parasite. Please make certain that all browser and folder windows are closed before using CWShredder. If any symptom of the problem remains afterward, then follow these directions below. If you have any problem with CWShredder, please ask for help in our support forums.

This article is located at http://www.spywareinfo.com/articles/cws/

m3lab

Thanks Tom

Do u know where i can download DllCompare?

take a look at this three files, try deleting this files, but remember, always create a backup.

Tubby - C:\WINDOWS\System32\TBC.dll - {9EAC0102-5E61-2312-BC2D-544243544243}
UpdReg = C:\WINDOWS\UpdReg.EXE
C:\Program Files\iM Networks\iM Radio Tuner\iM_Tray.exe

Good luck!

GoVeg,

Sorry about not giving you the link in my previous post.

Let's take a new approach....

Symantec Security Response has developed a removal tool to clean this infection:

Please download the tool from:

http://securityresponse.symantec.co...er/FxAgentB.exe

Follow the all the instructions given by Symantec.

If you have any questions regarding the fix, don't hesitate to ask.

Then post a fresh HijackThis log.

Tom

GoVeg,

I have a couple of additional steps I'd like you to perform....

Please save the log Symantec's tool produces and include it in your next post.

When you are finished with Symantec's fix tool:

Please download CWShredder written by Merijn Bellekom from Here Save it to a convenient location such as your Desktop

Press "Check for Update" and download any new updates available. The current version is 1.59.1

Close ALL browser windows or it may not work! Run CWShredder and select "Fix" (do not just Scan). It will automatically remove the infections.

Then post a fresh HijackThis log.

Tom

Here is the log Symantec's tool produces

Symantec Backdoor.Agent.B Removal Tool 1.0.1.2


C:\System Volume Information: (not scanned)
F:\System Volume Information: (not scanned)
G:\System Volume Information: (not scanned)
Backdoor.Agent.B has not been found on your computer.