Homepage hijacked?

[Raistlfiren]

I belive my homepage is hijacked and other websites. For some reason I am getting these weird webpages showing up whenever I start up the Internet and when I search on Google. For instance I wait about 5 minutes to get online and start a new browser, then I get onto the internet and it opens my homepage. Not only does my homepage pop-up,but also another web page. A completely random webpage. Also when I am searching Google I will search for something and another webpage will randomly pop up. These aren't pop-ups but ust random homepages. Anyone know what the heck is wrong. Here is my HiJack this log. I dont believe it will be any help, but here you go.


Logfile of HijackThis v1.98.2
Scan saved at 8:46:38 PM, on 9/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOW***plorer.EXE
C:WINDOWSNhksrv.exe
C:WINDOWSMicrosoft.NETFrameworkv2.0.40607aspnet_ad min.exe
C:WINDOWSsystem32crypserv.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesNorton AntiVirusSAVScan.exe
C:WINDOWSSystem32cvss.exe
C:Program FilesPhotodexProShowGoldScsiAccess.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesMicrosoft HardwareMousepoint32.exe
C:WINDOWSMMKeybd.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNetropaTraymon.exe
C:Program FilesNetropaOSD.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:WINDOWSSystem32tbctray.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesCMS PeripheralsBounceBack ExpressBBLauncher.exe
C:Program FilesSpywareGuardsgmain.exe
C:Program FilesSpywareGuardsgbhp.exe
C:WINDOWSSystem32wuauclt.exe
C:PROGRA~1NORTON~1navw32.exe
C:Program FileseMuleemule.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMessengermsmsgs.exe
Cocuments and SettingskevinMy DocumentsHiJack ThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = [Only Registered and Activated Users Can See Links. Click Here To Register...]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [DellTouch] C:WINDOWSMMKeybd.exe
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [NAV CfgWiz] C:Program FilesCommon FilesSymantec SharedCfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM..Run: [Microsoft Works Update Detection] C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [RoxioEngineUtility] "C:Program FilesCommon FilesRoxio SharedSystemEngUtil.exe"
O4 - HKLM..Run: [TraySantaCruz] C:WINDOWSSystem32tbctray.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU..Run: [Microsoft Works Update Detection] C:Program FilesMicrosoft WorksWkDetect.exe
O4 - Startup: BounceBack Launcher.lnk = ?
O4 - Startup: SpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:Program FilesQuickenbillmind.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:Program FilesSierra ImagingImage Expert 2000IXApplet.exe
O8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:Program FilesGoogleGoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:Program FilesGoogleGoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:Program FilesGoogleGoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:Program FilesMicrosoft Interactive TrainingO10Cmitm0026.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} (WTApp Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [Only Registered and Activated Users Can See Links. Click Here To Register...]

[Mobo]

Download lsp fix [Only Registered and Activated Users Can See Links. Click Here To Register...]. Open it and click "I know what i'm doing". Then move any instances of xfire_lsp_9028.dll to the remove section and click "Finish" when done.

Reboot and see what happens.

[southernlady]

AFTER he gets you all fixed up, download and install SpywareGuard. It SAVED my REAR last week from a homepage hijacking and two days later it saved my husband's. Liz

[Raistlfiren]

I thought you said that lsp fix was for X Fire. I do have X Fire for my computer. It is a way to talk to friends and play games with them. I got both products, Spyware Guard and Spyware Blaster. A webpage that pops up is : [Only Registered and Activated Users Can See Links. Click Here To Register...]
Raistlin

[Mobo]

Ok so that explains it then yet it doesn't. It has been turning up in a lot of logs lately without installing the application at all...HMM so whats with the puffy lips program that gave you all the popups ?

[Mobo]

I assume you fully scanned with adaware and have you ever tried firefox ?

[Raistlfiren]

LoL, the puffy lips lady is giving me some trouble and other web sites that pop up. I have ran Ad-Aware SE, it may be another program I use. :/ Could viruses do this?
Raistlin

[Mobo]

I haven't seen a virus do that but have seen that sort of thing from trojans so maybe run an independent scan .

[Raistlfiren]

Awww... I see... I will check that out Mobo.
Raistlin

[Mobo]

Keep us posted then please.