explorer troubles

Hi all, not sure if in right area? But this is comming up in my explorer,when i try to access a site... C:\WINDOWS\gstvlieiexie.htm#http...this is allways first then my page address i want. But wont take me there...Having trouble with my outlook express not connecting as well?. Have run spybot & adaware.
anyone had this before or know of it ?? Thanks.......BTW im on another comp for this..

 

Hi Robo, i did the hijack bussiness. Got rid of a few things but still same deal, when i work out how to post my results il re-do hijack, thanks for your help.
Its one of a few problems i have with that comp..looking like a re:format soon.
Trouble is im not that comp literate, but learning=)..Thanks again.

 

Hijack

Logfile of HijackThis v1.97.7

well here is my latest hijack log, hope someone can make head or tails of it...
Trying to stop my kids from playing around on my computers=) but thats what there for, arn`t they??..



Scan saved at 2:27:19 AM, on 2/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\WinServices.exe
C:\WINDOWS\System32\tcpsvs32.exe
C:\PROGRA~1\MICROS~2\Mouse\point32.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\PROGRA~1\NoAds\NoAds.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\DOCUME~1\rm\LOCALS~1\Temp\TE2E74~1.ZIP\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.locators.com/search.php?que=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5efd808a-2b06-4b25-8774-633b65c56159} - C:\DOCUME~1\rm\APPLIC~1\prckllblefz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-AA8E-8E1CA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrs0108.dll (file missing)
O3 - Toolbar: vllkquiefie - {12982abd-05e0-442b-8061-9b46e4085427} - C:\DOCUME~1\rm\APPLIC~1\prckllblefz.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [pmpibke] "C:\WINDOWS\System32\pmpibke.exe"
O4 - HKLM\..\Run: [WinServices] C:\WINDOWS\System32\WinServices.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NoAds] "C:\PROGRA~1\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winpopup] C:\WINDOWS\winupie.exe
O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [ICQ] C:\PROGRA~1\ICQ\ICQ.exe -trayboot
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Locators.com Search Bar (HKLM)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {522F629A-4DFE-43FA-8311-6F9C871016C5} - http://media.euniverse.com/cursorzone/files/flowgo_granny_setup_td035.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://www.goinnow.com/tl4000.dll
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab

 

re:hijack

Great thanks robbo, Doing that as i type,will let you know. Thanks for your time & effort.Have to go overseas wed so trying to get it ok for emails & such to keep in touch with family. Regards Rick

Well have finally run the YaHa removal tool. Im on my comp so here`s hoping it stays ok,one thing im not sure on is to delete the c:/windows\winupie.exe
the second time as it was removed on the first hijack scan? so wasain`t there on the second scan? The scan fixed 2 registy entries, second time i ran it it said no virus found=) Outlook express opened ok, but sometimes will not be a problem when restarted. Anyway lets hope Thanks again Robbo

you might also want to check your Internet properties and connections for anything suspicious... wouldain`t know what to look for=)

 

hi rick as for this
C:\WINDOWS\winupie.exe

you must remove it look here
http://www.pestpatrol.com/PestInfo/t/tradeexit.asp