• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

Yahoo Mail Problem

aidacuk

FPCH Member
Joined
Apr 26, 2008
Messages
24
#1
I think this is an OS problem but im not 100% sure. Basically as i type, my pc opens up Yahoo Mail in a new browser window, it seems it is random keys that cause this, as I have pressed each key one at a time and it never results in the same key popping up Yahoo Mail.

Its getting very annoying as I have to stop typing half way through a word, close Yahoo Mail then go back and carry on. Last night I was posting a short topic elsewhere, and it popped up 17 times!

Anyone know what's going on? And what can I do to stop it? Ive tried uninstalling the Yahoo toolbar and anything to do with Yahoo. Any other suggestions please?
 

ONY

Free PC Help Contributor
Joined
Mar 25, 2008
Messages
190
Location
UNITED KINGDOM
PC Experience
Some Experience
#2
Hiya and welcome aidacuk. Please be patient and someone will be along to assist you.
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#3
Hi

To elimate malware as the cause i recommend doing the following:

Your computer could be infected with Malware.

  • Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.
    It is a combination of the words malicious and software.
    The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
  • Required Cleanup Steps
    1. Run a Temporary files cleaner
    2. Disable the Spybot Search & Destroy TEA TIMER if enabled
    3. Run 2 Anti-Malware scanners
    4. Run an Online Anti-Virus / Anti-Malware Scanner
    5. Clear out old System Restore points
    6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file
The reason to run multiple scanners is to ensure that no single scanner is missing something.
The time it takes will vary depending on your system and your internet connection speed.
Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.
The ESET online scan should take between 1 to 3 hours.
In most cases, these scans will suffice to clean and disinfect your computer.
Heavily infected systems or slower PCs can take much longer to scan and clean.

For best results print the following instructions and bookmark this Web page
To keep this guide printer-friendly, use your cursor to highlight the contents below.
From your browser select File - Print and in the printer dialog box under "Print range"
click the Selection choice to print out these instructions for removal of malware.​
__________________________________________________​

STEP 1
  • Disable Spybot Search & Destroys' TEA TIMER: (if installed)
    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.
__________________________________________________​

STEP 2
  • Follow these instructions carefully.
  • Download ATF-Cleaner from Snapfiles.com to remove un-needed temporary files from your computer that may contain malware.
  • You can also download it from Majorgeeks.com
  • When you run ATF-Cleaner, check the items as shown below for Main.
  • For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
  • NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
  • Then click on "Empty Selected".
.
__________________________________________________​

STEP 3
  • Install and run the free version (not the Professional version) of SUPERAntiSpyware from SUPERAntiSpyware.com
    • Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
    • You do not have to send them your e-mail address, just click next.
    • You can leave the automated check for updates on.
    • You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
    • DO NOT allow SUPERAntiSpyware to protect your Home Page settings.
    • On the Top Left select the Scan your computer button.
    • Make sure there is a CHECK MARK on all Fixed Drives.
    • Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.
__________________________________________________​

STEP 4
  • Install and run Malwarebytes' Anti-Malware from Malwarebytes - (direct download)
    • Accept all defaults for the installer
    • Allow the program to update the definitions
    • Click on the Quick Scan and click Next.
    • If any items are found allow it to clean them and then Reboot your computer.
__________________________________________________​

STEP 5
  • Run an online scan with ESET from Free Virus Scan: Use ESET's Online Antivirus Scanner
  • You may have to disable your Firewall to operate this Online Scanner
    • You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
    • Accept the terms and click "Start".
    • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
    • Click "Start" to begin the scan.
    • When completed restart your computer
__________________________________________________​

Make sure your internet firewall security is enabled, and then please return to Free PC Help and tell us how the computer seems to be operating.
At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted.

If required this is the download link for TrendMicro™ HijackThis™
Unless instructed to by the Technician helping you then do not download this tool.

Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one.
Please follow the instructions here
How to turn off and turn on System Restore in Windows XP
How to turn off and turn on System Restore in Windows Vista
 

aidacuk

FPCH Member
Joined
Apr 26, 2008
Messages
24
#9
Hi again!

Sorry to bring this up again, but the problem has returned! I have followed the steps as mentioned above, and before running each step I have updated each program/downloaded the latest one. However this time it hasn't changed anything, whereas last time it fixed it straight away.

So does anyone know why it wouldn't work this time? Or if there is anything else I can do?

Just typing this post Yahoo Mail has opened 11 times :(
 

Goku

FPCH Long Term Member
Joined
Jun 6, 2008
Messages
1,570
Location
India
#10
OK Aidac, let us start by uninstalling Yahoo! Messenger or any other toolbar you might have. Remove everything related to Yahoo! and reboot the computer. Does the problem still persist?

-- Goku
 

Goku

FPCH Long Term Member
Joined
Jun 6, 2008
Messages
1,570
Location
India
#12
OK, I have a lot of questions, so please answer them patiently. They will help me eliminate various possibilities that might be causing the problem.

1. What browser are you using?
2. Does it happen only when you are connected?
3. What happens if you do not press any key at all?
4. When Yahoo! Mail opens, are you signed in?
5. Does the page look like a genuine Yahoo! link or does it look like a hoax?
6. What happens if you keep one instance of the Yahoo! window or tab open and continue with your work?

Answer them as soon as possible. :)

-- Goku
 

aidacuk

FPCH Member
Joined
Apr 26, 2008
Messages
24
#13
1. What browser are you using?

The latest IE version.

2. Does it happen only when you are connected?

No, it still opens but is unable to load the page.

3. What happens if you do not press any key at all?

Then it is fine.

4. When Yahoo! Mail opens, are you signed in?

No.

5. Does the page look like a genuine Yahoo! link or does it look like a hoax?

Yes it is genuine.

6. What happens if you keep one instance of the Yahoo! window or tab open and continue with your work?

It just keeps on opening more tabs. The problem is it doesn't open them in the background and allow me to carry on typing. Each time it opens I have to cross it off or click back to what I was typing. I currently have 7 tabs open just from typing this message!

Any advice is much appreciated.
 

Goku

FPCH Long Term Member
Joined
Jun 6, 2008
Messages
1,570
Location
India
#14
OK, this problem is very weird. Yahoo! Mail should not, under any circumstances, be opened automatically. The answers you give allow me to reach only the conclusion that your computer is still infected. Please perform the whole Malware removal procedure and in addition to that, download and install Avira AntiVir from here. Update AntiVir with the latest virus definitions and run a full scan. The scan may take some time to complete so allow it to do so. After the scan is complete, click on the Report button and post back its contents here.

Note: Avira might conflict with your current Antivirus software if you have one installed. In that case, please disable the Antivirus or uninstall it altogether to stop it from interrupting Avira's scan.

That should hopefully fix the problem if it is being caused by an infection.

-- Goku
 

aidacuk

FPCH Member
Joined
Apr 26, 2008
Messages
24
#15
OK I'll do that now, thanks.

Do you think it could be anything to do with the keyboard? As in the shortcut keys, to jump to email/internet etc? As when it is opening Yahoo Mail, it says on the bottom of my monitor 'Launching Email'. Which is what happens when I press the shortcut key for email.
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
#16
Let's have a look at what's running on your pc:

Please download the latest version of HijackThis from Trend Micro and click on Download Hijack This Installer and save it to your desktop.
  • Doubleclick HJTInstall.exe to install HijackThis.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log by copying and pasting in your next reply.
Notes:

Do not use the AnalyseThis button, its findings are dangerous if misinterpreted.
Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should.
 

aidacuk

FPCH Member
Joined
Apr 26, 2008
Messages
24
#17
OK, I am still waiting for the Avira AntiVir scan to finish, but here is the HijackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:06, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.94_signed.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 13899 bytes
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
#18
The log doesn't show any infections, nor does it provide any clues to the Yahoo problem...but

1) You haven't made your recovery disks.

2) You shouldn't be running two antivirus programs.

3) You have a lot of needless startup programs. Hopefully someone can address the startup items with you, as I won't be able to log back in until later tonight or sometime tomorrow.
 

aidacuk

FPCH Member
Joined
Apr 26, 2008
Messages
24
#20
Heres the report from Avira AntiVir, the 3 files that were found have been deleted and a copy sent to quarantine.

Report:


Avira AntiVir Personal
Report file date: 05 November 2008 22:24
Scanning for 1009266 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOUR-E6F02835AE
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 10:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 09:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 14:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:20:19
ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 22:20:21
ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 22:20:21
ANTIVIR3.VDF : 7.1.0.42 128512 Bytes 05/11/2008 22:20:23
Engineversion : 8.2.0.26
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 12:05:56
AESCRIPT.DLL : 8.1.1.13 332156 Bytes 05/11/2008 22:20:40
AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 12:05:56
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 22:20:38
AEPACK.DLL : 8.1.3.3 393591 Bytes 05/11/2008 22:20:35
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 05/11/2008 22:20:32
AEHEUR.DLL : 8.1.0.68 1479029 Bytes 05/11/2008 22:20:31
AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 12:05:56
AEGEN.DLL : 8.1.0.43 319862 Bytes 05/11/2008 22:20:26
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 12:05:56
AECORE.DLL : 8.1.2.9 172407 Bytes 05/11/2008 22:20:24
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 12:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 10:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 11:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 05/11/2008 22:20:23
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 13:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 10:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 14:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 19:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 14:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 14:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 15:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 15:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 05 November 2008 22:24
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'DATALA~1.EXE' - '1' Module(s) have been scanned
Scan process 'WG111v2.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'CCSVCHST.EXE' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'vVX3000.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'KHost.exe' - '1' Module(s) have been scanned
Scan process 'Res.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'ELService.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'KService.exe' - '1' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'CCSVCHST.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
65 processes with 65 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '81' files ).

Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Administrator\My Documents\Azureus Downloads\Bookworm Adventures Deluxe\Crack\BookWorm Adventures Deluxe From GameHouse By TFT-TEAM.exe
[DETECTION] Is the TR/Virtl.1723 Trojan
[NOTE] A backup was created as '49812191.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\Program Files\GameHouse\Bookworm Adventures Deluxe\BookWorm Adventures Deluxe From GameHouse By TFT-TEAM.exe
[DETECTION] Is the TR/Virtl.1723 Trojan
[NOTE] A backup was created as '49812663.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP645\A0095254.exe
[DETECTION] Is the TR/Virtl.1723 Trojan
[NOTE] A backup was created as '49422ed4.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: 06 November 2008 00:07
Used time: 1:42:47 Hour(s)
The scan has been done completely.
13325 Scanning directories
933800 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
933794 Files not concerned
18835 Archives were scanned
7 Warnings
3 Notes