Yahoo Mail Problem

aidacuk · April 26, 2008

I think this is an OS problem but im not 100% sure. Basically as i type, my pc opens up Yahoo Mail in a new browser window, it seems it is random keys that cause this, as I have pressed each key one at a time and it never results in the same key popping up Yahoo Mail.

Its getting very annoying as I have to stop typing half way through a word, close Yahoo Mail then go back and carry on. Last night I was posting a short topic elsewhere, and it popped up 17 times!

Anyone know what's going on? And what can I do to stop it? Ive tried uninstalling the Yahoo toolbar and anything to do with Yahoo. Any other suggestions please?

ONY · April 26, 2008

Hiya and welcome aidacuk. Please be patient and someone will be along to assist you.

maynardvdm · April 26, 2008

Hi

To elimate malware as the cause i recommend doing the following:

Your computer could be infected with Malware.

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.
It is a combination of the words malicious and software.
The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Required Cleanup Steps
1. Run a Temporary files cleaner
2. Disable the Spybot Search & Destroy TEA TIMER if enabled
3. Run 2 Anti-Malware scanners
4. Run an Online Anti-Virus / Anti-Malware Scanner
5. Clear out old System Restore points
6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file

The reason to run multiple scanners is to ensure that no single scanner is missing something.

The time it takes will vary depending on your system and your internet connection speed.

Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.

The ESET online scan should take between 1 to 3 hours.

In most cases, these scans will suffice to clean and disinfect your computer.

Heavily infected systems or slower PCs can take much longer to scan and clean.

For best results print the following instructions and bookmark this Web page

To keep this guide printer-friendly, use your cursor to highlight the contents below.

From your browser select File - Print and in the printer dialog box under "Print range"

click the

Selection

choice to print out these instructions for removal of malware.

http://kixhelp.com/wr/images-freepchelp/printer-selection.gif

__________________________________________________

STEP 1

Disable Spybot Search & Destroys' TEA TIMER: (if installed)
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

__________________________________________________

STEP 2

Follow these instructions carefully.
Download ATF-Cleaner from
Snapfiles.com
to remove un-needed temporary files from your computer that may contain malware.
You can also download it from
Majorgeeks.com
When you run ATF-Cleaner, check the items as shown below for Main.
For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
NOTE:
If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
Then click on "Empty Selected".

http://kixhelp.com/wr/images-freepchelp/atf-cleaner01.gif

.

http://kixhelp.com/wr/images-freepchelp/atf-cleaner02.gif

__________________________________________________

STEP 3

Install and run the free version (not the Professional version) of SUPERAntiSpyware from
SUPERAntiSpyware.com
- Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
- You do not have to send them your e-mail address, just click next.
- You can leave the automated check for updates on.
- You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
- DO NOT
  allow SUPERAntiSpyware to protect your Home Page settings.
- On the
  Top Left
  select the
  Scan your computer
  button.
- Make sure there is a CHECK MARK on all
  Fixed Drives
  .
- Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.

__________________________________________________

STEP 4

Install and run
Malwarebytes' Anti-Malware
from
Malwarebytes - (direct download)
- Accept all defaults for the installer
- Allow the program to update the definitions
- Click on the
  Quick Scan
  and click Next.
- If any items are found allow it to clean them and then Reboot your computer.

__________________________________________________

STEP 5

Run an online scan with ESET from
Free Virus Scan: Use ESET's Online Antivirus Scanner
You may have to disable your Firewall to operate this Online Scanner
- You
  must
  use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
- Accept the terms and click "Start".
- Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
- Click "Start" to begin the scan.
- When completed restart your computer

__________________________________________________

Make sure your internet firewall security is enabled, and then please return to

Extreme Tech Support - Free PC Help

and tell us how the computer seems to be operating.

At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted.

If required this is the download link for

TrendMicro™ HijackThis™

Unless instructed to by the Technician helping you then do not download this tool.

Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one.

Please follow the instructions here

How to turn off and turn on System Restore in Windows XP

How to turn off and turn on System Restore in Windows Vista

aidacuk · April 27, 2008

Wow! Thanks for that! I'll give it a try now and let you know.

aidacuk · April 27, 2008

OK thanks for the advice, I've followed the steps, and so far so good. No email popping up :D looks like its solved :)

Thanks.

April 27, 2008

Ok Aida good to hear, thanks for letting us know. :)

maynardvdm · April 27, 2008

Good to hear that. :)

Come back any time!

aidacuk · April 27, 2008

Thanks again guys, its definitely fixed, just been typing for an hour and no email :D its been doing my head in for a week!

aidacuk · November 4, 2008

Hi again!

Sorry to bring this up again, but the problem has returned! I have followed the steps as mentioned above, and before running each step I have updated each program/downloaded the latest one. However this time it hasn't changed anything, whereas last time it fixed it straight away.

So does anyone know why it wouldn't work this time? Or if there is anything else I can do?

Just typing this post Yahoo Mail has opened 11 times :(

Goku · November 4, 2008

OK Aidac, let us start by uninstalling Yahoo! Messenger or any other toolbar you might have. Remove everything related to Yahoo! and reboot the computer. Does the problem still persist?

-- Goku

aidacuk · November 4, 2008

Hi Goku,

Thanks for your reply. I've just uninstalled everything Yahoo related and rebooted, but it hasn't worked.

Goku · November 4, 2008

OK, I have a lot of questions, so please answer them patiently. They will help me eliminate various possibilities that might be causing the problem.

1. What browser are you using?

2. Does it happen only when you are connected?

3. What happens if you do not press any key at all?

4. When Yahoo! Mail opens, are you signed in?

5. Does the page look like a genuine Yahoo! link or does it look like a hoax?

6. What happens if you keep one instance of the Yahoo! window or tab open and continue with your work?

Answer them as soon as possible. :)

-- Goku

aidacuk · November 4, 2008

1. What browser are you using?

The latest IE version.

2. Does it happen only when you are connected?

No, it still opens but is unable to load the page.

3. What happens if you do not press any key at all?

Then it is fine.

4. When Yahoo! Mail opens, are you signed in?

No.

5. Does the page look like a genuine Yahoo! link or does it look like a hoax?

Yes it is genuine.

6. What happens if you keep one instance of the Yahoo! window or tab open and continue with your work?

It just keeps on opening more tabs. The problem is it doesn't open them in the background and allow me to carry on typing. Each time it opens I have to cross it off or click back to what I was typing. I currently have 7 tabs open just from typing this message!

Any advice is much appreciated.

Goku · November 5, 2008

OK, this problem is very weird. Yahoo! Mail should not, under any circumstances, be opened automatically. The answers you give allow me to reach only the conclusion that your computer is still infected. Please perform the whole Malware removal procedure and in addition to that, download and install Avira AntiVir from here. Update AntiVir with the latest virus definitions and run a full scan. The scan may take some time to complete so allow it to do so. After the scan is complete, click on the Report button and post back its contents here.

Note: Avira might conflict with your current Antivirus software if you have one installed. In that case, please disable the Antivirus or uninstall it altogether to stop it from interrupting Avira's scan.

That should hopefully fix the problem if it is being caused by an infection.

-- Goku

aidacuk · November 5, 2008

OK I'll do that now, thanks.

Do you think it could be anything to do with the keyboard? As in the shortcut keys, to jump to email/internet etc? As when it is opening Yahoo Mail, it says on the bottom of my monitor 'Launching Email'. Which is what happens when I press the shortcut key for email.

Seth · November 5, 2008

Let's have a look at what's running on your pc:

Please download the latest version of HijackThis from Trend Micro and click on Download Hijack This Installer and save it to your desktop.

Doubleclick HJTInstall.exe to install HijackThis.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log by copying and pasting in your next reply.

Notes:

Do not use the AnalyseThis button, its findings are dangerous if misinterpreted.

Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should.

aidacuk · November 5, 2008

OK, I am still waiting for the Avira AntiVir scan to finish, but here is the HijackThis report:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:27:06, on 05/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\HP\KBD\KBD.EXE

C:\Program Files\USB Disk Win98 Driver\Res.EXE

C:\Program Files\Kontiki\KHost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

c:\program files\avira\antivir personaledition classic\avcenter.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.94_signed.cab

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 13899 bytes

Seth · November 5, 2008

The log doesn't show any infections, nor does it provide any clues to the Yahoo problem...but

1) You haven't made your recovery disks.

2) You shouldn't be running two antivirus programs.

3) You have a lot of needless startup programs. Hopefully someone can address the startup items with you, as I won't be able to log back in until later tonight or sometime tomorrow.

aidacuk · November 6, 2008

OK thanks.

aidacuk · November 6, 2008

Heres the report from Avira AntiVir, the 3 files that were found have been deleted and a copy sent to quarantine.

Report:

Avira AntiVir Personal

Report file date: 05 November 2008 22:24

Scanning for 1009266 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: YOUR-E6F02835AE

Version information:

BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 10:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 09:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 14:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 09:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:20:19

ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 22:20:21

ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 22:20:21

ANTIVIR3.VDF : 7.1.0.42 128512 Bytes 05/11/2008 22:20:23

Engineversion : 8.2.0.26

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 12:05:56

AESCRIPT.DLL : 8.1.1.13 332156 Bytes 05/11/2008 22:20:40

AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 12:05:56

AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 22:20:38

AEPACK.DLL : 8.1.3.3 393591 Bytes 05/11/2008 22:20:35

AEOFFICE.DLL : 8.1.0.29 196988 Bytes 05/11/2008 22:20:32

AEHEUR.DLL : 8.1.0.68 1479029 Bytes 05/11/2008 22:20:31

AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 12:05:56

AEGEN.DLL : 8.1.0.43 319862 Bytes 05/11/2008 22:20:26

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 12:05:56

AECORE.DLL : 8.1.2.9 172407 Bytes 05/11/2008 22:20:24

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 12:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 10:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 11:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 05/11/2008 22:20:23

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 13:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 10:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 14:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 19:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 14:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 14:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 15:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 15:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: high

Start of the scan: 05 November 2008 22:24

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned

Scan process 'DATALA~1.EXE' - '1' Module(s) have been scanned

Scan process 'WG111v2.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'CCSVCHST.EXE' - '1' Module(s) have been scanned

Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned

Scan process 'ehmsas.exe' - '1' Module(s) have been scanned

Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'vVX3000.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'KHost.exe' - '1' Module(s) have been scanned

Scan process 'Res.exe' - '1' Module(s) have been scanned

Scan process 'kbd.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'qttask.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned

Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'ehtray.exe' - '1' Module(s) have been scanned

Scan process 'ELService.exe' - '1' Module(s) have been scanned

Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned

Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'KService.exe' - '1' Module(s) have been scanned

Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned

Scan process 'ehSched.exe' - '1' Module(s) have been scanned

Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned

Scan process 'DevSvc.exe' - '1' Module(s) have been scanned

Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned

Scan process 'CCSVCHST.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

65 processes with 65 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[WARNING] System error [21]: The device is not ready.

Master boot sector HD2

[iNFO] No virus was found!

[WARNING] System error [21]: The device is not ready.

Master boot sector HD3

[iNFO] No virus was found!

[WARNING] System error [21]: The device is not ready.

Master boot sector HD4

[iNFO] No virus was found!

[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '81' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\HP_Administrator\My Documents\Azureus Downloads\Bookworm Adventures Deluxe\Crack\BookWorm Adventures Deluxe From GameHouse By TFT-TEAM.exe

[DETECTION] Is the TR/Virtl.1723 Trojan

[NOTE] A backup was created as '49812191.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

[WARNING] The file could not be opened!

C:\Program Files\GameHouse\Bookworm Adventures Deluxe\BookWorm Adventures Deluxe From GameHouse By TFT-TEAM.exe

[DETECTION] Is the TR/Virtl.1723 Trojan

[NOTE] A backup was created as '49812663.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP645\A0095254.exe

[DETECTION] Is the TR/Virtl.1723 Trojan

[NOTE] A backup was created as '49422ed4.qua' ( QUARANTINE )

[NOTE] The file was deleted!

Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: 06 November 2008 00:07

Used time: 1:42:47 Hour(s)

The scan has been done completely.

13325 Scanning directories

933800 Files were scanned

3 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

3 files were deleted

0 files were repaired

3 files were moved to quarantine

0 files were renamed

3 Files cannot be scanned

933794 Files not concerned

18835 Archives were scanned

7 Warnings

3 Notes

Goku · November 6, 2008

OK Adiac, though you were not heavily infected, the fact remains that you had some infections that could prove disastrous for you. From the log, I gather that the infections were packed within the cracks you downloaded for the Gamehouse games. I implore you to discontinue with this or you will repeatedly end up infecting your computer.

Coming back to your problem, it could be caused due to a keyboard shortcut. That was exactly my first reaction when I read your problem but since you said that there was no definite key that opened up Yahoo! Mail, I ruled out that possibility. I think it is time to give it another thought.

Do you have any programs to create keyboard shortcuts such as AutoHotKey or something similar?

-- Goku

aidacuk · November 6, 2008

No I havent got any programs like that. But the keyboard comes built in with the extra shortcut keys above the F-Key row.

Goku · November 6, 2008

OK, please read the below articles and follow the instructions provided to see if they help or not.

How do I turn off Yahoo! Shortcuts?

Let us know if this helps or not. Good Luck. :)

-- Goku

November 6, 2008

Run the HJT software again as listed here and post the log back.

http://extremetechsupport.com/forum/31372-post16.html

aidacuk · November 6, 2008

Ive tried to turn off the shortcuts, but I cant find any option to turn them off.

Here the latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:58:00, on 06/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\Program Files\USB Disk Win98 Driver\Res.EXE

C:\Program Files\Kontiki\KHost.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\svchost.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe