Malware and Virus RemovalProblems removing malware/viruses? Get help from our Malware removal experts.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
I have been running Firefox for over a year and have been happy with it. In the last few days, when I click on anything on my home page, I get a message from Firefox that I have chosen to open a file called "st" which is an application/octet-stream from http://ad dot yieldmanager dot com and asks what I want Firefox to do with it. I have never knowingly wanted to open such a file, and I have never heard of that website, so I suspect that it is some form of malware that wants to run. I just click "Cancel" to get rid of the message, but it pops up next time. I have scanned with Spybot but it found nothing. Can anyone tell me how I can get rid of this very annoying message?
Alistair
Last edited by broni; 13th June 2009 at 19:20.
Didn't find the information you thought to find? Check out these Similar Threads
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/12/2006 5:34:18 p.m.
System Uptime: 13/06/2009 4:53:30 p.m. (2 hours ago)
C: is FIXED (NTFS) - 53 GiB total, 19.148 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
==== Disabled Device Manager Items =============
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6021
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6021
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
==== System Restore Points ===================
RP664: 9/03/2009 12:01:41 a.m. - System Checkpoint
RP665: 10/03/2009 1:49:31 a.m. - System Checkpoint
RP666: 11/03/2009 1:50:56 a.m. - System Checkpoint
RP667: 12/03/2009 5:31:23 a.m. - System Checkpoint
RP668: 12/03/2009 7:12:07 p.m. - Software Distribution Service 3.0
RP669: 13/03/2009 9:14:51 p.m. - System Checkpoint
RP670: 14/03/2009 9:26:24 p.m. - Software Distribution Service 3.0
RP671: 15/03/2009 9:58:48 p.m. - System Checkpoint
RP672: 16/03/2009 11:28:01 p.m. - System Checkpoint
RP673: 17/03/2009 11:48:53 p.m. - System Checkpoint
RP674: 18/03/2009 11:56:32 p.m. - System Checkpoint
RP675: 20/03/2009 8:31:02 p.m. - System Checkpoint
RP676: 21/03/2009 8:32:41 p.m. - System Checkpoint
RP677: 21/03/2009 9:21:01 p.m. - March 22
RP678: 23/03/2009 1:14:32 a.m. - System Checkpoint
RP679: 24/03/2009 1:30:55 a.m. - System Checkpoint
RP680: 25/03/2009 1:34:12 a.m. - System Checkpoint
RP681: 26/03/2009 3:39:16 a.m. - System Checkpoint
RP682: 27/03/2009 4:22:04 a.m. - System Checkpoint
RP683: 28/03/2009 4:44:55 a.m. - System Checkpoint
RP684: 29/03/2009 6:18:35 a.m. - System Checkpoint
RP685: 30/03/2009 6:31:57 a.m. - System Checkpoint
RP686: 31/03/2009 8:06:29 a.m. - System Checkpoint
RP687: 1/04/2009 9:22:03 a.m. - System Checkpoint
RP688: 2/04/2009 9:37:22 a.m. - System Checkpoint
RP689: 3/04/2009 9:58:19 a.m. - System Checkpoint
RP690: 4/04/2009 1:16:39 p.m. - System Checkpoint
RP691: 5/04/2009 10:21:12 p.m. - System Checkpoint
RP692: 7/04/2009 12:16:11 a.m. - System Checkpoint
RP693: 8/04/2009 1:45:11 a.m. - System Checkpoint
RP694: 9/04/2009 1:57:35 a.m. - System Checkpoint
RP695: 9/04/2009 10:55:30 p.m. - Software Distribution Service 3.0
RP696: 11/04/2009 2:11:03 a.m. - System Checkpoint
RP697: 12/04/2009 2:11:53 a.m. - System Checkpoint
RP698: 13/04/2009 8:20:30 a.m. - System Checkpoint
RP699: 14/04/2009 9:38:35 p.m. - System Checkpoint
RP700: 15/04/2009 11:01:07 a.m. - Installed Delete lower & upper filters for CD devices
RP701: 16/04/2009 1:55:08 a.m. - Installed DirectX
RP702: 16/04/2009 1:59:12 a.m. - Installed Nero 7 Essentials
RP703: 16/04/2009 10:16:57 p.m. - Removed Sonic RecordNow!
RP704: 16/04/2009 11:33:48 p.m. - Installed Windows XP WgaNotify.
RP705: 17/04/2009 10:08:36 p.m. - Software Distribution Service 3.0
RP706: 18/04/2009 10:19:32 p.m. - System Checkpoint
RP707: 20/04/2009 1:39:40 a.m. - System Checkpoint
RP708: 21/04/2009 2:52:55 a.m. - System Checkpoint
RP709: 22/04/2009 5:27:00 a.m. - System Checkpoint
RP710: 23/04/2009 5:48:46 a.m. - System Checkpoint
RP711: 24/04/2009 11:19:59 p.m. - System Checkpoint
RP712: 25/04/2009 11:17:04 p.m. - Installed Solution Disk
RP713: 25/04/2009 11:21:22 p.m. - Removed Camera Window MC
RP714: 25/04/2009 11:22:51 p.m. - Removed Camera Window DVC
RP715: 25/04/2009 11:24:28 p.m. - Removed Camera Window DVC
RP716: 25/04/2009 11:27:29 p.m. - Removed Camera Window DS
RP717: 25/04/2009 11:38:49 p.m. - Removed Canon PhotoRecord
RP718: 25/04/2009 11:39:26 p.m. - Removed Canon PhotoRecord
RP719: 25/04/2009 11:40:01 p.m. - Configured RAW Image Task 2.2
RP720: 25/04/2009 11:43:05 p.m. - Removed CD/DVD Drive Acoustic Silencer
RP721: 27/04/2009 6:49:18 a.m. - System Checkpoint
RP722: 29/04/2009 2:28:57 a.m. - System Checkpoint
RP723: 29/04/2009 8:58:02 p.m. - Software Distribution Service 3.0
RP724: 30/04/2009 10:57:07 p.m. - System Checkpoint
RP725: 1/05/2009 11:22:59 p.m. - System Checkpoint
RP726: 3/05/2009 4:42:12 a.m. - System Checkpoint
RP727: 4/05/2009 5:14:10 a.m. - System Checkpoint
RP728: 5/05/2009 6:23:31 a.m. - System Checkpoint
RP729: 6/05/2009 7:07:35 a.m. - System Checkpoint
RP730: 11/05/2009 11:37:47 p.m. - System Checkpoint
RP731: 13/05/2009 12:04:40 a.m. - System Checkpoint
RP732: 13/05/2009 9:30:39 p.m. - Software Distribution Service 3.0
RP733: 14/05/2009 9:46:03 p.m. - System Checkpoint
RP734: 16/05/2009 3:23:48 a.m. - System Checkpoint
RP735: 17/05/2009 5:46:11 a.m. - System Checkpoint
RP736: 18/05/2009 6:11:04 a.m. - System Checkpoint
RP737: 19/05/2009 12:40:34 a.m. - Installed Windows Media Player 11
RP738: 19/05/2009 12:46:33 a.m. - Installed Windows XP MSCompPackV1.
RP739: 20/05/2009 2:50:54 a.m. - System Checkpoint
RP740: 21/05/2009 5:14:22 a.m. - System Checkpoint
RP741: 22/05/2009 10:38:18 p.m. - System Checkpoint
RP742: 24/05/2009 1:57:09 a.m. - System Checkpoint
RP743: 25/05/2009 3:00:19 a.m. - System Checkpoint
RP744: 26/05/2009 9:49:39 p.m. - System Checkpoint
RP745: 27/05/2009 10:04:05 p.m. - System Checkpoint
RP746: 30/05/2009 2:14:47 a.m. - System Checkpoint
RP747: 3/06/2009 9:17:53 p.m. - Installed Vodafone Mobile Connect Lite.
RP748: 11/06/2009 9:47:19 p.m. - System Checkpoint
RP749: 12/06/2009 8:29:45 p.m. - 12 june
==== Installed Programs ======================
1-abc.net Folder-To-TXT (Remove only)
ACDSee 6.0 Standard
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ALPS Touch Pad Driver
Apple Software Update
ArcSoft PhotoImpression
ASUS Wireless Router WL-520GU Utilities
Bluetooth Stack for Windows by Toshiba
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CD/DVD Drive Acoustic Silencer
Clean Disk Security 7.78
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DVD-RAM Driver
ESET NOD32 Antivirus
Flickr Uploadr 2.5.0.15
Google Earth
HP Photo Printing Software
HP Precisionscan Pro 3.1
HP Share-to-Web
HPV Solo
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Karen's Directory Printer
Legacy 5.0
LiveUpdate 3.0 (Symantec Corporation)
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Moffsoft FreeCalc
Mozilla Firefox (3.0.11)
mPfMgr
mPfWiz
mProSafe
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
mZConfig
Nero 7 Essentials
New Zealand Burial Locator
New Zealand Marriages 1836-1956
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
PC Connectivity Solution
QuickTime
RealPlayer
Realtek AC'97 Audio
Registry First Aid
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SkypeMate
Skype™ 4.0
SMSC IrCC V5.1.3600.5 SP2
Sonic DLA
Spybot - Search & Destroy
Symantec KB-DocID:2003093015493306
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA Bay Service
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Dual Pointing Device Utility
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Mobile Extension3 for Windows XP V3.69.00.XP.C
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Zooming Utility
Try Corel Snapfire muvee autoProducer add on
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Vodafone Mobile Connect Lite
WebFldrs XP
Window Washer
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
Xtra Help Assistant
Xvid 1.1.3 final uninstall
Yahoo! Toolbar
Yahoo!Xtra Applications
==== Event Viewer Messages From Past Week ========
8/06/2009 9:39:18 p.m., error: RemoteAccess [20106] - Unable to add the interface {14543BD0-6902-446D-B5FB-E5463D82F7AF} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
8/06/2009 10:11:24 a.m., error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
7/06/2009 2:18:06 p.m., error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
7/06/2009 2:18:06 p.m., error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/06/2009 6:44:11 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.231 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
13/06/2009 6:38:04 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.42 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
13/06/2009 6:31:04 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.104 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
13/06/2009 6:24:57 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.43 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
13/06/2009 5:55:03 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.180 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
13/06/2009 5:07:11 p.m., error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CE30D09D. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
==== End Of File ===========================
DDS Log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Alistair at 18:46:08.28 on Sat 13/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.451 [GMT 1:00]
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe
***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.
PHYSICALLY DISCONNECT FROM THE INTERNET
Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked): - Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again. - Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program. Post SUPERAntiSpyware log.
RECONNECT TO THE INTERNET
RESTART COMPUTER!
STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop. (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
