Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: sunnyday on March 01, 2010, 07:38:54 AM
-
my USB thumbdrive-1 name was auto changed to "pendrive" . I suspect it was caused by some virus , not sure in thumbdrive-1 or in computer .
After copy some files from thumbdrive-1 to thumbdrive-2, same problem happen => now my thumbdrive-2 has been auto renamed as " pendrive" .
I tried the 3rd thumbdrive by copy files from thumbdrive-1 , now the 3rd thumbdrive has been auto renamed as "pendrive" .
Something must have gone wrong , please advice how to resolve this . thanks !
-
If you already have Malwarebytes be sure to update it before running the scan!
Download Malwarebytes' Anti-Malware (MBAM) (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:
* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes' Anti-Malware
* Then click Finish
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
-
I'd like to note: if we are talking about the hardware identification- rather then volume labels, I've seen this happen twice with very old thumb drives; rather then identify, for example, as a SanDisk Cruzer Mini, it identified as a "SanDisk Pen Drive". This usually happens as the drive itself is failing.
If however this is the actual volume label it's certainly malware.
-
I'm curious to see if any malware is found. I'm leaning towards no.... but then you never know.
-
I have run the MBAM on following :
a) scan the computer
b) scan the tumbdreive-3 ( which is a brand new 2G tumbdrive) nb. the original name of this drive was "Toshiba"
c) scan the tumbdrive-2 ( this is also a new 2G tumbdrive ) nb. the original name of this drive is "tumbdrive"
d) scan the tumbdrive-1 ( this is an old 128M tumbdrive) nb. the original name of this drive is "tumbdrive"
i) Here is the scan log result for (a) :
--------------------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3813
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
2/3/2010 11:04:37 PM
mbam-log-2010-03-02 (23-04-37).txt
Scan type: Quick Scan
Objects scanned: 111912
Time elapsed: 3 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------end of (a)---------------------------------
ii) here is the scan log result for (b) :
---------------------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3813
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
3/3/2010 12:00:14 AM
mbam-log-2010-03-03 (00-00-14).txt
Scan type: Full Scan (F:\|)
Objects scanned: 106772
Time elapsed: 1 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----------- end of (b)--------
iii) here is the scan reult of (c) :
-----------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3813
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
3/3/2010 12:04:32 AM
mbam-log-2010-03-03 (00-04-32).txt
Scan type: Full Scan (I:\|)
Objects scanned: 106759
Time elapsed: 1 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
------------end of (c) -------------
iv) here is the scan result of (d) :
-------------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3813
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
3/3/2010 12:08:24 AM
mbam-log-2010-03-03 (00-08-24).txt
Scan type: Full Scan (F:\|)
Objects scanned: 107013
Time elapsed: 1 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------end of (d)-----------------
It's seems no virus detected. But all a/m tumbdrives have been renamed as "pendrive " .
May i have your advice please.
-
Download DDS from |HERE| (http://www.techsupportforum.com/sectools/sUBs/dds) or |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
Hi, I follow instruction and here are results : (by the way, do I need to plug in the "problem tumbdrive " ?
1) result wihtout insert "thumbdrive" :
1a) DDS file
DDS (Ver_09-12-01.01) - NTFSx86
Run by Tay1 Family at 20:05:02.08 on Wed 03/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.65.1033.18.2036.1098 [GMT 8:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tay1 Family\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
mDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
StartupFolder: c:\users\tay1fa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\tay1fa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-12 214664]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-8-13 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-8-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-12 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-12 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-12 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-12 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-12 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-12 34248]
=============== Created Last 30 ================
2010-03-02 14:50:29 0 d-----w- c:\users\tay1fa~1\appdata\roaming\Malwarebytes
2010-03-02 14:50:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 14:50:24 0 d-----w- c:\programdata\Malwarebytes
2010-03-02 14:50:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 14:50:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 12:31:02 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 12:30:37 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 12:30:37 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 12:30:36 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 12:30:36 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 12:30:36 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 12:30:36 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 12:30:36 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 12:30:36 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 12:30:36 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 11:37:04 0 d-----w- c:\users\tay1 family\Tracing
2010-02-22 15:22:17 1191616 ------w- c:\windows\system32\wweb32.dll
2010-02-22 15:22:16 0 d-----w- c:\program files\WordWeb
2010-02-22 15:11:05 65 ----a-w- c:\windows\WININIT.INI
2010-02-21 14:18:29 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-02-20 11:12:52 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-20 11:12:52 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 11:12:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-19 08:01:35 0 d-----w- c:\program files\MP3_ripper_encoder
2010-02-19 08:01:35 0 d-----w- c:\program files\HansDocs
2010-02-19 08:01:35 0 d-----w- c:\program files\ADSL modem solution
2010-02-19 08:01:34 4796520 ----a-w- c:\program files\e-dictionary_wordweb2_1.zip
2010-02-19 07:26:12 3600472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-19 07:26:12 3548760 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-19 07:25:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-19 07:25:52 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-18 15:03:10 0 d-----r- c:\users\tay1fa~1\appdata\roaming\Brother
2010-02-18 08:57:05 0 d-----w- c:\programdata\FileCure
2010-02-18 01:44:29 0 d-----w- c:\users\tay1fa~1\appdata\roaming\Dell
2010-02-17 12:30:05 0 d-----w- c:\program files\Microsoft
2010-02-17 12:29:31 0 d-----w- c:\program files\Windows Live SkyDrive
2010-02-17 12:29:08 57667 ----a-w- c:\windows\system32\ieuinit.inf
2010-02-17 12:25:26 0 d-----w- c:\program files\common files\Windows Live
2010-02-16 10:56:56 27 ----a-w- c:\windows\BRPP2KA.INI
2010-02-16 10:56:55 425 ----a-w- c:\windows\BRWMARK.INI
2010-02-16 10:53:09 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-16 10:53:09 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-16 10:53:03 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-16 10:52:55 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-16 10:52:54 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-16 10:52:54 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-16 10:52:54 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-16 10:52:54 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-16 10:52:54 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-16 10:52:54 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-16 10:52:54 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-16 10:52:54 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-16 10:52:54 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-16 10:52:49 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-16 10:52:49 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
==================== Find3M ====================
2010-02-17 10:38:00 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-17 10:37:59 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-17 10:37:58 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-13 00:44:41 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-06 15:20:02 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-06 15:20:02 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-06 15:20:02 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-08-13 00:44:41 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 20:05:52.86 ===============
1b) Attach .txt file
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13/8/2009 12:55:28 AM
System Uptime: 3/3/2010 7:55:02 PM (1 hours ago)
Motherboard: Dell Inc. | | 0N826N
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2500/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 218 GiB total, 171.216 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 10.648 GiB free.
E: is CDROM ()
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
BroadBand on Mobile
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 13
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Works
MSVCRT
PowerDVD
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WordWeb
==== End Of File =========================
2) Result with "roblem" thumb drive inserted :
2a) DDS file
DDS (Ver_09-12-01.01) - NTFSx86
Run by Tay1 Family at 20:12:22.18 on Wed 03/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.65.1033.18.2036.1008 [GMT 8:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\WUDFHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tay1 Family\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
mDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
StartupFolder: c:\users\tay1fa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\tay1fa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-12 214664]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-8-13 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-8-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-12 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-12 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-12 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-12 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-12 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-12 34248]
=============== Created Last 30 ================
2010-03-02 14:50:29 0 d-----w- c:\users\tay1fa~1\appdata\roaming\Malwarebytes
2010-03-02 14:50:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 14:50:24 0 d-----w- c:\programdata\Malwarebytes
2010-03-02 14:50:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 14:50:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 12:31:02 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 12:30:37 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 12:30:37 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 12:30:36 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 12:30:36 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 12:30:36 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 12:30:36 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 12:30:36 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 12:30:36 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 12:30:36 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 11:37:04 0 d-----w- c:\users\tay1 family\Tracing
2010-02-22 15:22:17 1191616 ------w- c:\windows\system32\wweb32.dll
2010-02-22 15:22:16 0 d-----w- c:\program files\WordWeb
2010-02-22 15:11:05 65 ----a-w- c:\windows\WININIT.INI
2010-02-21 14:18:29 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-02-20 11:12:52 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-20 11:12:52 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 11:12:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-19 08:01:35 0 d-----w- c:\program files\MP3_ripper_encoder
2010-02-19 08:01:35 0 d-----w- c:\program files\HansDocs
2010-02-19 08:01:35 0 d-----w- c:\program files\ADSL modem solution
2010-02-19 08:01:34 4796520 ----a-w- c:\program files\e-dictionary_wordweb2_1.zip
2010-02-19 07:26:12 3600472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-19 07:26:12 3548760 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-19 07:25:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-19 07:25:52 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-18 15:03:10 0 d-----r- c:\users\tay1fa~1\appdata\roaming\Brother
2010-02-18 08:57:05 0 d-----w- c:\programdata\FileCure
2010-02-18 01:44:29 0 d-----w- c:\users\tay1fa~1\appdata\roaming\Dell
2010-02-17 12:30:05 0 d-----w- c:\program files\Microsoft
2010-02-17 12:29:31 0 d-----w- c:\program files\Windows Live SkyDrive
2010-02-17 12:29:08 57667 ----a-w- c:\windows\system32\ieuinit.inf
2010-02-17 12:25:26 0 d-----w- c:\program files\common files\Windows Live
2010-02-16 10:56:56 27 ----a-w- c:\windows\BRPP2KA.INI
2010-02-16 10:56:55 425 ----a-w- c:\windows\BRWMARK.INI
2010-02-16 10:53:09 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-16 10:53:09 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-16 10:53:03 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-16 10:52:55 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-16 10:52:54 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-16 10:52:54 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-16 10:52:54 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-16 10:52:54 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-16 10:52:54 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-16 10:52:54 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-16 10:52:54 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-16 10:52:54 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-16 10:52:54 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-16 10:52:49 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-16 10:52:49 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
==================== Find3M ====================
2010-02-17 10:38:00 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-17 10:37:59 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-17 10:37:58 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-13 00:44:41 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-06 15:20:02 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-06 15:20:02 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-06 15:20:02 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-08-13 00:44:41 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 20:12:46.03 ===============
2b) Attach.txt file :
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 13/8/2009 12:55:28 AM
System Uptime: 3/3/2010 7:55:02 PM (1 hours ago)
Motherboard: Dell Inc. | | 0N826N
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2500/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 218 GiB total, 171.215 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 10.648 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP20: 26/8/2009 1:34:12 AM - Windows Update
RP21: 3/9/2009 8:27:49 PM - Windows Update
RP22: 19/9/2009 11:16:52 PM - Windows Update
RP23: 12/10/2009 1:02:43 AM - Windows Update
RP24: 25/10/2009 11:38:06 PM - Windows Update
RP26: 25/10/2009 11:41:54 PM - Installed Microsoft Office Home and Student 2007
RP27: 15/11/2009 12:18:45 AM - Windows Update
RP28: 15/11/2009 1:07:10 AM - Windows Update
RP29: 22/11/2009 4:45:42 PM - Windows Update
RP30: 30/11/2009 12:17:26 AM - Windows Update
RP31: 9/12/2009 7:45:29 PM - Windows Update
RP32: 20/12/2009 11:49:45 PM - Windows Update
RP33: 25/1/2010 1:21:36 AM - Windows Update
RP34: 8/2/2010 12:59:51 AM - Windows Update
RP35: 16/2/2010 6:56:17 PM - Device Driver Package Install: Brother Printers
RP36: 17/2/2010 8:16:40 AM - Windows Update
RP37: 17/2/2010 6:37:39 PM - Device Driver Package Install: Brother Imaging devices
RP38: 17/2/2010 8:26:31 PM - Windows Update
RP39: 17/2/2010 8:28:34 PM - Windows Update
RP40: 18/2/2010 10:55:00 PM - Windows Update
RP41: 20/2/2010 7:07:51 PM - Windows Update
RP42: 21/2/2010 10:08:50 PM - Windows Update
RP43: 22/2/2010 6:52:43 PM - Windows Update
RP44: 25/2/2010 6:07:34 PM - Windows Update
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
BroadBand on Mobile
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 13
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Works
MSVCRT
PowerDVD
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WordWeb
==== Event Viewer Messages From Past Week ========
24/2/2010 8:28:09 PM, Error: netbt [4321] - The name "ACER-PC :0" could not be registered on the interface with IP address 192.168.1.70. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
24/2/2010 11:19:46 PM, Error: netbt [4321] - The name "SGP1651C :0" could not be registered on the interface with IP address 192.168.1.70. The computer with the IP address 192.168.1.107 did not allow the name to be claimed by this computer.
==== End Of File ===========================
THANK YOU for your help !
-
I don't think it's malware. But you should run this still on all of your flash drives.
Panda USB and AutoRun Vaccine
Insert your flash drive before we begin. Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically.
Download Panda USB and AutoRun Vaccine (http://majorgeeks.com/Panda_USB_and_AutoRun_Vaccine_d6029.html) and save it to your desktop.
* Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.
* Open that folder and double-click on USBVaccine.exe to start the program.
* Click Run
* Click the button to Vaccinate computer.
* Insert your USB flash drive.
* When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
* Exit Panda USB and AutoRun Vaccine when done.
Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog (http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx) advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
-
Problem solved !
THANK YOU :)
-
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
-
Great Info .
THANKS ! :)