Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: virus change the USB flash drive name  (Read 29803 times)

0 Members and 1 Guest are viewing this topic.

sunnyday

    Topic Starter


    Rookie

    virus change the USB flash drive name
    « on: March 01, 2010, 07:38:54 AM »
    my USB thumbdrive-1 name was auto changed to "pendrive" . I suspect it was caused by some virus , not sure in thumbdrive-1 or in computer .
     After copy some files from thumbdrive-1 to thumbdrive-2, same problem happen =>  now my thumbdrive-2  has been auto renamed as " pendrive"  .
    I tried the 3rd thumbdrive by copy files from thumbdrive-1 , now the 3rd thumbdrive has been auto renamed as "pendrive" .
    Something must have gone wrong , please advice how to resolve this . thanks !

    evilfantasy

    • Malware Removal Specialist


    • Genius
    • Calm like a bomb
    • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: virus change the USB flash drive name
    « Reply #1 on: March 01, 2010, 01:56:51 PM »
    If you already have Malwarebytes be sure to update it before running the scan!

    Download Malwarebytes' Anti-Malware (MBAM)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to the following:

    * Update Malwarebytes' Anti-Malware
    * Launch Malwarebytes' Anti-Malware

    * Then click Finish
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy and Paste the entire report in your next reply.

    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    BC_Programmer


      Mastermind
    • Typing is no substitute for thinking.
    • Thanked: 1140
      • Yes
      • Yes
      • BC-Programming.com
    • Certifications: List
    • Computer: Specs
    • Experience: Beginner
    • OS: Windows 11
    Re: virus change the USB flash drive name
    « Reply #2 on: March 01, 2010, 01:59:08 PM »
    I'd like to note: if we are talking about the hardware identification- rather then volume labels, I've seen this happen twice with very old thumb drives; rather then identify, for example, as a SanDisk Cruzer Mini, it identified as a "SanDisk Pen Drive". This usually happens as the drive itself is failing.

    If however this is the actual volume label it's certainly malware.
    I was trying to dereference Null Pointers before it was cool.

    evilfantasy

    • Malware Removal Specialist


    • Genius
    • Calm like a bomb
    • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: virus change the USB flash drive name
    « Reply #3 on: March 01, 2010, 02:02:34 PM »
    I'm curious to see if any malware is found. I'm leaning towards no.... but then you never know.

    sunnyday

      Topic Starter


      Rookie

      Re: virus change the USB flash drive name
      « Reply #4 on: March 02, 2010, 09:25:27 AM »
      I have run the MBAM on following :
      a) scan the computer
      b) scan the tumbdreive-3 ( which is a brand new 2G tumbdrive) nb. the original name of this drive was "Toshiba" 
      c) scan the tumbdrive-2 ( this is also a new 2G tumbdrive ) nb. the original name of this drive is "tumbdrive"
      d) scan the tumbdrive-1 ( this is an old 128M tumbdrive) nb. the original name of this drive is "tumbdrive"

      i) Here is the scan log result for (a) :
      --------------------------------------------
      Malwarebytes' Anti-Malware 1.44
      Database version: 3813
      Windows 6.0.6001 Service Pack 1
      Internet Explorer 8.0.6001.18882

      2/3/2010 11:04:37 PM
      mbam-log-2010-03-02 (23-04-37).txt

      Scan type: Quick Scan
      Objects scanned: 111912
      Time elapsed: 3 minute(s), 59 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)
      -----------end of (a)---------------------------------

      ii) here is the scan log result for (b) :
      ---------------------------------------------
      Malwarebytes' Anti-Malware 1.44
      Database version: 3813
      Windows 6.0.6001 Service Pack 1
      Internet Explorer 8.0.6001.18882

      3/3/2010 12:00:14 AM
      mbam-log-2010-03-03 (00-00-14).txt

      Scan type: Full Scan (F:\|)
      Objects scanned: 106772
      Time elapsed: 1 minute(s), 44 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)
      ----------- end of (b)--------

      iii) here is the scan reult of (c) :
      -----------------------------------
      Malwarebytes' Anti-Malware 1.44
      Database version: 3813
      Windows 6.0.6001 Service Pack 1
      Internet Explorer 8.0.6001.18882

      3/3/2010 12:04:32 AM
      mbam-log-2010-03-03 (00-04-32).txt

      Scan type: Full Scan (I:\|)
      Objects scanned: 106759
      Time elapsed: 1 minute(s), 22 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)
      ------------end of (c) -------------

      iv) here is the scan result of (d) :
      -------------------------------------
      Malwarebytes' Anti-Malware 1.44
      Database version: 3813
      Windows 6.0.6001 Service Pack 1
      Internet Explorer 8.0.6001.18882

      3/3/2010 12:08:24 AM
      mbam-log-2010-03-03 (00-08-24).txt

      Scan type: Full Scan (F:\|)
      Objects scanned: 107013
      Time elapsed: 1 minute(s), 55 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)
      --------end of (d)-----------------

      It's seems no virus detected. But all a/m tumbdrives have been renamed as "pendrive " .
      May i have your advice please.

      evilfantasy

      • Malware Removal Specialist


      • Genius
      • Calm like a bomb
      • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: virus change the USB flash drive name
      « Reply #5 on: March 02, 2010, 09:35:36 AM »
      Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

      Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

      * XP users Double click on dds to run it.
      * If your antivirus or firewall try to block DDS then please allow it to run.
      * When finished DDS will open two (2) logs.

      1) DDS.txt
      2) Attach.txt

      * Save both logs to your desktop.
      * Please copy and paste the entire contents of both logs in your next reply.

      Note: DDS will instruct you to post the Attach.txt log as an attachment.
      Please just post it as you would any other log by copy and pasting it into the reply.

      sunnyday

        Topic Starter


        Rookie

        Re: virus change the USB flash drive name
        « Reply #6 on: March 03, 2010, 05:24:39 AM »
        Hi, I follow instruction and here are results : (by the way, do I need to  plug in the "problem tumbdrive " ?

        1) result wihtout insert "thumbdrive" :

            1a) DDS file

        DDS (Ver_09-12-01.01) - NTFSx86 
        Run by Tay1 Family at 20:05:02.08 on Wed 03/03/2010
        Internet Explorer: 8.0.6001.18882
        Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.65.1033.18.2036.1098 [GMT 8:00]

        SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

        ============== Running Processes ===============

        C:\Windows\system32\wininit.exe
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\svchost.exe -k rpcss
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k GPSvcGroup
        C:\Windows\system32\SLsvc.exe
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Program Files\Dell\DellDock\DockLogin.exe
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Windows\System32\spoolsv.exe
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
        c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
        C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Windows\System32\svchost.exe -k WerSvcGroup
        C:\Windows\system32\SearchIndexer.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        C:\Windows\system32\WUDFHost.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        c:\PROGRA~1\mcafee.com\agent\mcagent.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\Dell\DellDock\DellDock.exe
        C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
        C:\Windows\System32\igfxtray.exe
        C:\Windows\System32\igfxpers.exe
        C:\Windows\system32\igfxsrvc.exe
        C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
        C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
        C:\Program Files\WordWeb\wweb32.exe
        C:\Program Files\Windows Sidebar\sidebar.exe
        C:\Program Files\Dell Remote Access\ezi_ra.exe
        C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
        C:\Windows\system32\taskeng.exe
        C:\Program Files\internet explorer\iexplore.exe
        C:\Program Files\internet explorer\iexplore.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
        C:\Program Files\Dell Support Center\bin\sprtsvc.exe
        C:\Windows\servicing\TrustedInstaller.exe
        C:\Windows\system32\wuauclt.exe
        C:\Windows\system32\DllHost.exe
        C:\Windows\system32\DllHost.exe
        C:\Users\Tay1 Family\Desktop\dds.scr
        C:\Windows\system32\wbem\wmiprvse.exe

        ============== Pseudo HJT Report ===============

        uStart Page = hxxp://www.google.com/
        uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
        mDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
        BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
        BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
        BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
        BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
        BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
        uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
        mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
        mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
        mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
        mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
        mRun: [Persistence] c:\windows\system32\igfxpers.exe
        mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
        mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
        mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
        mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
        mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
        mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
        mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
        StartupFolder: c:\users\tay1fa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
        StartupFolder: c:\users\tay1fa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
        StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
        mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
        IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
        Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
        Notify: igfxcui - igfxdev.dll

        ============= SERVICES / DRIVERS ===============

        R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-12 214664]
        R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-8-13 81920]
        R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
        R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-8-12 359952]
        R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-12 144704]
        R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-12 606736]
        R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-12 79816]
        R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-12 35272]
        R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-12 40552]
        S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-12 34248]

        =============== Created Last 30 ================

        2010-03-02 14:50:29   0   d-----w-   c:\users\tay1fa~1\appdata\roaming\Malwarebytes
        2010-03-02 14:50:25   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
        2010-03-02 14:50:24   0   d-----w-   c:\programdata\Malwarebytes
        2010-03-02 14:50:23   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2010-03-02 14:50:23   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2010-02-24 12:31:02   2048   ----a-w-   c:\windows\system32\tzres.dll
        2010-02-24 12:30:37   523776   ----a-w-   c:\windows\system32\RMActivate_isv.exe
        2010-02-24 12:30:37   511488   ----a-w-   c:\windows\system32\RMActivate.exe
        2010-02-24 12:30:36   472576   ----a-w-   c:\windows\system32\secproc_isv.dll
        2010-02-24 12:30:36   472064   ----a-w-   c:\windows\system32\secproc.dll
        2010-02-24 12:30:36   347136   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
        2010-02-24 12:30:36   346624   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
        2010-02-24 12:30:36   329216   ----a-w-   c:\windows\system32\msdrm.dll
        2010-02-24 12:30:36   151040   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
        2010-02-24 12:30:36   151040   ----a-w-   c:\windows\system32\secproc_ssp.dll
        2010-02-23 11:37:04   0   d-----w-   c:\users\tay1 family\Tracing
        2010-02-22 15:22:17   1191616   ------w-   c:\windows\system32\wweb32.dll
        2010-02-22 15:22:16   0   d-----w-   c:\program files\WordWeb
        2010-02-22 15:11:05   65   ----a-w-   c:\windows\WININIT.INI
        2010-02-21 14:18:29   378368   ----a-w-   c:\windows\system32\winhttp.dll
        2010-02-20 11:12:52   411136   ----a-w-   c:\windows\system32\drivers\http.sys
        2010-02-20 11:12:52   31232   ----a-w-   c:\windows\system32\httpapi.dll
        2010-02-20 11:12:52   24064   ----a-w-   c:\windows\system32\nshhttp.dll
        2010-02-19 08:01:35   0   d-----w-   c:\program files\MP3_ripper_encoder
        2010-02-19 08:01:35   0   d-----w-   c:\program files\HansDocs
        2010-02-19 08:01:35   0   d-----w-   c:\program files\ADSL modem solution
        2010-02-19 08:01:34   4796520   ----a-w-   c:\program files\e-dictionary_wordweb2_1.zip
        2010-02-19 07:26:12   3600472   ----a-w-   c:\windows\system32\ntkrnlpa.exe
        2010-02-19 07:26:12   3548760   ----a-w-   c:\windows\system32\ntoskrnl.exe
        2010-02-19 07:25:52   499712   ----a-w-   c:\windows\system32\kerberos.dll
        2010-02-19 07:25:52   270848   ----a-w-   c:\windows\system32\schannel.dll
        2010-02-18 15:03:10   0   d-----r-   c:\users\tay1fa~1\appdata\roaming\Brother
        2010-02-18 08:57:05   0   d-----w-   c:\programdata\FileCure
        2010-02-18 01:44:29   0   d-----w-   c:\users\tay1fa~1\appdata\roaming\Dell
        2010-02-17 12:30:05   0   d-----w-   c:\program files\Microsoft
        2010-02-17 12:29:31   0   d-----w-   c:\program files\Windows Live SkyDrive
        2010-02-17 12:29:08   57667   ----a-w-   c:\windows\system32\ieuinit.inf
        2010-02-17 12:25:26   0   d-----w-   c:\program files\common files\Windows Live
        2010-02-16 10:56:56   27   ----a-w-   c:\windows\BRPP2KA.INI
        2010-02-16 10:56:55   425   ----a-w-   c:\windows\BRWMARK.INI
        2010-02-16 10:53:09   98304   ----a-w-   c:\windows\system32\drivers\srvnet.sys
        2010-02-16 10:53:09   301568   ----a-w-   c:\windows\system32\drivers\srv.sys
        2010-02-16 10:53:03   897624   ----a-w-   c:\windows\system32\drivers\tcpip.sys
        2010-02-16 10:52:55   1314816   ----a-w-   c:\windows\system32\quartz.dll
        2010-02-16 10:52:54   91136   ----a-w-   c:\windows\system32\avifil32.dll
        2010-02-16 10:52:54   82944   ----a-w-   c:\windows\system32\mciavi32.dll
        2010-02-16 10:52:54   65024   ----a-w-   c:\windows\system32\avicap32.dll
        2010-02-16 10:52:54   50176   ----a-w-   c:\windows\system32\iyuv_32.dll
        2010-02-16 10:52:54   31744   ----a-w-   c:\windows\system32\msvidc32.dll
        2010-02-16 10:52:54   22528   ----a-w-   c:\windows\system32\msyuv.dll
        2010-02-16 10:52:54   13312   ----a-w-   c:\windows\system32\msrle32.dll
        2010-02-16 10:52:54   123904   ----a-w-   c:\windows\system32\msvfw32.dll
        2010-02-16 10:52:54   11776   ----a-w-   c:\windows\system32\tsbyuv.dll
        2010-02-16 10:52:49   212992   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
        2010-02-16 10:52:49   105472   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys

        ==================== Find3M  ====================

        2010-02-17 10:38:00   51200   ----a-w-   c:\windows\inf\infpub.dat
        2010-02-17 10:37:59   143360   ----a-w-   c:\windows\inf\infstrng.dat
        2010-02-17 10:37:58   86016   ----a-w-   c:\windows\inf\infstor.dat
        2010-01-02 06:38:20   916480   ----a-w-   c:\windows\system32\wininet.dll
        2010-01-02 06:32:33   71680   ----a-w-   c:\windows\system32\iesetup.dll
        2010-01-02 06:32:33   109056   ----a-w-   c:\windows\system32\iesysprep.dll
        2010-01-02 04:57:00   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
        2009-08-13 00:44:41   665600   ----a-w-   c:\windows\inf\drvindex.dat
        2008-01-21 02:57:01   174   --sha-w-   c:\program files\desktop.ini
        2006-11-02 12:39:34   30674   ----a-w-   c:\windows\inf\perflib\0409\perfd.dat
        2006-11-02 12:39:34   30674   ----a-w-   c:\windows\inf\perflib\0409\perfc.dat
        2006-11-02 12:39:34   287440   ----a-w-   c:\windows\inf\perflib\0409\perfi.dat
        2006-11-02 12:39:34   287440   ----a-w-   c:\windows\inf\perflib\0409\perfh.dat
        2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfi.dat
        2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfh.dat
        2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfd.dat
        2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfc.dat
        2009-09-06 15:20:02   16384   --sha-w-   c:\windows\temp\cookies\index.dat
        2009-09-06 15:20:02   16384   --sha-w-   c:\windows\temp\history\history.ie5\index.dat
        2009-09-06 15:20:02   32768   --sha-w-   c:\windows\temp\temporary internet files\content.ie5\index.dat
        2009-08-13 00:44:41   8192   --sha-w-   c:\windows\users\default\NTUSER.DAT

        ============= FINISH: 20:05:52.86 ===============


        1b) Attach .txt file
        UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
        IF REQUESTED, ZIP IT UP & ATTACH IT

        DDS (Ver_09-12-01.01)

        Microsoft® Windows Vista™ Home Basic
        Boot Device: \Device\HarddiskVolume3
        Install Date: 13/8/2009 12:55:28 AM
        System Uptime: 3/3/2010 7:55:02 PM (1 hours ago)

        Motherboard: Dell Inc. |  | 0N826N
        Processor: Pentium(R) Dual-Core  CPU      E5200  @ 2.50GHz | Socket 775 | 2500/200mhz

        ==== Disk Partitions =========================

        C: is FIXED (NTFS) - 218 GiB total, 171.216 GiB free.
        D: is FIXED (NTFS) - 15 GiB total, 10.648 GiB free.
        E: is CDROM ()
        G: is Removable

        ==== Disabled Device Manager Items =============

        ==== System Restore Points ===================


        ==== Installed Programs ======================

        Acrobat.com
        Adobe AIR
        Adobe Flash Player 10 ActiveX
        Adobe Reader 9.3
        BroadBand on Mobile
        Compatibility Pack for the 2007 Office system
        Dell DataSafe Online
        Dell Dock
        Dell Edoc Viewer
        Dell Getting Started Guide
        Dell Remote Access
        Dell Support Center (Support Software)
        GoToAssist 8.0.0.514
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
        Java(TM) 6 Update 13
        Malwarebytes' Anti-Malware
        McAfee SecurityCenter
        Microsoft .NET Framework 3.5 SP1
        Microsoft Application Error Reporting
        Microsoft Choice Guard
        Microsoft Office 2007 Service Pack 2 (SP2)
        Microsoft Office Excel MUI (English) 2007
        Microsoft Office Home and Student 2007
        Microsoft Office OneNote MUI (English) 2007
        Microsoft Office PowerPoint MUI (English) 2007
        Microsoft Office PowerPoint Viewer 2007 (English)
        Microsoft Office Proof (English) 2007
        Microsoft Office Proof (French) 2007
        Microsoft Office Proof (Spanish) 2007
        Microsoft Office Proofing (English) 2007
        Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
        Microsoft Office Shared MUI (English) 2007
        Microsoft Office Shared Setup Metadata MUI (English) 2007
        Microsoft Office Word MUI (English) 2007
        Microsoft Works
        MSVCRT
        PowerDVD
        Realtek High Definition Audio Driver
        Security Update for 2007 Microsoft Office System (KB969559)
        Security Update for 2007 Microsoft Office System (KB973704)
        Security Update for Microsoft Office Excel 2007 (KB973593)
        Security Update for Microsoft Office PowerPoint 2007 (KB957789)
        Security Update for Microsoft Office system 2007 (972581)
        Security Update for Microsoft Office system 2007 (KB969613)
        Security Update for Microsoft Office system 2007 (KB974234)
        Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
        Update for 2007 Microsoft Office System (KB967642)
        Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
        Update for Microsoft Office 2007 Help for Common Features (KB963673)
        Update for Microsoft Office Excel 2007 Help (KB963678)
        Update for Microsoft Office InfoPath 2007 (KB976416)
        Update for Microsoft Office OneNote 2007 Help (KB963670)
        Update for Microsoft Office Powerpoint 2007 Help (KB963669)
        Update for Microsoft Office Script Editor Help (KB963671)
        Update for Microsoft Office Word 2007 (KB974561)
        Update for Microsoft Office Word 2007 Help (KB963665)
        Windows Live Call
        Windows Live Communications Platform
        Windows Live Essentials
        Windows Live Messenger
        Windows Live Sign-in Assistant
        Windows Live Upload Tool
        WordWeb

        ==== End Of File =========================


        2) Result with "roblem" thumb drive inserted :
         2a) DDS file
        DDS (Ver_09-12-01.01) - NTFSx86 
        Run by Tay1 Family at 20:12:22.18 on Wed 03/03/2010
        Internet Explorer: 8.0.6001.18882
        Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.65.1033.18.2036.1008 [GMT 8:00]

        SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

        ============== Running Processes ===============

        C:\Windows\system32\wininit.exe
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\svchost.exe -k rpcss
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k GPSvcGroup
        C:\Windows\system32\SLsvc.exe
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Program Files\Dell\DellDock\DockLogin.exe
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Windows\System32\spoolsv.exe
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
        c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
        C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Windows\System32\svchost.exe -k WerSvcGroup
        C:\Windows\system32\SearchIndexer.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        C:\Windows\system32\WUDFHost.exe
        c:\PROGRA~1\mcafee.com\agent\mcagent.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\Dell\DellDock\DellDock.exe
        C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
        C:\Windows\System32\igfxtray.exe
        C:\Windows\System32\igfxpers.exe
        C:\Windows\system32\igfxsrvc.exe
        C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
        C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
        C:\Program Files\WordWeb\wweb32.exe
        C:\Program Files\Windows Sidebar\sidebar.exe
        C:\Program Files\Dell Remote Access\ezi_ra.exe
        C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
        C:\Windows\system32\taskeng.exe
        C:\Program Files\internet explorer\iexplore.exe
        C:\Program Files\internet explorer\iexplore.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
        C:\Program Files\Dell Support Center\bin\sprtsvc.exe
        C:\Windows\system32\wuauclt.exe
        C:\Windows\system32\notepad.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Windows\system32\NOTEPAD.EXE
        C:\Windows\System32\mobsync.exe
        C:\Windows\system32\DllHost.exe
        C:\Windows\system32\DllHost.exe
        C:\Users\Tay1 Family\Desktop\dds.scr
        C:\Windows\system32\wbem\wmiprvse.exe

        ============== Pseudo HJT Report ===============

        uStart Page = hxxp://www.google.com/
        uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
        mDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
        BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
        BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
        BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
        BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
        BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
        uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
        mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
        mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
        mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
        mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
        mRun: [Persistence] c:\windows\system32\igfxpers.exe
        mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
        mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
        mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
        mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
        mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
        mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
        mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
        StartupFolder: c:\users\tay1fa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
        StartupFolder: c:\users\tay1fa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
        StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
        mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
        IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
        Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
        Notify: igfxcui - igfxdev.dll

        ============= SERVICES / DRIVERS ===============

        R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-12 214664]
        R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-8-13 81920]
        R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
        R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-8-12 359952]
        R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-12 144704]
        R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-12 606736]
        R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-12 79816]
        R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-12 35272]
        R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-12 40552]
        S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-12 34248]

        =============== Created Last 30 ================

        2010-03-02 14:50:29   0   d-----w-   c:\users\tay1fa~1\appdata\roaming\Malwarebytes
        2010-03-02 14:50:25   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
        2010-03-02 14:50:24   0   d-----w-   c:\programdata\Malwarebytes
        2010-03-02 14:50:23   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2010-03-02 14:50:23   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2010-02-24 12:31:02   2048   ----a-w-   c:\windows\system32\tzres.dll
        2010-02-24 12:30:37   523776   ----a-w-   c:\windows\system32\RMActivate_isv.exe
        2010-02-24 12:30:37   511488   ----a-w-   c:\windows\system32\RMActivate.exe
        2010-02-24 12:30:36   472576   ----a-w-   c:\windows\system32\secproc_isv.dll
        2010-02-24 12:30:36   472064   ----a-w-   c:\windows\system32\secproc.dll
        2010-02-24 12:30:36   347136   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
        2010-02-24 12:30:36   346624   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
        2010-02-24 12:30:36   329216   ----a-w-   c:\windows\system32\msdrm.dll
        2010-02-24 12:30:36   151040   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
        2010-02-24 12:30:36   151040   ----a-w-   c:\windows\system32\secproc_ssp.dll
        2010-02-23 11:37:04   0   d-----w-   c:\users\tay1 family\Tracing
        2010-02-22 15:22:17   1191616   ------w-   c:\windows\system32\wweb32.dll
        2010-02-22 15:22:16   0   d-----w-   c:\program files\WordWeb
        2010-02-22 15:11:05   65   ----a-w-   c:\windows\WININIT.INI
        2010-02-21 14:18:29   378368   ----a-w-   c:\windows\system32\winhttp.dll
        2010-02-20 11:12:52   411136   ----a-w-   c:\windows\system32\drivers\http.sys
        2010-02-20 11:12:52   31232   ----a-w-   c:\windows\system32\httpapi.dll
        2010-02-20 11:12:52   24064   ----a-w-   c:\windows\system32\nshhttp.dll
        2010-02-19 08:01:35   0   d-----w-   c:\program files\MP3_ripper_encoder
        2010-02-19 08:01:35   0   d-----w-   c:\program files\HansDocs
        2010-02-19 08:01:35   0   d-----w-   c:\program files\ADSL modem solution
        2010-02-19 08:01:34   4796520   ----a-w-   c:\program files\e-dictionary_wordweb2_1.zip
        2010-02-19 07:26:12   3600472   ----a-w-   c:\windows\system32\ntkrnlpa.exe
        2010-02-19 07:26:12   3548760   ----a-w-   c:\windows\system32\ntoskrnl.exe
        2010-02-19 07:25:52   499712   ----a-w-   c:\windows\system32\kerberos.dll
        2010-02-19 07:25:52   270848   ----a-w-   c:\windows\system32\schannel.dll
        2010-02-18 15:03:10   0   d-----r-   c:\users\tay1fa~1\appdata\roaming\Brother
        2010-02-18 08:57:05   0   d-----w-   c:\programdata\FileCure
        2010-02-18 01:44:29   0   d-----w-   c:\users\tay1fa~1\appdata\roaming\Dell
        2010-02-17 12:30:05   0   d-----w-   c:\program files\Microsoft
        2010-02-17 12:29:31   0   d-----w-   c:\program files\Windows Live SkyDrive
        2010-02-17 12:29:08   57667   ----a-w-   c:\windows\system32\ieuinit.inf
        2010-02-17 12:25:26   0   d-----w-   c:\program files\common files\Windows Live
        2010-02-16 10:56:56   27   ----a-w-   c:\windows\BRPP2KA.INI
        2010-02-16 10:56:55   425   ----a-w-   c:\windows\BRWMARK.INI
        2010-02-16 10:53:09   98304   ----a-w-   c:\windows\system32\drivers\srvnet.sys
        2010-02-16 10:53:09   301568   ----a-w-   c:\windows\system32\drivers\srv.sys
        2010-02-16 10:53:03   897624   ----a-w-   c:\windows\system32\drivers\tcpip.sys
        2010-02-16 10:52:55   1314816   ----a-w-   c:\windows\system32\quartz.dll
        2010-02-16 10:52:54   91136   ----a-w-   c:\windows\system32\avifil32.dll
        2010-02-16 10:52:54   82944   ----a-w-   c:\windows\system32\mciavi32.dll
        2010-02-16 10:52:54   65024   ----a-w-   c:\windows\system32\avicap32.dll
        2010-02-16 10:52:54   50176   ----a-w-   c:\windows\system32\iyuv_32.dll
        2010-02-16 10:52:54   31744   ----a-w-   c:\windows\system32\msvidc32.dll
        2010-02-16 10:52:54   22528   ----a-w-   c:\windows\system32\msyuv.dll
        2010-02-16 10:52:54   13312   ----a-w-   c:\windows\system32\msrle32.dll
        2010-02-16 10:52:54   123904   ----a-w-   c:\windows\system32\msvfw32.dll
        2010-02-16 10:52:54   11776   ----a-w-   c:\windows\system32\tsbyuv.dll
        2010-02-16 10:52:49   212992   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
        2010-02-16 10:52:49   105472   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys

        ==================== Find3M  ====================

        2010-02-17 10:38:00   51200   ----a-w-   c:\windows\inf\infpub.dat
        2010-02-17 10:37:59   143360   ----a-w-   c:\windows\inf\infstrng.dat
        2010-02-17 10:37:58   86016   ----a-w-   c:\windows\inf\infstor.dat
        2010-01-02 06:38:20   916480   ----a-w-   c:\windows\system32\wininet.dll
        2010-01-02 06:32:33   71680   ----a-w-   c:\windows\system32\iesetup.dll
        2010-01-02 06:32:33   109056   ----a-w-   c:\windows\system32\iesysprep.dll
        2010-01-02 04:57:00   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
        2009-08-13 00:44:41   665600   ----a-w-   c:\windows\inf\drvindex.dat
        2008-01-21 02:57:01   174   --sha-w-   c:\program files\desktop.ini
        2006-11-02 12:39:34   30674   ----a-w-   c:\windows\inf\perflib\0409\perfd.dat
        2006-11-02 12:39:34   30674   ----a-w-   c:\windows\inf\perflib\0409\perfc.dat
        2006-11-02 12:39:34   287440   ----a-w-   c:\windows\inf\perflib\0409\perfi.dat
        2006-11-02 12:39:34   287440   ----a-w-   c:\windows\inf\perflib\0409\perfh.dat
        2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfi.dat
        2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfh.dat
        2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfd.dat
        2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfc.dat
        2009-09-06 15:20:02   16384   --sha-w-   c:\windows\temp\cookies\index.dat
        2009-09-06 15:20:02   16384   --sha-w-   c:\windows\temp\history\history.ie5\index.dat
        2009-09-06 15:20:02   32768   --sha-w-   c:\windows\temp\temporary internet files\content.ie5\index.dat
        2009-08-13 00:44:41   8192   --sha-w-   c:\windows\users\default\NTUSER.DAT

        ============= FINISH: 20:12:46.03 ===============


        2b) Attach.txt file :
        UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
        IF REQUESTED, ZIP IT UP & ATTACH IT

        DDS (Ver_09-12-01.01)

        Microsoft® Windows Vista™ Home Basic
        Boot Device: \Device\HarddiskVolume3
        Install Date: 13/8/2009 12:55:28 AM
        System Uptime: 3/3/2010 7:55:02 PM (1 hours ago)

        Motherboard: Dell Inc. |  | 0N826N
        Processor: Pentium(R) Dual-Core  CPU      E5200  @ 2.50GHz | Socket 775 | 2500/200mhz

        ==== Disk Partitions =========================

        C: is FIXED (NTFS) - 218 GiB total, 171.215 GiB free.
        D: is FIXED (NTFS) - 15 GiB total, 10.648 GiB free.
        E: is CDROM ()
        F: is Removable
        G: is Removable

        ==== Disabled Device Manager Items =============

        ==== System Restore Points ===================

        RP20: 26/8/2009 1:34:12 AM - Windows Update
        RP21: 3/9/2009 8:27:49 PM - Windows Update
        RP22: 19/9/2009 11:16:52 PM - Windows Update
        RP23: 12/10/2009 1:02:43 AM - Windows Update
        RP24: 25/10/2009 11:38:06 PM - Windows Update
        RP26: 25/10/2009 11:41:54 PM - Installed Microsoft Office Home and Student 2007
        RP27: 15/11/2009 12:18:45 AM - Windows Update
        RP28: 15/11/2009 1:07:10 AM - Windows Update
        RP29: 22/11/2009 4:45:42 PM - Windows Update
        RP30: 30/11/2009 12:17:26 AM - Windows Update
        RP31: 9/12/2009 7:45:29 PM - Windows Update
        RP32: 20/12/2009 11:49:45 PM - Windows Update
        RP33: 25/1/2010 1:21:36 AM - Windows Update
        RP34: 8/2/2010 12:59:51 AM - Windows Update
        RP35: 16/2/2010 6:56:17 PM - Device Driver Package Install: Brother Printers
        RP36: 17/2/2010 8:16:40 AM - Windows Update
        RP37: 17/2/2010 6:37:39 PM - Device Driver Package Install: Brother Imaging devices
        RP38: 17/2/2010 8:26:31 PM - Windows Update
        RP39: 17/2/2010 8:28:34 PM - Windows Update
        RP40: 18/2/2010 10:55:00 PM - Windows Update
        RP41: 20/2/2010 7:07:51 PM - Windows Update
        RP42: 21/2/2010 10:08:50 PM - Windows Update
        RP43: 22/2/2010 6:52:43 PM - Windows Update
        RP44: 25/2/2010 6:07:34 PM - Windows Update

        ==== Installed Programs ======================

        Acrobat.com
        Adobe AIR
        Adobe Flash Player 10 ActiveX
        Adobe Reader 9.3
        BroadBand on Mobile
        Compatibility Pack for the 2007 Office system
        Dell DataSafe Online
        Dell Dock
        Dell Edoc Viewer
        Dell Getting Started Guide
        Dell Remote Access
        Dell Support Center (Support Software)
        GoToAssist 8.0.0.514
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
        Java(TM) 6 Update 13
        Malwarebytes' Anti-Malware
        McAfee SecurityCenter
        Microsoft .NET Framework 3.5 SP1
        Microsoft Application Error Reporting
        Microsoft Choice Guard
        Microsoft Office 2007 Service Pack 2 (SP2)
        Microsoft Office Excel MUI (English) 2007
        Microsoft Office Home and Student 2007
        Microsoft Office OneNote MUI (English) 2007
        Microsoft Office PowerPoint MUI (English) 2007
        Microsoft Office PowerPoint Viewer 2007 (English)
        Microsoft Office Proof (English) 2007
        Microsoft Office Proof (French) 2007
        Microsoft Office Proof (Spanish) 2007
        Microsoft Office Proofing (English) 2007
        Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
        Microsoft Office Shared MUI (English) 2007
        Microsoft Office Shared Setup Metadata MUI (English) 2007
        Microsoft Office Word MUI (English) 2007
        Microsoft Works
        MSVCRT
        PowerDVD
        Realtek High Definition Audio Driver
        Security Update for 2007 Microsoft Office System (KB969559)
        Security Update for 2007 Microsoft Office System (KB973704)
        Security Update for Microsoft Office Excel 2007 (KB973593)
        Security Update for Microsoft Office PowerPoint 2007 (KB957789)
        Security Update for Microsoft Office system 2007 (972581)
        Security Update for Microsoft Office system 2007 (KB969613)
        Security Update for Microsoft Office system 2007 (KB974234)
        Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
        Update for 2007 Microsoft Office System (KB967642)
        Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
        Update for Microsoft Office 2007 Help for Common Features (KB963673)
        Update for Microsoft Office Excel 2007 Help (KB963678)
        Update for Microsoft Office InfoPath 2007 (KB976416)
        Update for Microsoft Office OneNote 2007 Help (KB963670)
        Update for Microsoft Office Powerpoint 2007 Help (KB963669)
        Update for Microsoft Office Script Editor Help (KB963671)
        Update for Microsoft Office Word 2007 (KB974561)
        Update for Microsoft Office Word 2007 Help (KB963665)
        Windows Live Call
        Windows Live Communications Platform
        Windows Live Essentials
        Windows Live Messenger
        Windows Live Sign-in Assistant
        Windows Live Upload Tool
        WordWeb

        ==== Event Viewer Messages From Past Week ========

        24/2/2010 8:28:09 PM, Error: netbt [4321]  - The name "ACER-PC        :0" could not be registered on the interface with IP address 192.168.1.70. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
        24/2/2010 11:19:46 PM, Error: netbt [4321]  - The name "SGP1651C       :0" could not be registered on the interface with IP address 192.168.1.70. The computer with the IP address 192.168.1.107 did not allow the name to be claimed by this computer.

        ==== End Of File ===========================


        THANK YOU for your help !

        evilfantasy

        • Malware Removal Specialist


        • Genius
        • Calm like a bomb
        • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: virus change the USB flash drive name
        « Reply #7 on: March 03, 2010, 09:47:39 AM »
        I don't think it's malware. But you should run this still on all of your flash drives.

        Panda USB and AutoRun Vaccine

        Insert your flash drive before we begin. Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically.

        Download Panda USB and AutoRun Vaccine and save it to your desktop.

        * Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.
        * Open that folder and double-click on USBVaccine.exe to start the program.
        * Click Run
        * Click the button to Vaccinate computer.
        * Insert your USB flash drive.
        * When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
        * Exit Panda USB and AutoRun Vaccine when done.

        Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

        sunnyday

          Topic Starter


          Rookie

          Re: virus change the USB flash drive name
          « Reply #8 on: March 05, 2010, 07:38:23 AM »
          Problem solved !
          THANK YOU  :)

          evilfantasy

          • Malware Removal Specialist


          • Genius
          • Calm like a bomb
          • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: virus change the USB flash drive name
          « Reply #9 on: March 05, 2010, 11:40:02 AM »
          Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

          Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

          sunnyday

            Topic Starter


            Rookie

            Re: virus change the USB flash drive name
            « Reply #10 on: March 05, 2010, 05:18:41 PM »
            Great Info .
            THANKS ! :)