usb_run.exe!

• Click on the following link and use the below steps to scan a file: Virustotal
  • Click the Browse... button.
  • Navigate to the file FileToBeScanned
    • Where FileToBeScanned is the actual file to be scanned. Like C:\WINDOWS\System32\vdmt16.sys
  • Click the Open button.
  • Click the Send button.
  • Repeat the above for each file to be scanned
• Copy and paste the results in Notepad, and save them to your desktop, so you can attach them to your next reply.

 

I can't find any info on that file and the scan of that file leaves a lot to speculate on. I would suggest that to be on the safe side, you just rename the file to usb_run.exe.old andsee if it effects your drive usage. If your thumb drive still works properly, then you can delete it.

 

Well, you have not done the READ & RUN ME FIRST. Malware Removal Guide which may show how that drive has infected other parts of your system. I would suggest that you do so now. As well as download and install:
AutoEater.

 

Try opening the command prompt by right clicking and choosing run as administrator.

Did you install AutoEater?

Am I to assume that when you ran MBAM you did have it fix what it found> the log states that you didn't.

You will need to start a separate thread for another computer. This one is only reporting a messenger file as infected, so we can do this:

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

FCopy::
c:\windows\ERDNT\cache\msgsvc.dll | c:\windows\system32\msgsvc.dll

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the prvevious file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!