Hi all.. hope this is the right place to post as I am new to all of this..

OS windows vista

found two files today in a directory called "My Data Sources"

they are named

+NewSQLServerConnection

and

*Connect to new Data Source

they both seem to be excell files but I get a security warning about connection when I try to open them (from excel itself)

I am suspicious becasue both files have creation dates of 2000 (on brand new machine)

I recently installed Office 2007.. not sure what gives here.. any suggestions?

Sound fishy?

{QUOTE->
I recently installed Office 2007.. not sure what gives here.. any suggestions?

Sound fishy? <-QUOTE}
Each of those items appears to be related to Office/Excel
and I can't see anything re. them being fishy malware of any kind.

Maybe someone can tell more re. their usefulness.

Many thanks I deleted the files anyway with no seeming adverse effects. Thanks for checking it out for me. I also had a couple of questions about a windows defender alert regarding a file named wd.sys. A quick check online revealed that a "hax" trojan uses this file. Now I am wondering if this file is a standard windows file or what. Also while checking my event viewer I get this funny alert telling me that on shutdown my registry "leaked" a handle. Now I would not worry about this so much except that on shut down I have noticed some "unusual" behavior. It seems that every Icon I have clicked on my desktop gets quickly "reclicked" seconds before shut down. Just several quick flashed on all of the desktop icons I have used during the session. I was able to replicate this behavior on a similar machine at a store and was unsure of what it meant. any suggestions about these things or am I being overly paranoid?

{QUOTE-> I also had a couple of questions about a windows defender alert regarding a file named wd.sys. A quick check online revealed that a "hax" trojan uses this file. Now I am wondering if this file is a standard windows file or what. Also while checking my event viewer I get this funny alert telling me that on shutdown my registry "leaked" a handle. Now I would not worry about this so much except that on shut down I have noticed some "unusual" behavior. It seems that every Icon I have clicked on my desktop gets quickly "reclicked" seconds before shut down. Just several quick flashed on all of the desktop icons I have used during the session. <-QUOTE}

Nokrypt.,

This wd.sys thing could be as you suggest, a concern, and causing your machine these other bits of strange behaviour - I have no idea how you have set up your security system but I would make sure I had installed and run these - I would not Delete the wd.sys file until one of the anti's picked it up as malware.

Superantispyware
Ad-aware
Search & Destroy
Win Patrol
HijackThis
CWShredder
Spywareblaster
Spywareguard
Firewall
Mark Jacob's Reg Watcher
AVG Anti-virus

If you already have your own setup, well and good, because as you have no doubt observed here at Wilders, it's very different smokes for very different blokes - If you do have a setup already then I would be running your machine through a couple of Online scanners such as,

www.kaspersky.com/virusscanner
www.webroot.com/services/spyaudit_03.htm

At this next addy I would upload wd.sys and allow Jotti's to run their dozen
top scanners through it.
http://virusscan.jotti.org/

Just entered wd.sys at,

http://www.softwaretipsandtricks.com/sys/index.php

and they say there IS a legit. wd.sys file,
M$'s - Watchdog Timer Driver 11.264 bytes

Regards.

well I am using kasperksy internet security 6.o and as of yet it has not picked up anything strange neither has the windows defender scan. (all signatures up to date) I may do as you suggest and try the other programs. I am very cautious though about some of the programs as some can "parade" as antivirus software but are really malicious in nature. I did a search and turned up four instances of the file. As for the files sizes none of them match the file size you listed. Two are small about 4 kb and the others are 19 kb so there, you have it weird eh? also noticed that two are listed as MUI file tpes while the others are sys type starnge eh?

Why not upload them to Virus Total.

Firstly I wanted to thank you guys for taking the time to read the suggestions.. since them I did a complete system recovery and chose to try the prepackaged norton internet security package over kis 6.0 I will see what the difference is. I had also downloaded and run spybot s and d before doing this and was informed that some registry entries that had been made matched changes that AGOBOT worm virus makes. This was the reason I decided to do a full recovery and install. anyhow.. feeling SLIGHTLY less paranoid now.