wscript.exe problem...windows 7....

Help anybody…my old and many times used usb all of a sudden says it is write protected and I have heard about this virus…

Hi, I’ll be working with you :slight_smile:

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool.

[*]Select Yes if prompted to download the Avast database.
[*]Click Scan
[*]Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
Note: do NOT attempt any Fix yet.

Hello good sir and thank you for your quick response :slight_smile: here are the FRST scan results:

Follow the instructions for second tool, I need aswmbr report too…

aswMBR scan log:

Good, now please refrain from using USB, until we clean PC

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

HKCU\...\Run: [WinUsbDriver] - C:\Users\Milica\AppData\Local\Temp\WinUsbDriver.vbs [172340 2013-08-27] () <===== ATTENTION
C:\Users\Milica\AppData\Local\Temp\WinUsbDriver.vbs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.us.com/v/2/?guid={C020945C-A1A3-40A4-B373-6ED74EB78278}&serpv=17
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/v/2/?guid={C020945C-A1A3-40A4-B373-6ED74EB78278}&serpv=17
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {17446C70-FA1B-492A-8AA6-504B83BBC9ED} URL = http://search.us.com/serp?guid={C020945C-A1A3-40A4-B373-6ED74EB78278}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=109220&tt=5012_6&babsrc=SP_ss&mntrId=8a25fd0300000000000000266cbc014e
SearchScopes: HKCU - {13AAAC8C-8C25-47DD-849B-F4513FADA88F} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
SearchScopes: HKCU - {17446C70-FA1B-492A-8AA6-504B83BBC9ED} URL = http://search.us.com/serp?guid={C020945C-A1A3-40A4-B373-6ED74EB78278}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {9A91BBDD-744E-4EB0-AF9E-029F9E7B75B4} URL = http://www.mysearchresults.com/search?c=2408&t=14&q={searchTerms}
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
C:\Program Files (x86)\Yontoo
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Milica\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
C:\Users\Milica\AppData\Roaming\DefaultTab
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx
C:\Program Files (x86)\DefaultTab
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
R2 DefaultTabUpdate; C:\Users\Milica\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-08-31] ()
C:\Users\Milica\AppData\Local\Temp\WinUsbDriver.vbs
C:\Users\Milica\AppData\Local\Temp
AlternateDataStreams: C:\Windows:nlsPreferences
cmd: ipconfig /flushdns

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Then…

Re-run FRST, press Scan and attach fresh report

should I just click Scan without checking List BCD and Drivers MD5 ?

No need to check anything, just Run FRST and click scan…

here it is

just one quick question…how to be free of the virus from my usb? should i just delete everything there is on it?

Now, we’re going to fix you USB :slight_smile:

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that MCShield has created.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

here it is

PC and USB are now clean, how are the things now?

Everything is just fine:) thank you very much :slight_smile:

Good :slight_smile:

Few more things to do, and we’re done:

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

===============================================================

Please download TFC by OldTimer to your desktop

[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

I havent yet instaled or run any of the programs you mentioned because i noticed a problem.
I can’t log in into my Skype account.I have the latest version and i have tried deleting the folder which contains my Skype chat history.
Namely,i says this when i try to log in:

Unable to sign in due to a disk I/O error.Try restarting Skype to fix this.If you’re still having problems please visit this support page for more help.

is all this due to the recent antivirus programs activity or is it another matter altogether?

Do not know why is it happening, but try this solution

http://community.skype.com/t5/Windows-desktop-client/Unable-to-sign-in-Disk-I-O-error-Tried-everything/td-p/2130035

Hvala puno na pomoci ono sa skajpom je uspelo.Pustio sam ova dva programa i oni su odradili svoje.
Trenutno sve radi kako treba

Odlicno :wink:

Nastavi da koristis MCShield, tako ces biti ubuduce zasticen od ovakvih virusa.

Jos samo da obrisemo alate (uputstvo je na engleskom)

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

koristicu :slight_smile: Delfix je zavrsio…hvala ti puno na pomoci skratio si mi muke nevidjeno XD