Scribd Logo
Upload

Welcome to Scribd!

  • New Text Document

    Uploaded by

    Tolitz Gonzales
    26 views2 pages
    file

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    file

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    26 views2 pages

    New Text Document

    Uploaded by

    Tolitz Gonzales
    file

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Please download Anti-VBSVBEx64.

    exe on your Desktop


    Double click to run the tool and wait until it finishes.
    It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.
    .

    Step 2.

    1. Open notepad and copy/paste the text present inside the code box
    To do this highlight the contents of the box and right click on it.
    nto the open notepad.
    NOTICE: This script was written specifically for this user, for use
    icular machine. Running this on another machine may cause damage to
    g system

    below.
    Paste this i
    on that part
    the operatin

    Code: [Select]
    Start
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\Run: [Win-Update] => C:\W
    indows\win-update.exe
    C:\Windows\win-update.exe
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\Run: [Google Update] => C
    :\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-28] (G
    oogle Inc.)
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: G - G:\Auto
    Run.exe
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: H - H:\Auto
    Run.exe
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: {9b8ce725-c
    ef0-11e1-8f5e-441ea1da1c21} - G:\AutoRun.exe
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: {a8eca616-c
    edd-11e1-9604-3859f9eba1b4} - G:\AutoRun.exe
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: {a8eca627-c
    edd-11e1-9604-3859f9eba1b4} - G:\AutoRun.exe
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: {a8eca68c-c
    edd-11e1-9604-001e101f50a4} - G:\AutoRun.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\Run: [zADs.exe] => C:\Use
    rs\user\AppData\Roaming\zADs.exe [56320 2014-04-23] ()
    HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\Run: [zAD.exe] => C:\User
    s\user\AppData\Roaming\zAD.exe [56832 2014-05-17] ()
    C:\Users\user\AppData\Roaming\zADs.exe
    C:\Users\user\AppData\Roaming\zAD.exe
    HKLM-x32\...\Run: [Yahoo Messenger] => [X]
    Task: {16D48B3A-3C0C-4254-A30B-EE20481749B7} - System32\Tasks\GoogleUpdateTaskUs
    erS-1-5-21-3465869317-3857268257-4292628261-1000Core => C:\Users\user\AppData\Lo
    cal\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
    Task: {513A382A-3F86-4540-9CFA-922E182F4E44} - System32\Tasks\GoogleUpdateTaskUs
    erS-1-5-21-3465869317-3857268257-4292628261-1000UA => C:\Users\user\AppData\Loca
    l\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3465869317-3857268257-429262
    8261-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3465869317-3857268257-429262
    8261-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION


    CHR Extension: (ExoSStriaCoupioan) - C:\Users\user\AppData\Local\Google\Chrome\U
    ser Data\Default\Extensions\afgnkpmjephlnglnlcpbkajnnabdeblk [2014-02-28]
    S2 ef0abbff; c:\ProgramData\TurboNet\TurboNetSvc.dll [180560 2013-12-28] () [Fil
    e not signed]
    c:\ProgramData\TurboNet\TurboNetSvc.dll
    U3 kwldapob; \??\C:\Users\user\AppData\Local\Temp\kwldapob.sys [X]
    C:\Users\user\AppData\Local\Temp\KMP_3.9.0.124.exe
    C:\Users\user\AppData\Local\Temp\KMP_3.9.0.125.exe
    C:\Users\user\AppData\Local\Temp\Quarantine.exe
    End
    2. Save notepad as fixlist.txt to your Desktop.
    NOTE: => It's important that both files, FRST and fixlist.txt are in the same lo
    cation or the fix will not work.
    3. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart norm
    ally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your r
    eply.
    Note: If the tool warned you about the outdated version please download and run
    the updated version.
    .

    Step 3.

    Please download MCShield from one of the following links:


    MCShield -Official download link
    Double click on MCShield-Setup to install the application.
    Next => I Agree => Next => Install ... per installation click on Run! button.
    Wait a few seconds to MCShield finish initial HDD scan...
    Connect all your USB storage devices to the computer one at a time. Scanning wil
    l be done automatically.
    When all scanning is done, you need to post a logreport that MCShield has create
    d.
    Under Logs tab (in Control Center) for AllScans.txt log section click on Save bu
    tton. AllScanst.txt report shall be located on your Desktop.
    => Post here AllScanst.txt
    Explanation: USB storage devices are all the USB devices that get their own part
    ition letter at connecting to the PC,
    e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players
    , digital cameras,
    memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile p
    hones, some GPS navigation devices etc.

    You might also like