Windows Command Processor Virus

[Kopmeister]

This virus has now hit my computer, I have run several scans using Malwarebytes, Windows Defender and SuperAntiSpyware.All have come up with doggy files and cookies. Still problems also found a registry key about it, deleted still it happens. So if anyone can help, you would be a lifesaver. Here I attach the logs from my most recent Malwarebytes scan.
EDIT
Couldn't find the right log so just tell me what to download and I will scan again. That log is the incorrect one

 

[Jacee]

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.

 

[Tekno Venus]

Hi,

Lets try something. Could you please run a pre-boot antivirus program such as Kaspersky Rescue Disk. This will run before windows loads so can remove virus's and malware more effectively. Instructions here: How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?. It is also possible to use a blank DVD to run the program if you have no USB drives. Instructions here: How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Stephen

EDIT - This tool may be more effective. http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

 

[Kopmeister]

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

None of these work, link 1 takes me to a untitled page, link 2 has a 404 errir and link 3 doesn't download

 

[C-11]

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

None of these work, link 1 takes me to a untitled page, link 2 has a 404 errir and link 3 doesn't download

Link 1 is a direct download an should work.

Blue rectangle with Download Now
from here

Bleeping Computer Downloads: DDS

 

[Kopmeister]

I don't know why but it won't downlaod even though I have downlaoded Malwarebytes and SuperAntiSpyware

 

[C-11]

Try in Safe mode with networking.

Using the F8 Method:

1. Restart your computer.
2. When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options screen.

How to start Windows in Safe Mode

 

[Kopmeister]

Try in Safe mode with networking.

Using the F8 Method:

1. Restart your computer.
2. When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options screen.

How to start Windows in Safe Mode

That's what I've been in this whole time. Going to bed now. Quite late here in England. Goodnight and thanks for the help

 

[Jacee]

Okay, DDS (mirror 1) look at the bottom of your screen. Do you see this image?
Click to *save* to your desktop, then follow the directions above.
If your Anti-virus wants to block it, then click "allow". DDS (short for 'doesn't do squat') doesn't do anything to alter your computer, it just shows me what I need to know

 

[Kopmeister]

Weird, just booted in to normal mode and no prompts what so ever. My dad did log on last night, maybe he approved the prompt, I don't know. No noticeable slowdowns yet, about to try some MW3 to see if there are any slowdowns and this is what I get when I click link 1


EDIT
MW3 works fine, so I'm a bit confused. What's going on?

 

[Jacee]

Let's flush the DNS cache and restore MS's Hosts file ....

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Once rebooted, see if you can get the 1st mirror to download DDS now.

 

[Kopmeister]

Still no, after that reboot still no Command Processor prompt. Maybe its gone

 

[Jacee]

I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[Kopmeister]

Here it is

C:\ProgramData\TrackMania\Cache\875EB227E9D6EC1D37CBF3255707A767_Skins%5cAny%5cAdvertisement%5cBCSurlscroll.bik HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\96oi03ww.tmp PDF/Exploit.Pidief.PDS.Gen trojan cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\i9lly4uy.tmp PDF/Exploit.Pidief.PDS.Gen trojan cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\jar_cache3149808510193519961.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\kwfotzo2.tmp JS/Exploit.Pdfka.OWY trojan cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\ouf84e1t.tmp PDF/Exploit.Pidief.PDS.Gen trojan cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\tcvuwopq.tmp PDF/Exploit.Pidief.PDS.Gen trojan cleaned by deleting - quarantined

 

[Jacee]

Can you get DDS to run now?

 

[Kopmeister]

Nope

 

[computergeekguy]

I clicked Jacee's dds mirror 1 link and it worked for me.

Could you download it on a different computer put it on a flash drive and then run it?

 

[Kopmeister]

Get a download manager for iPod Touch. Save .exe, transfer over from by usin iFunbox. That should work

 

[C-11]

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.

If your using Internet Explorer, right click on Mirror 1 above, Save target as > save the dds.scr to your desktop.
Firefox or other browsers right click > Save link as

Get a download manager for iPod Touch. Save .exe, transfer over from by usin iFunbox. That should work

Don't understand.

 

[Kopmeister]

The scan completely froze my PC, is it meant to do that?