Windows Command Processor virus issue

It should be just fine. :slight_smile:

hi Jeff, i dont think the scan has worked…ive attached 2 pictures i took on my phone…1 taken after the scan and the other screenshot shows what showed up after hitting ‘press any key’. both options dont work, when i click launch startup repair it goes to a screen where its trying to repair and then it says it couldnt find a solution so i restarted the laptop and it goes back to the same screen with 2 options…when i click start windows normally…it doesnt really start and once again ends up at the same page where ive got the same 2 options. :frowning: dont know what to do now

the launch options

Hi Rick,

Looks like Dr. Web has renamed them so we might be alright.

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

Note: It is important that it is saved directly to your desktop


IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.

thank you but how do i get to my desktop…every time i click launch start up repair it doesnt do much and when i click start windows normally it restarts the laptop and brings it back to the same page and asks me to either launch or start normally.

please help this sucks :frowning: cant even get it to the desktop…just keeps going to the same page. ive clicked launch start up repair and start windows normally countless amounts of times now and it just comes back to the same 2 options.

ok well so i couldnt get it to get to my desktop…even in safe mode it kept going back to the same screen with the 2 options…so basically i managed to do a system restore (back to the 29th) and then it finally logged on and i just downloaded combo fix and its doing a scan… the windows command processor pop up still appears asking for permission…i havent clicked yes or no. the scan is taking place right now and then ill post the log :slight_smile:

ok i ran the combo fix heres the log. btw i cant open iexplorer or firefox lol or anything really…i think all my works gone xD

Hi Rick,

Do you mean that you can not connect to the internet any longer on the system that is infected? If so, sometimes that happens when fixing a system infected with ZeroAccess. Let’s see what we can get done. :slight_smile:

Please download Farbar Service Scanner and run it on the computer with the issue.
[*]Make sure the following options are checked:
[*]Internet Services
[*]Windows Firewall
[*]System Restore
[*]Security Center
[*]Windows Update
[*]Press “Scan”.
[]It will create a log (FSS.txt) in the same directory the tool is run.
[
]Please copy and paste the log to your reply.


[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:


ClearJavaCache::

AtJob::

File::
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ogax.exe
c:\windows\SysWow64\QL4J0lx.com
c:\users\Rickhill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cqbwxlg0.#xe
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ogax.exe
C:\Windows\SysNative\lxcj_device.dll

Firefox::
FF - ProfilePath - c:\users\Rickhill\AppData\Roaming\Mozilla\Firefox\Profiles\zbb0fe8a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

Folder::
c:\users\Rickhill\AppData\Roaming\Kagi
c:\users\Rickhill\AppData\Roaming\Ekex
c:\users\Rickhill\AppData\Local\tkjknlww

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

Driver::
AtiPcie

Netsvc::
AtiPcie

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

In your next reply please post the logs made by Farbar Service Scanner and ComboFix.