Need lots of help please

You need to provide more information: Brand and model of computer, operating system and any service packs
Did you change any hardware or install software before this happened?

Have you pressed F8 at startup and tried safe mode and/or last known good configuration?

Please state the exact error you see.

and what is the warning?

 

Classic symptoms of malware, so that could be a possibility.

 

As suspected, you now need to take a look thru this:

READ & RUN ME FIRST. Malware Removal Guide

 

Do you not have access to another computer at all?

 

You can not access your cd drive? That would be the preferred method --> copy the scans and programs to cd and transfer to the infected computer.

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

I now see you stated that you can not access USB or your cd/dve drive. At this point you need to do a repair install to try to get you running enough to try to do the R & R instructions.

 

Or another possibility to try and get started is to take the hard disk out and put it into another (well protected) PC as a slave drive. And then scan/clean the infected hard disk while in the other PC. Afterwards, try putting it back into the original PC and booting up.

Another option would be using the below procedure to restore to an older registry hive predating the problem

http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech

 

You should have started a thread in the malware forum to be posting your logs!!

We will do some cleaning, but then you will need to start a thread in malware and attach the new logs that I request once we are finished here.

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 4"
J2SE Runtime Environment 5.0"

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now let's use ComboFix to remove a bunch of malware files.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
[ If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
c:\windows\system32\OLDF.tmp
c:\windows\system32\doguvuvo.exe
c:\windows\system32\ckbus
c:\windows\system32\doguvuvo.exe
c:\windows\system32\maroradi
c:\windows\system32\nwzpphdq
c:\windows\system32\zfhhyubaz
c:\celkadaa.exe
c:\okex.exe
C:\WINDOWS\9g2234wesdf3dfgjf23
C:\DOCUMENTS AND SETTINGS\Harvey\LOCALS SETTINGS\Temp\x5nmz.exe

Folder::
c:\windows\system32\ckbus
c:\windows\system32\maroradi
c:\windows\system32\nwzpphdq
c:\windows\system32\zfhhyubaz
C:\WINDOWS\9g2234wesdf3dfgjf23

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=- 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="" 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the prvevious file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now download and install:
Java Runtime 6

Now start a thread in the malware forum, reference this thread and attach the logs there!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

 

Looking much better. We just need to do a little junk cleaning, so use windows explorer to find and delete:
C:\1949691939
C:\WINDOWS\dump6cd3.tmp
C:\WINDOWS\dump6dfc.tmp
C:\WINDOWS\dump6ea9.tmp
C:\WINDOWS\dump75bc.tmp
C:\WINDOWS\dump94fc.tmp
C:\WINDOWS\dump952b.tmp

And then use add/remove programs to uninstall your old java:
Java 2 Runtime Environment, SE v1.4.2

If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
   • Delete the C:\combofix folder from combofix (if it exists)
   
   
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
   
   
8. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!
   
   

 

This is something to pursue in the software forum. It is a relatively easy fix.