Question:

I have a virus in my computer that shut me out of admin

by  |  earlier

0 LIKES UnLike

i cannot get into my admin acc even though i am the admin and i cannot even access the task manager.

it says that it had been disabled by the admin.

i cannot go into site like bleepingcomputer.com

after i run sdfix, my system cannot evenboot up.

it keeps showing me a blue screen that says the system has encountered error and needs to shut down.

here's the hijack this log just after i had the virus

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:18: VIRUS ALERT!, on 8/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.E...

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ALCMTR.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

C:\WINDOWS\system32\lphclbbj0erf9.exe

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Imation\ImationFlashDetect.exe

C:\Program Files\UltimateZip 2007\uzqkst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\wusb54gv4.exe

C:\Program Files\RogueRemover FREE\RogueRemover.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll

F3 - REG:win.ini: run="C:\Documents and Settings\chinghang\Application Data\Adobe\Manager.exe"

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {06DF596B-3170-4F07-BE10-86E31456BC56} - C:\WINDOWS\system32\yayVNgdb.dll (file missing)

O2 - BHO: (no name) - {2B0E6B87-D39A-4E4A-91F9-3E183AD5A1C3} - C:\WINDOWS\system32\hgGYOGxu.dll (file missing)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.2...

O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware347\bin\Starware347.dll (file missing)

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: QXK Olive - {86A223EE-081B-4CF9-98FB-52514CE4A8E1} - C:\WINDOWS\wnlmdakqenv.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_pl...

O3 - Toolbar: Starware Jokes Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware347\bin\Starware347.dll (file missing)

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: bgrqfetx - {87EF3F20-E986-4B30-B9AA-A65E59792F29} - C:\WINDOWS\bgrqfetx.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.ex... /autorun

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScIns... /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET... /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET... /IMEName

O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [10fd9614] rundll32.exe "C:\WINDOWS\system32\tnvvirxc.dll",b

O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb...

O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [\Win143.exe] C:\Windows\system32\Win143.exe

O4 - HKLM\..\Run: [\Win144.exe] C:\Windows\system32\Win144.exe

O4 - HKLM\..\Run: [\Win145.exe] C:\Windows\system32\Win145.exe

O4 - HKLM\..\Run: [\Win146.exe] C:\Windows\system32\Win146.exe

O4 - HKLM\..\Run: [\Win147.exe] C:\Windows\system32\Win147.exe

O4 - HKLM\..\Run: [lphclbbj0erf9] C:\WINDOWS\system32\lphclbbj0erf9.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [testwait] C:\DOCUME~1\CHINGH~1\APPLIC~1\BLEHSE~1\B...

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [\Win143.exe] C:\Windows\system32\Win143.exe

O4 - HKCU\..\Run: [\Win144.exe] C:\Windows\system32\Win144.exe

O4 - HKCU\..\Run: [\Win145.exe] C:\Windows\system32\Win145.exe

O4 - HKCU\..\Run: [\Win146.exe] C:\Windows\system32\Win146.exe

O4 - HKCU\..\Run: [\Win147.exe] C:\Windows\system32\Win147.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe

O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Interne... Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentV... DisableRegedit=1

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.h...

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCE...

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.D...

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.2... (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://219.75.107.15/plugin/h263ctrl.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O20 - Winlogon Notify: yayVNgdb - yayVNgdb.dll (file missing)

O21 - SSODL: tfnslopk - {03355E3E-98F4-45F0-B02C-B2AD30DB789C} - C:\WINDOWS\tfnslopk.dll

O21 - SSODL: xokvrpwg - {42BEE0AD-C08A-4A5D-9052-BA0B287A0251} - C:\WINDOWS\xokvrpwg.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--

End of file - 11945 bytes

pls help

thank you

 Tags:

   Report
Answer The Question I've Same Question Too

4 ANSWERS

Sort By: Date  |  Rating

  1. Go to the link listed below and click on Full Service Scan than following the instructions. It is a virus and spy-ware scanner plus it checks your registry and checks your hard drive for cookies etc. It will take 2 hours or more depending on the size of your hard drive. I have used this several times and it works good. Good Luck and have a virus and spy ware free computer soon.


  2. You have rogue on there called MalWarrior 2008

    if you can run:

    http://www.download.com/Malwarebytes-Ant...

    RogueRemover Free 1.24  

    http://www.majorgeeks.com/RogueRemover_d...

    sdfix should not be used unless you know what your doing or unless helped by bleeping computer or geek squad.

  3. In addition to the first answer if you are not tech savvy, save all of your important files (e.g. documents and pictures) and take the computer to a Geek Squad.  

  4. if i were you i would save all my wanted files to an external hard drive and then i would reformat the computer n put them back on. but if you do do this make sure you have a copy of all your drivers before you do it, especially an ethernet controller driver (internet)
You're reading: I have a virus in my computer that shut me out of admin

Question Stats

Latest activity: earlier.
This question has 4 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.
Register Now