I Have A Virus In My Computer That Shut Me Out Of Admin
i cannot get into my admin acc even though i am the admin and i cannot even access the task manager.
it says that it had been disabled by the admin.
i cannot go into site like bleepingcomputer.com
after i run sdfix, my system cannot evenboot up.
it keeps showing me a blue screen that says the system has encountered error and needs to shut down.
here’s the hijack this log just after i had the virus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18: VIRUS ALERT!, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.E…
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\system32\lphclbbj0erf9.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Imation\ImationFlashDetect.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\wusb54gv4.exe
C:\Program Files\RogueRemover FREE\RogueRemover.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmi…
R3 – URLSearchHook: Best Security Tips Toolbar – {da30eff8-ccc6-4162-a20d-67402a26a215} – C:\Program Files\Best_Security_Tips\tbBest.dll
F3 – REG:win.ini: run=”C:\Documents and Settings\chinghang\Application Data\Adobe\Manager.exe”
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {06DF596B-3170-4F07-BE10-86E31456BC56} – C:\WINDOWS\system32\yayVNgdb.dll (file missing)
O2 – BHO: (no name) – {2B0E6B87-D39A-4E4A-91F9-3E183AD5A1C3} – C:\WINDOWS\system32\hgGYOGxu.dll (file missing)
O2 – BHO: BitComet ClickCapture – {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} – C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.2…
O2 – BHO: (no name) – {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} – C:\Program Files\Starware347\bin\Starware347.dll (file missing)
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: QXK Olive – {86A223EE-081B-4CF9-98FB-52514CE4A8E1} – C:\WINDOWS\wnlmdakqenv.dll
O2 – BHO: Best Security Tips Toolbar – {da30eff8-ccc6-4162-a20d-67402a26a215} – C:\Program Files\Best_Security_Tips\tbBest.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_pl…
O3 – Toolbar: Starware Jokes Toolbar – {1962c5bc-e475-465b-823b-133e711bceb9} – C:\Program Files\Starware347\bin\Starware347.dll (file missing)
O3 – Toolbar: Best Security Tips Toolbar – {da30eff8-ccc6-4162-a20d-67402a26a215} – C:\Program Files\Best_Security_Tips\tbBest.dll
O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 – Toolbar: bgrqfetx – {87EF3F20-E986-4B30-B9AA-A65E59792F29} – C:\WINDOWS\bgrqfetx.dll
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 – HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 – HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.ex… /autorun
O4 – HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 – HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScIns… /SYNC
O4 – HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET… /SYNC
O4 – HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET… /IMEName
O4 – HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 – HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 – HKLM\..\Run: [mxomssmenu] “C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe”
O4 – HKLM\..\Run: [10fd9614] rundll32.exe “C:\WINDOWS\system32\tnvvirxc.dll”,b
O4 – HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb…
O4 – HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 – HKLM\..\Run: [\Win143.exe] C:\Windows\system32\Win143.exe
O4 – HKLM\..\Run: [\Win144.exe] C:\Windows\system32\Win144.exe
O4 – HKLM\..\Run: [\Win145.exe] C:\Windows\system32\Win145.exe
O4 – HKLM\..\Run: [\Win146.exe] C:\Windows\system32\Win146.exe
O4 – HKLM\..\Run: [\Win147.exe] C:\Windows\system32\Win147.exe
O4 – HKLM\..\Run: [lphclbbj0erf9] C:\WINDOWS\system32\lphclbbj0erf9.exe
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [NVIDIA nTune] “C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” clear
O4 – HKCU\..\Run: [CTSyncU.exe] “C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [testwait] C:\DOCUME~1\CHINGH~1\APPLIC~1\BLEHSE~1\B…
O4 – HKCU\..\Run: [BitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 – HKCU\..\Run: [MalWarrior] “C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe” /autorun
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 – HKCU\..\Run: [\Win143.exe] C:\Windows\system32\Win143.exe
O4 – HKCU\..\Run: [\Win144.exe] C:\Windows\system32\Win144.exe
O4 – HKCU\..\Run: [\Win145.exe] C:\Windows\system32\Win145.exe
O4 – HKCU\..\Run: [\Win146.exe] C:\Windows\system32\Win146.exe
O4 – HKCU\..\Run: [\Win147.exe] C:\Windows\system32\Win147.exe
O4 – HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘Default user’)
O4 – Startup: ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe
O4 – Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 – HKCU\Software\Policies\Microsoft\Interne… Explorer\Restrictions present
O7 – HKCU\Software\Microsoft\Windows\CurrentV… DisableRegedit=1
O8 – Extra context menu item: &D&ownload &with BitComet – res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 – Extra context menu item: &D&ownload all video with BitComet – res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 – Extra context menu item: &D&ownload all with BitComet – res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.h…
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCE…
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.D…
O9 – Extra button: BitComet – {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} – res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.2… (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) – https://www.e-games.com.my/com/EGamesPlu…
O16 – DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) – http://gfx2.hotmail.com/mail/w2/resource…
O16 – DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) – http://www.acclaim.com/cabs/acclaim_v5.c…
O16 – DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) – http://219.75.107.15/plugin/h263ctrl.cab
O16 – DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/Mes…
O20 – Winlogon Notify: yayVNgdb – yayVNgdb.dll (file missing)
O21 – SSODL: tfnslopk – {03355E3E-98F4-45F0-B02C-B2AD30DB789C} – C:\WINDOWS\tfnslopk.dll
O21 – SSODL: xokvrpwg – {42BEE0AD-C08A-4A5D-9052-BA0B287A0251} – C:\WINDOWS\xokvrpwg.dll
O23 – Service: ATK Keyboard Service (ATKKeyboardService) – ASUSTeK COMPUTER INC. – C:\WINDOWS\ATKKBService.exe
O23 – Service: AVG Anti-Spyware Guard – GRISOFT s.r.o. – C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 – Service: AVG E-mail Scanner (AVGEMS) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 – Service: C-DillaCdaC11BA – Macrovision – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\system32\CTsvcCDA.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Maxtor Service (Maxtor Sync Service) – Seagate Technology LLC – C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 – Service: MySQL – Unknown owner – C:\Program.exe (file missing)
O23 – Service: nTune Service (nTuneService) – NVIDIA – C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: WUSB54Gv4SVC – GEMTEKS – C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
–
End of file – 11945 bytes
pls help
thank you
In addition to the first answer if you are not tech savvy, save all of your important files (e.g. documents and pictures) and take the computer to a Geek Squad.
if i were you i would save all my wanted files to an external hard drive and then i would reformat the computer n put them back on. but if you do do this make sure you have a copy of all your drivers before you do it, especially an ethernet controller driver (internet)
You have rogue on there called MalWarrior 2008
if you can run:http://www.download.com/Malwarebytes-Ant…
RogueRemover Free 1.24 http://www.majorgeeks.com/RogueRemover_d…
sdfix should not be used unless you know what your doing or unless helped by bleeping computer or geek squad.
Go to the link listed below and click on Full Service Scan than following the instructions. It is a virus and spy-ware scanner plus it checks your registry and checks your hard drive for cookies etc. It will take 2 hours or more depending on the size of your hard drive. I have used this several times and it works good. Good Luck and have a virus and spy ware free computer soon.