Virus that killed admin account, disabled instalations of antiviruses etc.

Hi! I've seen some good solutions here, so i hope u will help me too...

My machine: ASUS laptop, Windows 7 64x
Problem: I have a virus that is blocking administrator rights, user account management, disables systemrestore and msconfig etc. There are no pop-ups. It also doesn't let me to modify the files in root of C:. Obviously, i can't switch from guest account and all changes are ignored or denied. That's why i cant run any antivirus, even in safe mode. I can't run DDS utility (bleeping-computer software), says not enough privileges, and i couldn't install MBAM, just like any other software. I did everything you said in the manuals, and only RogueKiller and Hijackthis managed to create a log, others failed. I couldn't disable UAC and do other things. Bitdefender (Bootable USB) found Trojan.Qhost.Gen in some system folder, deleted it, but nothing happened, i'm not even sure it is related to the problem. Even bootable Kaspersky and AVG didn't find the virus.
What i've done previously: I discovered it when i was trying to make a network with a desktop PC. It wasn't working, so i enabled empty passwords. This other PC is absolutely healthy. I have also been installing some minor applications.
Antivirus: I try to surf safe, and use fully functional Avira, firewall is on for private networks.

So it's a specific situation, what should i do? :confused rolleyes

Thankyou and i'm waiting for qualifued help. I attached logs i could find.

G

 

First of all, thanks 4 replying.

Hmm, yes, i did install PACE long ago, its folders still there, scattered all over the system, but no official program.

Then, i am logged in as "user", but my status is "guest account". Looks i have been downgraded. I can't change it as i told before.
In users console information is the following:
user - on
Administrator - off
Guest - off

I will start Farbar.

 

Unfortunately, after i choose "Repair my comp", i get a screen like this:

http://www.symantec.com/business/support/library/BUSINESS/ATLAS/images_v1/351886/boot-error2-small.jpg

What a mean virus.

I did everything properly i suppose.

 

So, as i told, i got this screen:
http://www.symantec.com/business/su.../ATLAS/images_v1/351886/boot-error2-small.jpg

But i didn't fall for it and inserted my windows installation disc. There i performed all actions you requested and here is the log...:cool

 

So what about PACE? Should i uninstall it to keep working? But i know there is a virus. Are there any advanced methods of scanning?

 

I googled hard and found out that most likely i have this bug:

http://harryjohnston.wordpress.com/2011/05/05/when-guest-is-the-administrator/

It is not necessarily a virus... Could you redirect me smwhere relevant? Thanx for help and maybe you shouldn't close the thread now, for i will post solution here later if i find one.

 

Yep, it didn't help either. I will try hack that bugger with NT Password...Editor today.

 

Ok, how to remove all of my attachments, pls? I will answer later.

 

Still i would like to delete one of my attachments since it contains personal information (FRST). Maybe the topic has to be moved since I mistakenly blamed it on a virus whereas it was just a MS glitch. I will post here how i solved the problem.

 

Thanks.
I managed to create a new admin. But the problem is partially still there. The old user's safety policy is corrupt: i can't change files, install some programs etc. How can i transfer program data to new user without damage (CorelDraw, Word etc settings)? I would also like to transfer environment settings, like Desktop, Docs etc.
I can use Windows Easy Transfer, but i'm afraid won't it move corrupt permissions settings to the new user? rolleyes

 

For those who want to know how i solved the problem: i run "NT Windows Password and registry Offline editor" and chose "unlock" built-in admin account. (there's also a way to use installation cd and edit the registry thru it, but i chose to use this awesome program) Then i went back to windows and from there logged into admin with no problems. And i gave the user administrator rights too. And disabled blank passwords just in case, cause that's when the glitch started.
Yeah, and still, the old profile's permissions are still damaged, so i guess it's better to create a new standard user.
It is a pretty rare bug, i would call it "admin as guest bug", it appears when you are trying to create a network, enable empty passwords and there are some other glitchy factors only Bill knows.
:wave

 

Haha, not completely, i even created a new thread http://forums.majorgeeks.com/showthread.php?t=273307

The main problem was solved but still my permissions are restricted. I consider migrating or fixing what i already have.

 

Good news, my profile settings are not damaged so i can enjoy my good old user profile.
It would be great if u helped me a bit with this little problem i encountered after the fix: http://forums.majorgeeks.com/showpost.php?p=1803746&postcount=5
:cool