Not A Administrator Anymore!?!?!!?

[!Donovan]

I booted up my pc as I usually did. Logged onto my account and tryed to access the internet browser. No luck, so I went on MSN because it isn't a browser and asked every contact that was online. I got a lot of help and that worked. Well now, I can only use my Windows Vista Game browser because it doesen't detect it as a browser. I tryed to download Camtasia studio because I belived that would improve my videos a lot and I would get more channel views on my youtube account. Well, after I downloaded it and ran it, it started installing. I waited for it to install and about fifteen seconds later, it said I didn't have administrator rights, Well, after that, I did a Hijack This log. I got a error saying that it coulden't scan the hosts file. That what got me even more mad. I tryed searching administrator hack on google and found this code that hacked the startup so I could use a command propmt that was unprotected. Well, it didn't work. Then I tryed manually doing it. It worked. After that I rebooted my computer. Well, it skipped it. I tryed creating a botuser using the command prompt but it was a limited user and not a administrator. After that, I tryed removing the files to the avast chest. However, when I looked in that folder again, it was still there. But it was in the chest as well. Thats when I really got mad and decided to post here for help. If you want I can tell you the file names but I still don't know how I became a limited user.


Just some extra info:
1. How was it detected? What was scanning, you yourself or the back-ground scanner? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?
Myself, I coulden't use internet browsers and I wasn't a administrator anymore.

2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.
I don't have the link. Sorry.

3. When was it downloaded or received?
I didn't download it. It was recived after I shut down the computer and went to sleep and when I woke up, it was on there.

4. What is the exact file name with extension.
There are multiple files that I am aware of.

5. What was the exact wording of the message that the AV program  came up with? This is important for later.
It didn't detect it as a virus.

6. Now go back and do nothing yet. Scan the particular file once again with your AV product.
Nothing found again.

7. Check with an on line scanner or update to jotti for a second opinion. Jotti resides at http://virusscan.jotti.org/
Ok, after I have some lunch.

8. Go get informed ask a Virus Encyclopedia or Virus Central, put a question on a forum.
I don't think so.

9. Make an informed decision on the basis of what you have found.
I found some files.

10. Inform others about what you have learned, if the file came from a reliable source, author, programmer etc. send a friendly e-mail with your findings. This will help us all.
It came from Windows Live and Insert unknown thing here.

[mkis]

Have you tried do some check system in Safe Mode?
log in as Administrator.

[!Donovan]

How can I log in as administrator if I'm not a administrator?

[mkis]

Why are you no longer administrator? Has administrator decided to restrict your access?

[!Donovan]

I think a virus removed my admin stats by replacing me with a fake admin username. Here is another code I tryed that my friend suggested.

[polonus]

Hi d,

This could be at the root of your again self inflicted trouble: O4 - HKCU\..\Run: [Logoff] %SCTPath%SCTUINotify.exe
What on earth have you been experimenting again?
Here it should read.
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" should read " %SCTPath%SCTUINotify.exe".
There are some more issues in your hjt logfile, but you have to sort these isues out yourself.

If you start compromising your computer further by irresponsible conduct, it will be hard to get your computer back on track and get help from users here. Several other webforum users have warned you again and again that this was in store for you, and you did not pay any notice to that, then you have not learned a lot from your many visits here. What is the purpose of all this, have you given that any reflection?

polonus

[!Donovan]

I went to a site that was infected with personal antivirus. BUT I DIDNT MEAN IT. and then i clicked exit right away.

[polonus]

Hi Donovansrb10,

You have to promise me now to use a realtime link checker before ever considering going to such a site again. At least check the link before you click it.
Finjan Secure Browsing  is a good one to use in whatever browser you use.
Why don't you use a virtual browser environment like Sandboxie, you can throw it all after the infection after you close the section or better still download pendrive linux Quemy PDL onto a pendrive (USB stick) and browse with epiphany browser on linux (you can surf without the virus issues you have with Windows) and maybe you will turn your windows box into a linux - ubuntu distro machine,

polonus

[!Donovan]

I do use a link scanner, WOT but It got somehow uninstalled in the madness.

[CharleyO]

***

WOT is not all that good since any newbie, idiot, malware writer, etc can rate any website.

Polonus suggested Finjan and I suggest you start using that before your computer becomes a door stop.


***

[!Donovan]

I don't even know what is a Finjan...

[Hard_ROCKER]

Fix both of the O6 entries in HJT to get rid of those admin restrictions. Pay attention to what Polonus and CharleyO are telling you, they know what they are talking about.

[mkis]

I think the intent behind WOT is good (perhaps was good). For your average computer user there needs be stepping stones that are simple to use and provide some kind of participation in good web practice. WOT is very middle of the road but does help get the message out there as long as it doesn't become overly abused, as you say.

Also, I thought booting into Safe Mode would have circumvented the above problem - in so much as, should have been able to log in as administrator.

One of the things about not being in close proximity to malware is that you tend to get out of touch with what is possible and not possible when some infection is actually active in someone's computer.  

[!Donovan]

When I remove the o6's they come back!

I'm trying hXXp://sodadome.com/aac.txt now.

[Hard_ROCKER]

Try running HJT in safe mode and then fixing them.