Results 1 to 5 of 5
  1. #1
    Member
    Join Date
    Sep 2012
    Posts
    2
    Points
    0

    Default Spybot cannot remove two entries saying I am not the adminstrator

    But, I am the adminstrator and have only the one profile set up. I had some nasty stuff on my computer and did a system restore, ran spybot, avast, and malware bytes and it all seems ok now. But I am running stuff regularly and receently got two things, Babylon Toolbar and SweetIM, which I have uninstalled but they keep showing up on Spybot. Also, hijack this says I am not running as administrator. Wondering if this is a remnant of the trojans/viruses I got rid of. When I look at my profile (Win 7) it all looks good and it says I am the administrator.

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 09/06/2012 at 12:28 PM

    Application Version : 5.5.1016

    Core Rules Database Version : 9183
    Trace Rules Database Version: 6995

    Scan type : Quick Scan
    Total Scan Time : 00:16:09

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 576
    Memory threats detected : 0
    Registry items scanned : 31331
    Registry threats detected : 0
    File items scanned : 13255
    File threats detected : 57

    Adware.Tracking Cookie
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\K4ZEL0T8.txt [ /media6degrees.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\CQQ9K33H.txt [ /adbrite.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\KIQUU5GP.txt [ /zedo.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\2XJRT9B0.txt [ /ads.pointroll.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\V2E80WPY.txt [ /specificclick.net ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\0XY1ZPNZ.txt [ /ad.yieldmanager.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\WRWBO3E3.txt [ /invitemedia.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\048FAAJ8.txt [ /imrworldwide.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\TVCSBMDE.txt [ /insightexpressai.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\168051QV.txt [ /a1.interclick.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\A88KF7JU.txt [ /ad.wsod.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\2S2I4YEG.txt [ /c.atdmt.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\NVMGCYUW.txt [ /pointroll.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\AH671F3L.txt [ /at.atwola.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\GBUQK1XY.txt [ /rambler.ru ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\PPGN9IZ0.txt [ /kontera.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\DNDZ4DOP.txt [ /fastclick.net ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\A1AR1ENC.txt [ /doubleclick.net ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\G54SEF78.txt [ /uac.advertising.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\4WVY988K.txt [ /ru4.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\ZP45FI4T.txt [ /casalemedia.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\X5L3AYNX.txt [ /atdmt.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\YD3B2XWJ.txt [ /questionmarket.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\M2P39TJR.txt [ /adinterax.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\FX72PD77.txt [ /msnportal.112.2o7.net ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\E00Y1BQ8.txt [ /yieldmanager.net ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\Q05KRN94.txt [ /apmebf.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\3PM0CP0D.txt [ /bs.serving-sys.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\UM6CP8UK.txt [ /advertising.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\PU62W6P9.txt [ /serving-sys.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\I22IE3IK.txt [ /t.pointroll.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\WS83CA8Y.txt [ /intermundomedia.com ]
    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Cookies\4PNM6YOQ.txt [ /interclick.com ]
    C:\USERS\ACER\AppData\Roaming\Microsoft\Windows\Cookies\QM0N4UYR.txt [ Cookie:acer@ad.yieldmanager.com/ ]
    C:\USERS\ACER\Cookies\K4ZEL0T8.txt [ Cookie:acer@media6degrees.com/ ]
    C:\USERS\ACER\Cookies\KIQUU5GP.txt [ Cookie:acer@zedo.com/ ]
    C:\USERS\ACER\Cookies\2XJRT9B0.txt [ Cookie:acer@ads.pointroll.com/ ]
    C:\USERS\ACER\Cookies\V2E80WPY.txt [ Cookie:acer@specificclick.net/ ]
    C:\USERS\ACER\Cookies\QM0N4UYR.txt [ Cookie:acer@ad.yieldmanager.com/ ]
    C:\USERS\ACER\Cookies\WRWBO3E3.txt [ Cookie:acer@invitemedia.com/ ]
    C:\USERS\ACER\Cookies\TVCSBMDE.txt [ Cookie:acer@insightexpressai.com/ ]
    C:\USERS\ACER\Cookies\168051QV.txt [ Cookie:acer@a1.interclick.com/ ]
    C:\USERS\ACER\Cookies\NVMGCYUW.txt [ Cookie:acer@pointroll.com/ ]
    C:\USERS\ACER\Cookies\AH671F3L.txt [ Cookie:acer@at.atwola.com/ ]
    C:\USERS\ACER\Cookies\GBUQK1XY.txt [ Cookie:acer@rambler.ru/ ]
    C:\USERS\ACER\Cookies\DNDZ4DOP.txt [ Cookie:acer@fastclick.net/ ]
    C:\USERS\ACER\Cookies\A1AR1ENC.txt [ Cookie:acer@doubleclick.net/ ]
    C:\USERS\ACER\Cookies\G54SEF78.txt [ Cookie:acer@uac.advertising.com/ ]
    C:\USERS\ACER\Cookies\4WVY988K.txt [ Cookie:acer@ru4.com/ ]
    C:\USERS\ACER\Cookies\ZP45FI4T.txt [ Cookie:acer@casalemedia.com/ ]
    C:\USERS\ACER\Cookies\X5L3AYNX.txt [ Cookie:acer@atdmt.com/ ]
    C:\USERS\ACER\Cookies\M2P39TJR.txt [ Cookie:acer@adinterax.com/ ]
    C:\USERS\ACER\Cookies\FX72PD77.txt [ Cookie:acer@msnportal.112.2o7.net/ ]
    C:\USERS\ACER\Cookies\3PM0CP0D.txt [ Cookie:acer@bs.serving-sys.com/ ]
    C:\USERS\ACER\Cookies\UM6CP8UK.txt [ Cookie:acer@advertising.com/ ]
    C:\USERS\ACER\Cookies\WS83CA8Y.txt [ Cookie:acer@intermundomedia.com/ ]
    C:\USERS\ACER\Cookies\4PNM6YOQ.txt [ Cookie:acer@interclick.com/ ]
    Malwarebytes Anti-Malware 1.62.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2012.09.04.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    acer :: ACER-PC [administrator]

    Protection: Enabled

    9/6/2012 12:16:15 PM
    mbam-log-2012-09-06 (12-16-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199560
    Time elapsed: 11 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    hijackthis.logmbam-log-2012-09-06 (12-16-15) latest.txtSUPERAntiSpyware Scan Log - 09-06-2012 - 12-28-28.log

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi mflowers200,

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    If you have since resolved the original problem you were having, we would appreciate you letting us know, otherwise please follow the instructions provided below:

    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the Search button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.


    Thank you,

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Sep 2012
    Posts
    2
    Points
    0

    Default

    Did as instructed and ran ADW. It seems to have removed the Babylon and SweetIm entries but now I have mutliple trojans. I can only deduce that it is all related since nothing else was running. Seems very odd that you would have me run Superantispyware and then run a different similar tool after that. I have decided to take my machine to a trusted professional.

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi mflowers200,

    Fireman4it (our trusted malware removal expert) and I had discussed the possibility of a rootkit infection on your machine which could have changed the permissions on your acct from Admin to Limited. We asked that you post the log from the search to see if any files indicating a rootkit were present before we proceeded to have you delete Babylon and SweetIm to prevent further damage to the system. The multiple trojans that are present can be an indication that the MBAM, SASW, and all the other programs that you ran prior to posting here could not and will not remove a rootkit infection. Deeper scanning tools will need to be used to diagnosis and remove that infection.

    If you do any online banking, ebay shopping, etc. what so ever on this machine, I would change all your passwords using a known clean machine. Even if you do take it to a "trusted professional".

    SASW is nowhere similar to AdwCleaner at all. I'm happy that the Babylon and SweetIm are removed but your infection seems to go deeper then what you realize. Taking your computer to another trusted professional is your choice. Thanks for letting us know.

    I'll have an Administrator close this thread. If you find a need to have it reopened, please PM myself or Fireman4it.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    This thread will now be closed since the issue seems to be resolved.

    If you need this topic reopened, please send me a PM and I will reopen it for you.

    If you should have a new issue, please start a new topic.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-