restrictions-system administrator?

Someone please help me. I have no Control Panel, can't right click and change my Desktop properties, can't get into My Computer properties, etc. I get this message: This operation has been cancelled due to restrictions on this computer. Please contact your system adminstrator.

What gives? I don't have a system adminsitrator (not on a network--never have been). I'm at a standstill because I can't do anything because of some restriction that I didn't put into place.

I've run Spybot S&D (1 problem fixed: DSO Exploit), Adaware (10 registry keys, 2 registry values, and 1 file identified and fixed), AVG shows no viruses found. All these prog's have the latest updates installed. After running these prog's, I rebooted the pc and still get the same message--nothing's helped so far.

I haven't done anything new, other than install the new version of AVG, and it's working flawlessly.

Thank you in advance. Any and all suggestions about how to fix this problem is greatly appreciated. I hope I've included enough info to be helpful and I'm not a pc guru so it'd be great if suggestions were in dummy lingo for me.

[log removed]

HP XE783
Intel Celeron 700MHZ
512MB RAM
dial-up connection
Adaware 6.0
Spybot S&D 1.3
AVG Free 7.0.300
Zone Alarm Free 5.0.590.015

 

Well, if you believe there is some sort of an infection then this should really be in the 'Spyware Specific', also try not to copy/paste anything in the post until it is asked by one of the moderators/experts, ok?
Without further comments and any analysis of the HJT log, try this (if you don't get more accurate help) for the time being:

1) Close all the background application.

2) Right-click on an empty part of the Taskbar (the gray solid bar at the bottom of your screen) and the left-click on Task Manager.

3) Click on the 'Processes' tab and high-lite and then 'End Process' each one of these processes (if any still exist). ter done try to see if the previous symptoms still exist or not.

C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ZIPMAGIC\ZM32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE <--hmm..
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE <--??
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\PASSWORD CORRAL\PASSWORD.EXE <--??
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\REGEDIT.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE <--- Multiple instances of IE running?
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE 4.2.6\LIMEWIRE.EXE
C:\Program Files\Absolute Solitaire\ABSOLUTE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.ZIP\HIJACKTHIS.EXE


If system seems to run fine afterwards, then one of the applications/processes is messing up the system (duh), if not then registry might have become corrupt...I have not analyzed the unknown executables but even though some sounded odd, nothing suggested a virial infection.
But remember run HJT from a location such as C:\HijackThis\HijackThis.exe and more importantly you should not have Internet Explorer running. Close out all unneeded application as well which are on the list above...
Re-post and let us know.
PS. some of the processes belong to valid and solid apps such as ZoneAlarm and AVG virus scanner but for troubleshooting purposes I suggest you kill em all.

 

Thanks for replying Turcoloco. First, I don't know if there is some sort of infection (AVG doesn't show any). I have no idea what the problem is. Second, sorry about posting HJT log w/o being asked. Just thought it'd be of some help and save time--didn't mean to break any rules. I'm sort of new to this.

I did as you instructed: Right click on open space of taskbar, and then left clicked. All that shows up is: Toolbars, Adjust Date/Time, and Properties.

The system runs fine and nothing is out of order, except that I don't have Control Panel, can't get into My Computer properties, change Desktop settings, etc.

I also did as you instructed and stopped all running processes that I know how to do and ran HJT in Windows Explorer from C:\Hijack This\HijackThis.exe

Hope I am doing all of this correctly. Here is the HJT scan results:
[log removed]

 

PLEASE!!! do not post inline logs.. upload them as attachements.

READ ME FIRST: Basic Spyware, Trojan And Virus Removal

NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Yes, Kodo is right. Follow the instructions posted on the link that he gave.
Welcome to MG and do not feel bad about breaking rules (the first time) but if you do it the second time you will find out real quick why Kodo likes 'Sock Puppets' !

Since 'Task Manager' seemes to be deleted from the right-click menu of Taskbar, try holding down the CTRL+ALT-DEL keys to see if you can get to Task Manager that way to try the steps but from what I am gathering you do have some sort of an infection on your system.
Also FYI: AVG and most other virus scanners may not catch certain spyware infections.

Follow the instructions on the posted link first, then repost and let us know.

 

Turcoloco, when I click on the link that Kodo gave, it loads a new window, but says: The page cannot be displayed. I've hit the refresh button numerous times with no luck. I've also searched MG for the HJT tutorial and log posting rules with no luck finding either. I hate to admit that I'm this dumb about all this.

If you could tell me where to find this info, I'll read it thru before doing any more posting. I just want to follow the forum procedures correctly and try to get my problem solved. Meanwhile, I'll keep looking for the info on the link.

 

Howdy, Empty Pockets (man, I know that feeling!). Just go to the "Spyware Specific" forum; all the threads you need to read are at the top. Good luck!

 

must have clicked the links as I was fixing them.. the links work now.

 

Thanks guys. I'll read them carefully and follow all the steps. Then I'll post again later with the results.

 

bump

 

After carefully reading the page "Read Me Before Asking For Support" by Major Attitude as suggested by Turcloco and Kudo, I was enlightened (and busy).

I forgot to mention in my previous posts that I deleted the WinME System Restore folder thru DOS about 2 years ago from instructions I found on the web. I never could get it to work right for me, and, after discovering that viruses reside there and could reinfect the system, it was "adios" to that baby. The pc has run fine without it.

Additionally, before all this "operation cancelled due to restrictions. Contact my system administrator" stuff started, I was getting that lousy Windows Logon prompt, so I used Tweakui to get rid of it. I can't remember for sure (wasn't taking notes at that time), but I think I might've gone to the Network icon in Control Panel and changed to Windows Logon. Since then is when the above mentioned problem started.

This is what I've done since my last post to try and resolve this issue once and for all (still no success though).

1. AVG 7.0.300-Windows mode=No virus found
Safe mode=No virus found

2. Trend Micro Housecall-No viruses found

3. Symantec Security Check-
Online Threats:
Hacker Exposure Check=Safe
Windows Vulnerability Check=Pc's identity is secure
Trojan Horse Check=Pc and data not vulnerable to trojan horse
Antivirus Product Check=No known virus protection software found. (Although
I AM running AVG)
Virus Detection=0 files infected on disk drive
No viruses detected in memory

4. Spybot S&D 1.3-Windows mode=DSO Exploit--indentified and removed. (Also
immunized
Safe mode=DSO Exploit--identified and removed

5. Adaware 6.0-Windows mode=2 registry values identified and removed
Safe mode=2 registry values identified and removed

6. Spyware Blaster 3.2-installed and all protections enabled

7. CCleaner 1.16.084-Windows mode:
Windows tab=53 items removed, 2 marked for deletion (these
were C:\Windows\Cookies\index.dat and C:\
Windows\Temp. Int. Files\Content.IE5\
index.dat)
Applications tab=2 marked for deletion (same as above)
Issues tab=74 items selected and fixed (backed up registry)
Safe mode:
Windows tab=55 items removed, 2 marked for deletion (same
as above)
Applications tab=2 marked for deletion (same as above)
Issues tab=3 items selected and fixed (backed up registry)

8. McAfee AVERT Stinger 2.4.7-Windows mode=No viruses,trojans, or variants. 59540
clean files
Safe mode=No viruses, trojans, or variants. 70670
clean files

9. CWShredder 2.12-Windows mode=CoolWebSearch was not found on this system
Safe mode=CoolWebSearch was not found on this system

10. Kill2Me 1.11-Windows mode=No signs of an infection were found on the system.
Continued anyway: Look2Me removed if it was
present
Safe mode=No signs of an infection were found on the system.
Continued anyway: Look2Me removed if it was present

11. Removed MS Java with MSJVM Removal Tool 1.0a

12. Installed Sun Java

This thing has had the guts scanned out of it and I still don't understand why I need to contact a system adminstrator to find my Control Panel, get into My Computer properties, change Desktop properties, and Lord knows what else I can't do. LOL

 

Infection checkup was a common procedure but I always had a feeling that the problem was caused by inproper modification of the global/user policiy settings and/or the related registry settings. Of course this could have been done by a virial infection too but since that is ruled out not to be the case, let's move on:

Just to clarify, you're using WindowsME and System Restore is disabled, right?
if so;
~ Are you able to get in the Windows registry? (Start > Run > regedit > OK)
Yes or No, let me know.
~ Do you still use a User account to logon to Windows?
if Yes;
~ Do a START > Search/Find > *.pwl > Search/Find and let me know what comes up.
~ Do you still have TweakUI installed? (I might have you use it later).

 

Turcoloco, you have all been so patient and understanding with me and I greatly appreciate that kindness. In the future, if, and when, I have pc prob's I'll come here first because you have all made me feel at ease here. I had this issue posted on 3 other support forums and they weren't nearly as friendly or willing to take the time to "lead me by the nose" as you guys are, but, fortunately, I did find the solution to my prob on one of them.

RegEdit>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Then, change value in NoControPanel from 0000 01 00 00 00 to 0000 00 00 00 00. Rebooted and everything was back to normal. Good enough for the girls I run with anyway. So far, everything looks GREAT again.

Although it took a lot of time and effort, all the steps in the "Read Me Before You Ask For Support" page gave me a LOT of knowledge I didn't have before, and the comfort in knowing that I KNOW I have a clean pc now. (Also found a lot of prog's that'll be very useful in the future).

From your last post I'm guessing you already had it in mind what my prob was and would get it fixed for me. Once again, you are a great group of people and I'll be back often--even if just to browse and throw in my two cents worth if I know the answer.

Once again, thanks to all of you for making me feel comfortable using this forum.