Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Userxp.exe Error


  • Please log in to reply
2 replies to this topic

#1 barlae

barlae

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 03 January 2008 - 11:10 AM

Hi

My Problem is same as other topic about winxp.exe,


----
1. Task Manager was disabled. Everytimes I tried to open Task Manager by using crtl-alt-del, a message was shown up - Task Manager has been disabled by your administrator. Task Manager also greyed out if I tried to access it through right-click on Task Bar.

2. There was a message came up everytime when I started/re-started the laptop - Title: C:\windows\system32\USERXP.exe; Message body: Windows cannot find 'C:\windows\system32\USERXP.exe'.

3. right-click on any item in Windows Explorer won't show the context menu

4. Control Panel missing/disappear from Start menu. I could not get it by any mean.

5. Command Prompt was disabled by administrator. (As before, I have admin right)

6. I could not bring up the Property window of Task Bar. The message was: This operation has been cancelled due to restrictions in effect on this computer.

7. Desktop icons was all disappeared
-----

and I tried , msncleaner.exe and SDFix.exe according to instruction.

as soon as i know infected, i tested with 2 users name, adminstrtor and other user accounts with administrator right.
I fix the adminstrator user account first and it is successful. but when i tested another user account with admin right,

got the error message "The command prompt has been disabled by your administrator. Press any key to continue..." but start>run command is disappeared in my laptop.

now, i have to fix both users with "The command prompt has been disabled by your administrator. Press any key to continue..." and problem is as same as above.

pls help.

best regards,

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 03 January 2008 - 11:20 AM

Try the fix at Kelly's Korner to get the Admin functions back.

Lift Restrictions - TM, Regedit and CMD - #275 on the left.

Right click on it and save the .reg/.vbs file to your desktop. Then, double click on the file icon (on your desktop) to merge it into your registry/run the script. You may need to reboot your computer for the changes to take affect.

With any fix like this you should create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 barlae

barlae
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 04 January 2008 - 11:41 AM

Thanks a lot,

nearly All of the problem have been solved except I could not bring up the Property window of Task Bar. The message was: This operation has been cancelled due to restrictions in effect on this computer.

and I would like to know SDFix is compactible with windows 2003 or not.

Best Regards


Pls report here,
--------------------------------------------------------------------------------------------------------------
- Logfile MSNCleaner 1.5.0 by www.forospyware.com
- Created Logfile: 1/4/2008 on 3:13:08 PM
- Operative System: Windows XP
- Boot mode: Normal
_________________________________________

Detected files: 0
Deleted file: 0
Undeleted Files: 0

<<<<<<< No file found >>>>>>>
----------------------------------------------------------------------------------------------------------------------

SDFix: Version 1.122

Run by TUN on Fri 01/04/2008 at 12:03 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\TUN\LOCALS~1\Temp\uninstall.exe - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS.0
No streams found.

C:\WINDOWS.0\system32
No streams found.

C:\WINDOWS.0\system32\svchost.exe
No streams found.

C:\WINDOWS.0\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 00:12:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS.0\\system32\\sessmgr.exe"="C:\\WINDOWS.0\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"="C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\\Documents and Settings\\TUN\\Desktop\\iperf.exe"="C:\\Documents and Settings\\TUN\\Desktop\\iperf.exe:*:Enabled:iperf"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"G:\\EA GAMES\\Need For Speed Underground\\Speed.exe"="G:\\EA GAMES\\Need For Speed Underground\\Speed.exe:*:Enabled:Speed"
"C:\\Program Files\\Visicron\\VZOchat\\VZOchat.exe"="C:\\Program Files\\Visicron\\VZOchat\\VZOchat.exe:*:Enabled:VZOchat"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 4 Jun 2007 211 ..SH. --- "C:\BOOT.BAK"
Wed 14 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 1 Jun 2004 77,824 A..HR --- "C:\Documents and Settings\Han\Local Settings\Temp\hpbinsmg.dll"
Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS.0\SoftwareDistribution\Download\1db9e52f9e862450a2af87f2f5a16dbc\BITAE.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS.0\SoftwareDistribution\Download\573b8bee2d25ffedabde94732ae6dbae\BITC5.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS.0\SoftwareDistribution\Download\a53bf224a188f23c622431aa5c569c34\BIT183.tmp"
Tue 23 Oct 2007 0 A..H. --- "C:\WINDOWS.0\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT114.tmp"
Mon 26 Mar 2007 51,078 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp"

Finished!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users