Topic: I cant run msconfig

[einherjar]

helo there i know (perhaps this may be a common problem) but i cant run (or execute rather) the msconfig.. in the run dialog box..
 i have read on other forums about looking it in the regedit.. here is my screenshot



 i didnt change anything yet because its a bit technical for me on changing register..
maybe i suspect a malware.

here are the things i tried
- typing msconfig on run dialogbox (nothing happens)
- regedit works fine
-taskmanger is fine
- my mcafee vse 8.5 didnt suspect a spyware/virus/malware
- i tried to search msconfig in search dialog (all files and folders) i receive 0 results(is this bad)
- but when i tried to locate it manually(they say it stays in c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe)
is this it?


if you want more info just tell what to do

thanks in advance for the help.. 

[Samker]

Hi einherjar,

don't worry we will help you to resolve this problem.

If I understand you correctly, you don't change your registers?? That's good, since I suspect on problem with some Malware... additionally I need information how do you notice this problem with msconfig, what do you try to change and why??


After that please follow next instruction:


1. Run Panda or BitDefender Online AntiVirus Scan: http://scforum.info/index.php/topic,734.0.html

2. Download & run HijackThis: http://scforum.info/index.php/topic,785.0.html

3. Provide us logs from HijackThis & AntiVirus Online Scan


I'll wait your reply (with logs).

Regards,

Samker

[neerajrawat1]

@einherjar

also tell us about your computer specs including your OS and what you wana do with msconfig

[einherjar]

hi..sorry for the delay.. the power was cut off due to "rotational power cutoff" in our place

the reason wanted to run msconfig is to disable some unnecessary programs that automatically load on start up..
--i have read some sources that i can do that using msconfig(so i tried to run msconfig and then error dialog says windows cannot find msconfig)
--
my computer specs
ms windows xp prof sp3 32-bit
processor: intel core 2 duo cpu E4500 @2.2GHz
1.00GB ram
radeon x1550 series (video card)
antivirus: mcafee vse 8.5i w/ the latest patch
i also installed tune up utilities 2011
--

ok here is my panda result(im shocked i have 4 infected files) i copied the result txt.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-12-24 21:39:56
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
McAfee VirusScan Enterprise                  8.5.0.781                     Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\documents and settings\administrator\cookies\administrator@doubleclick[1].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\documents and settings\administrator\cookies\administrator@ad.yieldmanager[1].txt
00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\documents and settings\administrator\cookies\administrator@overture[1].txt
00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           c:\documents and settings\administrator\cookies\administrator@zedo[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
223917    HIGH           MS10-084
223916    HIGH           MS10-083
223914    HIGH           MS10-081
223909    HIGH           MS10-076
223906    HIGH           MS10-073
223904    HIGH           MS10-071
223355    HIGH           MS10-069
223353    HIGH           MS10-067
223352    HIGH           MS10-066
223349    HIGH           MS10-063
223346    HIGH           MS10-061
222627    HIGH           MS10-054
222626    HIGH           MS10-053
222622    HIGH           MS10-049
222621    HIGH           MS10-048
222620    HIGH           MS10-047
222470    HIGH           MS10-046
222062    HIGH           MS10-042
221290    HIGH           MS10-035
221289    HIGH           MS10-034
221287    HIGH           MS10-032
219830    HIGH           MS10-029
219822    HIGH           MS10-021
219821    HIGH           MS10-020
219647    HIGH           MS10-018
217842    HIGH           MS10-015
217839    HIGH           MS10-012
217838    HIGH           MS10-011
217834    HIGH           MS10-008
217832    HIGH           MS10-006
217831    HIGH           MS10-005
217169    HIGH           MS10-002
216839    HIGH           MS10-001
215938    HIGH           MS09-072
215935    HIGH           MS09-069
215048    HIGH           MS09-065
214076    HIGH           MS09-059
214075    HIGH           MS09-058
214074    HIGH           MS09-057
214073    HIGH           MS09-056
214072    HIGH           MS09-055
214071    HIGH           MS09-054
213109    HIGH           MS09-046
;===================================================================================================================================================================================


here is my hijackthis result i also copy the txt (i click scan and save log file)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:40:01 PM, on 12/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\Internet Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoomail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R3 - URLSearchHook: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla2.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla2.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla2.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 8850 bytes


======
did i do right?

anyways tanx for the help in advance
 

[neerajrawat1]

First of all restart your computer and as soon as it will come back you will see a screen which says press F1/F2/Delete/ESC to enter setup or BIOS either of the key depending upon the motherboard of your pc immediately start tapping F8 function key and keep pressing it alternatively till you see a black screen like below


among all the options you need to select safe mode with networking
then login to the pc to the admin account or any account with admin rights
Now at the very first step download malwarebytes from the link below update it and run a
full system scan (sometimes the virus will not allow you to download it from there host so i
have also uploaded and provided alternate links make sure you always update it to the
latest virus definitions)

http://www.malwarebytes.org/

after a full scan(time will depend upon the size of your hard disk and the data on it)
download superantispyware from the below given link and alternate servers and do a full
system scan(always follow the instructions after scan might be it will ask you to restart the
computer so do the needfull)

http://portable.superantispyware.com/sassaferun.php

now download kaspersky virus removal tool from the below mentioned links and do a full
system scan and remove the malwares



http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

Now the final step which we should do for added security is to run a scan using Emsisoft
Anti-Malware from the given link


http://www.emsisoft.com/en/software/antimalware/

Anyhow anywhere during the troubleshooting process if you find difficulty in downloading the softwares run the rkill software which will kill all the malware processes which could be blocking the software download

http://download.bleepingcomputer.com/grinler/rkill.com

[neerajrawat1]

after this u can also try this as an alternative for msconfig

http://codestuff.tripod.com/products_starter.html

[Samker]

Hi again einherjar, after you finish steps provided by neerajrawat1... please run again HijackThis and (this time) BitDefender Online scan and provide us new logs.

cya later,

S.

 

[einherjar]

hi there.. i tried what neerajrawat1 told me.. but when i start to run on safe mode with networking.. i stopped at a blue screen

says:
a problem has been detected and windows has been shut down to prevent damage to your computer.

i dont have problem on my hardrives they are properly terminated(as what the windows suggested)
i do chkdsk but after doing that still arrive at the blue screen..

my normal mode works still fine.. only the safe mode w/ network dont run.. even safe mode doesnt work..

it keeps going 1 problm to another

anyways if it is impossible to resolve the problem maybe i should reformat..

anyways thanks in advance for the help ..

[Samker]

hmmm, probably that's another signal of infection...

Don't worry, we'll do our best to help you to clean your Comp.   formatting is last solution. Anyway to be sure, backup your important things (photos, music, documents...).

Right now We'll make a scan only with following tools in "Normal" mode:

Sophos Computer scan: http://www.sophos.com/products/free-tools/free-security-scans.html

SuperAntiSpyware: http://scforum.info/index.php/topic,116.0.html


After that only test can you run msconfig and Safe mode, finally provide us new logs from HJT and BitDefender Online scan.


cya later,

S.

[einherjar]

helo.. before i do anything..
 about the reformating ..stuufff
 it looks like im gonna use  this os for a little bit longer.. i dont have external hardrives or dvds for backup .. and

il do whatever i can as long as this os wont die yet(nothing worst happen)... i dont mind anymore about running the msconfig..

if it is possible to clean without a possiblity of crashing il do it.. but if there is a catch maybe i wont do anything..

thanks in advance for the help

il give the log report later..   anyways merry christmas