Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

msconfig won't start..

(New)
(!)

tnik's Avatar
tnik tnik is offline
Member with 735 posts.
THREAD STARTER
 
Join Date: Aug 2003
03-Aug-2003, 02:03 AM #1
msconfig won't start..
I started this thread over in the OS section, but figured I could put it here too.. not sure if its a virus problem or an OS problem, but msconfig wont run.. the link has all the output logs that I think you would need.. thanks for any input you can give me..
RSM123's Avatar
Member with 5,531 posts.
 
Join Date: Aug 2002
Location: London
03-Aug-2003, 05:16 AM #2
Not sure if they will help but see these links to similar errors :

http://www.computing.net/windowsme/w...rum/35134.html

http://www.annoyances.org/exec/forum/winxp/t1028499187

If you are receiving any error messages please post them here as someone else may have experienced them before.
tnik's Avatar
tnik tnik is offline
Member with 735 posts.
THREAD STARTER
 
Join Date: Aug 2003
03-Aug-2003, 01:16 PM #3
Thanx RSM but I've already found those and tried those... Im not receiving any error messages, thats whats getting to me.. :/ I type msconfig in the run GUI, the mouse Icon turns into a sand clock for 2 secs, and nothing happens..
IMM's Avatar
IMM IMM is offline IMM is authorized to help remove malware.
Malware Removal Specialist with 3,259 posts.
 
Join Date: Feb 2002
03-Aug-2003, 01:18 PM #4
It's the W32.spybot.gen worm (or similar)

Post the scan log from HijackThis
Unzip somewhere to keep (the backups it makes will end up in the same folder) and run hijackthis.exe - press scan - the Scan button changes to a Save Log button. Save, and then copy and paste the entire log here.
Dont' choose to fix anything yet - most entries will be harmless
tnik's Avatar
tnik tnik is offline
Member with 735 posts.
THREAD STARTER
 
Join Date: Aug 2003
03-Aug-2003, 01:33 PM #5
this is from the other thread.. here goes..

Logfile of HijackThis v1.96.0
Scan saved at 12:24:46 AM, on 8/3/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vfsSrvr.exe
C:\WINDOWS\System32\dfService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Deerfield.com\VisNetic FTPServer\vfsTray.exe
C:\Program Files\Deerfield.com\VisNetic FTPClient\dfClipM.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\United Devices\UD.EXE
C:\Program Files\United Devices\ud_1706422.exe
C:\Program Files\United Devices\ud_1706422_0.dir\ud_ligfit_Release.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tnik\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = h4x0rd
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Custom Search URL = 
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\tnik\Application Data\Mozilla\Profiles\default\sd202j8v.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\tnik\Application Data\Mozilla\Profiles\default\sd202j8v.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_1.1.70-big.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_1.1.70-big.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VisNetic FTPServer Tray App] C:\Program Files\Deerfield.com\VisNetic FTPServer\vfsTray.exe
O4 - HKLM\..\Run: [VFC Clipboard Monitor] C:\Program Files\Deerfield.com\VisNetic FTPClient\dfClipM.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [nbprocrk] nbprocrk.bat
O4 - HKLM\..\Run: [SVKP] nbprocrk.reg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: RAMIdle.lnk = C:\Program Files\Customizer XP\RAMIdle.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_1.1.70-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_1.1.70-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_1.1.70-big.dll/cmcache.html
O8 - Extra context menu item: Convert to Palm e-Book - C:\Program Files\CnPUG-WavePDB\WavePDB.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download by Re&Get Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_1.1.70-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_1.1.70-big.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: IE2PDB (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...swdir8d196a.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7679.3950462963
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

----------------------------------------------------------------------------------

StartupList report, 8/3/2003, 12:25:42 AM
StartupList version: 1.52
Started from : C:\Documents and Settings\tnik\Desktop\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vfsSrvr.exe
C:\WINDOWS\System32\dfService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Deerfield.com\VisNetic FTPServer\vfsTray.exe
C:\Program Files\Deerfield.com\VisNetic FTPClient\dfClipM.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Customizer XP\RAMIdle.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\United Devices\UD.EXE
C:\Program Files\United Devices\ud_1706422.exe
C:\Program Files\United Devices\ud_1706422_0.dir\ud_ligfit_Release.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tnik\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\tnik\Start Menu\Programs\Startup]
UD Agent.lnk = C:\Program Files\United Devices\UD.EXE

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
RAMIdle.lnk = C:\Program Files\Customizer XP\RAMIdle.exe
HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
VisNetic FTPServer Tray App = C:\Program Files\Deerfield.com\VisNetic FTPServer\vfsTray.exe
VFC Clipboard Monitor = C:\Program Files\Deerfield.com\VisNetic FTPClient\dfClipM.exe
vptray = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
nbprocrk = nbprocrk.bat
SVKP = nbprocrk.reg
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
NVIEW = rundll32.exe nview.dll,nViewLoadHook

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=NVDESK32.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\windows\googletoolbar_en_1.1.70-big.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/...swdir8d196a.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.c...7679.3950462963

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

[{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------


ok.. trendmicro just finished.. It found nothing :/ I hate windows at times.. really I do..

oh, I've ran search and destroy and adaware, neither have come up with anything..
IMM's Avatar
IMM IMM is offline IMM is authorized to help remove malware.
Malware Removal Specialist with 3,259 posts.
 
Join Date: Feb 2002
03-Aug-2003, 04:13 PM #6
I'm not sure exactly what to tell you.

First, the h4x0rd as an IE window title is usu. a pretty good indication that someone has got at you (perhaps you ran a download on chat or something?) unless of course you did it yourself.

Can you account for all the software running as something you installed?

Next - the distributed computing app (United Devices) should be taken out of your startups while you are troubleshooting. If no msconfig then regedit? perhaps msconfig works from safe mode?

You should also disable the RAMIdle while troubleshooting. At any rate I'm not really sure about the wisdom of using a utility like that in conjunction with a distributed computing app.

If you can't find another way to get rid of them then use HJT for the purpose - it can be fixed later.

There are some things that should be removed using HJT - have HJT FIX the following (with IE closed)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = h4x0rd
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Custom Search URL = 


Does it work with your FTP server turned off?

What I would suggest after this, is that you download Process Explorer
Unzip the package to a location where you will keep it for future use.
Run the extracted procexp.exe file from that location and then right click on a task which isn't essential. Choose Kill.

If the process is successfully terminated - it will vanish from the task list (much like using Ctrl-Alt-Delete and choosing End Task)
Killing a task in this fashions does not delete any files or registry items - it just gets the task out of the way so that the files we wish to delete are not in use.

After removing a task using procexp try running msconfig - if msconfig now works then we might have found the culprit.
In particular - try the dfService.exe task

Last edited by IMM; 03-Aug-2003 at 04:26 PM..
IMM's Avatar
IMM IMM is offline IMM is authorized to help remove malware.
Malware Removal Specialist with 3,259 posts.
 
Join Date: Feb 2002
03-Aug-2003, 04:32 PM #7
You did install UD for medical research projects or similar?
For those who haven't seen it - it's along the lines of SETI@home

some links
http://www.ud.com/home.htm
http://www.grid.org/download/gold/download.htm
http://www.intel.com/cure/anthrax.htm

etc.
tnik's Avatar
tnik tnik is offline
Member with 735 posts.
THREAD STARTER
 
Join Date: Aug 2003
03-Aug-2003, 04:35 PM #8
Quote:
First, the h4x0rd as an IE window title is usu. a pretty good indication that someone has got at you (perhaps you ran a download on chat or something?) unless of course you did it yourself.
-- Nah, that was me messing with my wife..


Quote:
Can you account for all the software running as something you installed?
-- yes

Quote:
Next - the distributed computing app (United Devices) should be taken out of your startups while you are troubleshooting. If no msconfig then regedit? perhaps msconfig works from safe mode?
-- I tried it, no difference, regedit works, msconfig doesn't

Quote:
You should also disable the RAMIdle while troubleshooting. At any rate I'm not really sure about the wisdom of using a utility like that in conjunction with a distributed computing app.
--did it, no difference

Quote:
If you can't find another way to get rid of them then use HJT for the purpose - it can be fixed later.

There are some things that should be removed using HJT - have HJT FIX the following (with IE closed)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = h4x0rd
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Custom Search URL = 
--did it, no difference

Quote:
Does it work with your FTP server turned off?
--newp

Quote:
What I would suggest after this, is that you download Process Explorer
Unzip the package to a location where you will keep it for future use.
Run the extracted procexp.exe file from that location and then right click on a task which isn't essential. Choose Kill.
--Killed everything that I think I could have, and no difference..

Quote:
If the process is successfully terminated - it will vanish from the task list (much like using Ctrl-Alt-Delete and choosing End Task)
Killing a task in this fashions does not delete any files or registry items - it just gets the task out of the way so that the files we wish to delete are not in use.

After removing a task using procexp try running msconfig - if msconfig now works then we might have found the culprit.
In particular - try the dfService.exe task
--Killing dfservice doesn't fix it either..

im 1/2 tempted to blow this system away and go back to win2k.. I never had a major problem with it..

Last edited by tnik; 03-Aug-2003 at 04:43 PM..
tnik's Avatar
tnik tnik is offline
Member with 735 posts.
THREAD STARTER
 
Join Date: Aug 2003
03-Aug-2003, 04:38 PM #9
Ever since I've been on the Inet, I've ran some type of distributed software.. It used to be seti@home, now its UD for the shear fact that for every 15 days I log, I get a free gig from easynews.com
IMM's Avatar
IMM IMM is offline IMM is authorized to help remove malware.
Malware Removal Specialist with 3,259 posts.
 
Join Date: Feb 2002
03-Aug-2003, 04:44 PM #10
Let's try the obvious - do a Find (incl hidden and system) for msconfig.exe - how many?
reextract it from the CD?

Do you know how to check file dependecies using something like depends.exe? (v2 with profiling would be the choice)
If so, thy to see how many of the mfc... etc. files you have and where etc.

Registry corruption involving the keys, or file corruption for those checked by msconfig are, I suppose, a possibility.
Startup shortcuts, run keys, win.ini and system.ini (or their equivalent)

Last edited by IMM; 03-Aug-2003 at 04:49 PM..
tnik's Avatar
tnik tnik is offline
Member with 735 posts.
THREAD STARTER
 
Join Date: Aug 2003
03-Aug-2003, 04:58 PM #11
c:\windows\servicepackfiles\i386
c:\windows\pchealth\helpctr\binaries

2 prefetch files in c:\windows\prefetch

all I have is a restore cd and Ive tried to extract from that, it wont let me.. I have d/l it from multiple websites, with no luck.. Ive tried extracting it from an educational version of XP home that I have, and no luck.. I've tried a DLL swap that I've read in another forum, no luck..

all this came about because I wanted to change the %path% statement so my compiler would be easier to access.. I have changed the path statement using the environment settings option, but this has stumped me because msconfig wont work.. Ive lost 1 1/2 days studying c++ because of this, I was leery before, but now I know, I am anal about some stuff.. lol If you cant think of anything else that will help, I think I just might cut my losses and try to forget about this problem.. It just gets under my skin when I can't figure something out about this infernal machine.. you know what they say, the computer is only as smart as its user, and demmit its winning...

wow.. I've never known about the dependecy walker.. I gotta learn this..


oooooo.. lookie here..

Warning: At least one delay-load dependency module was not found.
Warning: At least one module has an unresolved import due to a missing export function in a delay-load dependent module.
thats from the file EFSADU.DLL which has to do with file encryption, I don't think that is what is making it not start..

Last edited by tnik; 03-Aug-2003 at 05:09 PM..
IMM's Avatar
IMM IMM is offline IMM is authorized to help remove malware.
Malware Removal Specialist with 3,259 posts.
 
Join Date: Feb 2002
03-Aug-2003, 05:09 PM #12
I can't see it so who can say but the depends stuff sounds not too different from normal.

What i notice is that c:\windows\pchealth\helpctr\binaries usu. has a startup item for it's msconfig (reg run I think) - have you removed
it?

Any of the paths you played with affect pchealth (lost the path to) or provided a default path to the other?

Try renaming one to .xee then running the other (from it's home dir
) Try it both ways.

Uninstall and reinstall pchealth?
IMM's Avatar
IMM IMM is offline IMM is authorized to help remove malware.
Malware Removal Specialist with 3,259 posts.
 
Join Date: Feb 2002
03-Aug-2003, 05:14 PM #13
Who's c++ - if it's vc6 then what is the service pack level.

You really gotta watch p[eople scattering vc dll's around on installs when you're running that.
tnik's Avatar
tnik tnik is offline
Member with 735 posts.
THREAD STARTER
 
Join Date: Aug 2003
03-Aug-2003, 05:14 PM #14
hell if I know where pchealth came from, must either be with XP or part of the package that I got stuck with..

I tried renaming the file, as soon as I do that a new msconfig.exe appears..
tnik's Avatar
tnik tnik is offline
Member with 735 posts.
THREAD STARTER
 
Join Date: Aug 2003
03-Aug-2003, 05:17 PM #15
I have visual studio 6 installed.. not sure what service pack, I'll go and update..

I also have borlands c++ command line compiler, which I'm presently using..

I can uninstall VS6, since atm im not using it..


LOL the recent service pack for VS6 is pack #5 and it is 130MB, thank god im on cable

Last edited by tnik; 03-Aug-2003 at 05:23 PM..
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑