1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

can't open msconfig

Discussion in 'Virus & Other Malware Removal' started by seniorc, Sep 3, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. seniorc

    seniorc Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    3
    can someone please help me? i cant open msconfig or regedit. i have scanned my comp with stinger and trends scan and they both came up clear. here is my hijack log: please help
    Logfile of HijackThis v1.98.2
    Scan saved at 17:45:27, on 03/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security Professional\NISUM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\SVHOST.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\CRK\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.formatureaudiencesonly.com/search.php?a=1025542&type=direct&aff_id=272&keywords=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.formatureaudiencesonly.com/search.php?a=1025542&type=direct&aff_id=272&keywords=
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\system32\winhot32.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\system32\kdpupd.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: HotSearchBar.com Bar - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\system32\winhot32.dll
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
    O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d9cb3ae926d:158854fc4a27381a6ed667336045adce
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093478256254
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5D3E486A-FB0F-4211-AEA1-797F37AAC2FD}: NameServer = 80.189.92.2 80.189.94.2
     
  2. Cris_Cr0ss

    Cris_Cr0ss

    Joined:
    Jan 30, 2004
    Messages:
    820
    what i suggest:

    Run ad-adaware and spybot and clean out hten post a new HijackThis Log
    --------------------------------------------------------------------------
    Now dowload ad-aware
    Ad-Aware
    Before you scan with AdAware, check for updates of the reference file by clicking on "Check for updates now", connect.

    Click on Start, Use custom scanning options, Customize.

    Make sure the following settings are made and on -------"ON=GREEN"

    "Scan within archives"
    "Scan active processes"
    "Scan registry"
    "Deep scan registry"
    "Scan my IE Favorites for banned URL"
    "Scan my host-file"

    Click on Tweak,
    Select scanning engine and click on "Unload recognized processes during scanning"
    Select cleaning engine and click on "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    Then click "proceed" to save your settings.

    Click on Next

    Run the scan and fix everything.

    Reboot

    Then get Spybot S&D to clear remaining spyware.

    Short tutorial and download link here:
    Spybot

    Fix everything SpybotSD labels in red, and immunize.

    When your done post a new Hijackthis Log
     
  3. amthmi

    amthmi

    Joined:
    Mar 23, 2002
    Messages:
    519
    These two entries look suspicious to me.
    I wasn't able to find any info on them.
    Do you know what they are ?
    O4 - HKLM\..\Run: [Windows Core Settings] SVHOST.EXE
    O4 - HKCU\..\RunOnce: [Windows Core Settings] SVHOST.EXE

    You have other minor entries that would need fixing but I would
    address the above first.

    This is where the file is on your pc
    C:\WINDOWS\system32\SVHOST.EXE
     
  4. seniorc

    seniorc Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    3
    thank u. i will run adware ,,, then ill post back,,
     
  5. seniorc

    seniorc Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    3
    i ran several different scans.. i still cant open msconfig. what could be wrong? here's my new hijack log.

    Logfile of HijackThis v1.98.2
    Scan saved at 09:54:26, on 04/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security Professional\NISUM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\SVHOST.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\CRK\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.formatureaudiencesonly.com/search.php?a=1025542&type=direct&aff_id=272&keywords=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\system32\kdpupd.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d9cb3ae926d:158854fc4a27381a6ed667336045adce
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093478256254
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5D3E486A-FB0F-4211-AEA1-797F37AAC2FD}: NameServer = 80.189.92.2 80.189.94.2
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269746

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice