1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

msconfig

Discussion in 'Earlier Versions of Windows' started by willywilly, Apr 1, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. willywilly

    willywilly Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    18
    i have recently had several viruses on my computer and my startup was affected. i now load up windows on a selective startup and there are several files that i do not wish to be ther. everything loads up fine now, but i dont want to unclick them and then have my computer screwed up again.

    they are froma common startup group and the names are all different like n4tyoc05.exe and morze5.exe and the command line files are all deleted.
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    The path to the "common startup group" in Win98 (also known as "global startup) is c:\windows\all users\start menu\programs\startup

    If the files or shortcuts are there, just delete them; if they are shortcuts, the files are in another location and you need to right click on the short cut link, select "properties" and find the path. Or you can just do a Find files for them.
     
  3. willywilly

    willywilly Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    18
    that got rid of most of them, now i have xw7dfy00.exe in registry (per-user run), xw7dfy00.exe in registry (machine run), atipolab (machine serivce), and ssdpsrv (machine serivce)


    i don't know if these are related to the viruses but i don't want to take a chance
     
  4. pyritechips

    pyritechips Gone but Never Forgotten

    Joined:
    Jun 2, 2002
    Messages:
    26,907
    First Name:
    Jim
    Hello willywilly and Rog:
    I believe those files are spyware related. Is a HijackThis log in order?
     
  5. pyritechips

    pyritechips Gone but Never Forgotten

    Joined:
    Jun 2, 2002
    Messages:
    26,907
    First Name:
    Jim
    Ok, never mind. I see willywilly has another thread going with a Hijack log in it...
     
  6. willywilly

    willywilly Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    18
    here is my latest log

    Logfile of HijackThis v1.97.7
    Scan saved at 1:24:48 AM, on 4/1/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\PROGRAM FILES\APOINT\APOINT.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\APOINT\APWHEEL.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
    O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    The scanlog you are posting is clean. However I cannot see what ever you might have UNchecked in msconfig. Those entries from the OTHER scanlog in the "global startup" group will be removed from msconfig if you simply delete them from the folder they are in.

    For the record it was this trojan:

    http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=TROJ_TOMADI.A

    It has proven rather difficult for some, and required specialized advice. If you continue to have trouble with it, I will move your OTHER thread to the Security forum for further dealings with it.


    You can clean this up by checking and "fixing" them.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
     
  8. willywilly

    willywilly Thread Starter

    Joined:
    Mar 31, 2004
    Messages:
    18
    these are whats left unchecked in my msconfig startup

    xw7dfy00.exe in registry (per-user run)
    xw7dfy00.exe in registry (machine run)
    atipolab (machine serivce)
    ssdpsrv (machine serivce)
     
  9. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    34,908
    First Name:
    James
    If you mean you want to remove it permently from MSCONFIG then try using Registry Cleaner.
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Go to start and run regedit

    Navigate to these two keys:

    Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run-

    Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run- and RunServices -

    Notice that the last folder in each of these keys is RUN - or RunServices-

    The "minus" indicates disabled items removed from the "Run" folder. Just right click on those entries in the right hand pane and delete them
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/216446

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice