msconfig

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

willywilly

Thread Starter
Joined
Mar 31, 2004
Messages
18
i have recently had several viruses on my computer and my startup was affected. i now load up windows on a selective startup and there are several files that i do not wish to be ther. everything loads up fine now, but i dont want to unclick them and then have my computer screwed up again.

they are froma common startup group and the names are all different like n4tyoc05.exe and morze5.exe and the command line files are all deleted.
 
Joined
Dec 9, 2000
Messages
45,855
The path to the "common startup group" in Win98 (also known as "global startup) is c:\windows\all users\start menu\programs\startup

If the files or shortcuts are there, just delete them; if they are shortcuts, the files are in another location and you need to right click on the short cut link, select "properties" and find the path. Or you can just do a Find files for them.
 

willywilly

Thread Starter
Joined
Mar 31, 2004
Messages
18
that got rid of most of them, now i have xw7dfy00.exe in registry (per-user run), xw7dfy00.exe in registry (machine run), atipolab (machine serivce), and ssdpsrv (machine serivce)


i don't know if these are related to the viruses but i don't want to take a chance
 

pyritechips

Jim
Gone but Never Forgotten
Joined
Jun 2, 2002
Messages
26,907
Hello willywilly and Rog:
I believe those files are spyware related. Is a HijackThis log in order?
 

pyritechips

Jim
Gone but Never Forgotten
Joined
Jun 2, 2002
Messages
26,907
Ok, never mind. I see willywilly has another thread going with a Hijack log in it...
 

willywilly

Thread Starter
Joined
Mar 31, 2004
Messages
18
here is my latest log

Logfile of HijackThis v1.97.7
Scan saved at 1:24:48 AM, on 4/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
 
Joined
Dec 9, 2000
Messages
45,855
The scanlog you are posting is clean. However I cannot see what ever you might have UNchecked in msconfig. Those entries from the OTHER scanlog in the "global startup" group will be removed from msconfig if you simply delete them from the folder they are in.

For the record it was this trojan:

http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=TROJ_TOMADI.A

It has proven rather difficult for some, and required specialized advice. If you continue to have trouble with it, I will move your OTHER thread to the Security forum for further dealings with it.


You can clean this up by checking and "fixing" them.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
 

willywilly

Thread Starter
Joined
Mar 31, 2004
Messages
18
these are whats left unchecked in my msconfig startup

xw7dfy00.exe in registry (per-user run)
xw7dfy00.exe in registry (machine run)
atipolab (machine serivce)
ssdpsrv (machine serivce)
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
39,943
If you mean you want to remove it permently from MSCONFIG then try using Registry Cleaner.
 
Joined
Dec 9, 2000
Messages
45,855
Go to start and run regedit

Navigate to these two keys:

Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run-

Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run- and RunServices -

Notice that the last folder in each of these keys is RUN - or RunServices-

The "minus" indicates disabled items removed from the "Run" folder. Just right click on those entries in the right hand pane and delete them
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top