1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Cant run MSConfig!

Discussion in 'Earlier Versions of Windows' started by kwill, Apr 18, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. kwill

    kwill Thread Starter

    Joined:
    Jan 5, 2003
    Messages:
    292
    Im on Windows 98SE and IVe recently been getting errors come up for QTTask and Explorer saying they have to be shut down, when I try to run MSConfig the same thing is popping up!
    Ive always been able to run it before......can anyone help?
    Thanks
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,013
    First Name:
    Frank
    QTTASK is not needed. Uncheck it in the MSCONFIG startup tab(when you get it working again) and delete the QTTASK.EXE file in C:\Program Files\Quicktime.
     
  3. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  4. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    If you think it may be spyware, you might as well run a scan. Lately I recommend doing this just like you would consider doing a virus scan. Just download a good Spyware and Trojan Removal program.

    Spybot Search and Destroy:
    http://www.safer-networking.org/index.php?page=spybotsda

    SpySweeper:
    http://www.webroot.com/wb/products/spysweeper/index.php
    This will also protect your home page from being hijacked.

    Ad-Aware:
    http://www.lavasoft.de/

    With any of the above three programs, just like with Anti-Virus software, should have the latest updates installed before doing a scan.

    CWShredder:
    http://www.spywareinfo.com/downloads/tools/CWShredder.exe

    KazaaBeGone
    http://www.spywareinfo.com/~merijn/files/kazaabegone.zip

    Programs that can help prevent getting infected:

    Spyware Blaster
    http://www.javacoolsoftware.com/spywareblaster.html

    Spyware Guard
    http://www.wilderssecurity.net/spywareguard.html
     
  5. kwill

    kwill Thread Starter

    Joined:
    Jan 5, 2003
    Messages:
    292
    Heres that hijack this log - Ill have a look at the other stuff if i need to - Ill see what you say about this log....thanks

    Logfile of HijackThis v1.97.7
    Scan saved at 5:00:36 PM, on 4/18/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\WINEXEC.EXE
    C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\MY DOCUMENTS\MY RECEIVED FILES\MSNPROXY.EXE
    C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\PROGRAM FILES\MAIL.COM\MCALERT.EXE
    C:\WINDOWS\IJN\NM32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
    C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchwww.com/bar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchwww.com/bar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchwww.com/search.cgi?s=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.10.1:4480
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\APUC.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Winexec] C:\WINDOWS\Winexec.exe
    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [MSNProxy] C:\MY DOCUMENTS\MY RECEIVED FILES\MSNPROXY.EXE
    O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE /min
    O4 - HKLM\..\Run: [cyrfnqk] rundll32 C:\WINDOWS\SYSTEM\cyrfnqk.dll,Init 1
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [MSNProxy] C:\MY DOCUMENTS\MY RECEIVED FILES\MSNPROXY.EXE
    O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
    O4 - HKLM\..\RunOnce: [*cyrfnqk] rundll32 C:\WINDOWS\SYSTEM\cyrfnqk.dll,Init 1
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
    O4 - Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/smarterchild/websetup.cab
    O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://directplugin.com/dialers/111845.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
     

    Attached Files:

  6. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    There are several items in there that look like they may cause problems. Might as well clean them out before sending any log files. You're going to need to clean them anyway. This way you just send what is left.

    Kinda like if you think you have a virus, showing all the viruses on your computer. Might as well just get rid of them first.
     
  7. kwill

    kwill Thread Starter

    Joined:
    Jan 5, 2003
    Messages:
    292
    so i just check them all on hijack this and click fix or clean or whatever? then what?
     
  8. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    Since it's free, first I would download Spybot, get all the latest updates and do a scan. If you want to use CWShredder and KazaaBeGone that can't hurt either.
     
  9. kwill

    kwill Thread Starter

    Joined:
    Jan 5, 2003
    Messages:
    292
    OK I used Spybot to get rid of a few things, still cant run MSConfig.....
     
  10. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    I didn't think that was the cause of the problem but there was another post suggesting that it was. This was the fastest way to determine if it was spyware or not.

    Can you give the exact error. Typically they are tough to figure out though.

    One easy thing to try is reinstall Win98 on top of the current version. You won't lose anything and it often solves these types of problems.

    My recommendatation for this is to copy the source files to a directory on the hard drive, boot with a floppy, and reinstall from that directory.
     
  11. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Restart in Safe Mode, check these two entries in the HijackThis Scan and then click "fix checked":

    O4 - HKLM\..\Run: [Winexec] C:\WINDOWS\Winexec.exe
    O4 - HKLM\..\Run: [cyrfnqk] rundll32 C:\WINDOWS\SYSTEM\cyrfnqk.dll,Init 1

    >>> delete the file c:\windows\winexec.exe !!!

    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.kazwin.html

    >> to start in Safe Mode, press and hold the ctrl key immediately on a reboot; you should get a startup menu from which Safe Mode can be selected.

    You should also run the CoolWebShredder, CWShredder.exe from the site below and then reboot:

    http://www.spywareinfo.com/~merijn/downloads.html

    Give us another Copy/paste of the Scanlog after doing this. You can copy/paste it rather than attach it that makes it easier for others to see.
     
  13. kwill

    kwill Thread Starter

    Joined:
    Jan 5, 2003
    Messages:
    292
    I run the EXE thing but MSConfig still wont run - heres the error that comes up when I try and run it....

    MSCONFIG caused an invalid page fault in
    module <unknown> at 0000:01f91310.
    Registers:
    EAX=00000000 CS=0167 EIP=01f91310 EFLGS=00010286
    EBX=00000000 SS=016f ESP=0064fba0 EBP=0064fc18
    ECX=bff70000 DS=016f ESI=00000409 FS=3e3f
    EDX=bffc9490 ES=016f EDI=00000409 GS=0000
    Bytes at CS:EIP:

    Stack dump:
    bfbac08d bff70000 bfb7232c bfbac0fb 00000000 00000409 bfbac2b6 00000409 004270b8 bfbac70c 00000000 004271c0 004270b8 00427504 bff7b4d5 81771d78

    Its annoying because whenever Im on the internet using IE, it occasionally says Explorer as stopped responding and it closes the browser.....
     
  14. kwill

    kwill Thread Starter

    Joined:
    Jan 5, 2003
    Messages:
    292
    I also deleted that winexec file - what was it?
     
  15. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Winexec was a worm which uses and modifies Kazaa. I included a Symantec link by way of explanation.

    Hopefully you just have a damaged msconfig.exe -- let's try replacing it using the System File Checker:

    1. Go to Start>Run and enter SFC and click OK
    2. Check "Extract one File"
    3. Enter the file name and click on "Start"
    4. In the "Restore from" field enter:: D:\WIN98 [if 'D' is not the letter of your CD-Rom drive, modify appropriately]
    5. Click OK

    {if you do not have a Windows system CD, try subsitituting c:\windows\options\cabs in the"restore from field"}


    Also, post a fresh Scanlog so we can see if there are any new problems and the old ones have been properly fixed.

    Did you run the CoolWebShreder?

    By the way does msconfig run in Safe Mode? If it does, then it is not damaged.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221492

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice