[Resolved] Cant run MSConfig!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kwill

Thread Starter
Joined
Jan 5, 2003
Messages
292
Im on Windows 98SE and IVe recently been getting errors come up for QTTask and Explorer saying they have to be shut down, when I try to run MSConfig the same thing is popping up!
Ive always been able to run it before......can anyone help?
Thanks
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,936
QTTASK is not needed. Uncheck it in the MSCONFIG startup tab(when you get it working again) and delete the QTTASK.EXE file in C:\Program Files\Quicktime.
 
Joined
Nov 2, 2002
Messages
22,468
If you think it may be spyware, you might as well run a scan. Lately I recommend doing this just like you would consider doing a virus scan. Just download a good Spyware and Trojan Removal program.

Spybot Search and Destroy:
http://www.safer-networking.org/index.php?page=spybotsda

SpySweeper:
http://www.webroot.com/wb/products/spysweeper/index.php
This will also protect your home page from being hijacked.

Ad-Aware:
http://www.lavasoft.de/

With any of the above three programs, just like with Anti-Virus software, should have the latest updates installed before doing a scan.

CWShredder:
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

KazaaBeGone
http://www.spywareinfo.com/~merijn/files/kazaabegone.zip

Programs that can help prevent getting infected:

Spyware Blaster
http://www.javacoolsoftware.com/spywareblaster.html

Spyware Guard
http://www.wilderssecurity.net/spywareguard.html
 

kwill

Thread Starter
Joined
Jan 5, 2003
Messages
292
Heres that hijack this log - Ill have a look at the other stuff if i need to - Ill see what you say about this log....thanks

Logfile of HijackThis v1.97.7
Scan saved at 5:00:36 PM, on 4/18/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\WINEXEC.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\LOADQM.EXE
C:\MY DOCUMENTS\MY RECEIVED FILES\MSNPROXY.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\MAIL.COM\MCALERT.EXE
C:\WINDOWS\IJN\NM32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchwww.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchwww.com/bar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchwww.com/search.cgi?s=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.10.1:4480
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\APUC.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Winexec] C:\WINDOWS\Winexec.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MSNProxy] C:\MY DOCUMENTS\MY RECEIVED FILES\MSNPROXY.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [cyrfnqk] rundll32 C:\WINDOWS\SYSTEM\cyrfnqk.dll,Init 1
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MSNProxy] C:\MY DOCUMENTS\MY RECEIVED FILES\MSNPROXY.EXE
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKLM\..\RunOnce: [*cyrfnqk] rundll32 C:\WINDOWS\SYSTEM\cyrfnqk.dll,Init 1
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GatorRes.dll
O4 - Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/smarterchild/websetup.cab
O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://directplugin.com/dialers/111845.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
 

Attachments

Joined
Nov 2, 2002
Messages
22,468
There are several items in there that look like they may cause problems. Might as well clean them out before sending any log files. You're going to need to clean them anyway. This way you just send what is left.

Kinda like if you think you have a virus, showing all the viruses on your computer. Might as well just get rid of them first.
 

kwill

Thread Starter
Joined
Jan 5, 2003
Messages
292
so i just check them all on hijack this and click fix or clean or whatever? then what?
 
Joined
Nov 2, 2002
Messages
22,468
Since it's free, first I would download Spybot, get all the latest updates and do a scan. If you want to use CWShredder and KazaaBeGone that can't hurt either.
 

kwill

Thread Starter
Joined
Jan 5, 2003
Messages
292
OK I used Spybot to get rid of a few things, still cant run MSConfig.....
 
Joined
Nov 2, 2002
Messages
22,468
I didn't think that was the cause of the problem but there was another post suggesting that it was. This was the fastest way to determine if it was spyware or not.

Can you give the exact error. Typically they are tough to figure out though.

One easy thing to try is reinstall Win98 on top of the current version. You won't lose anything and it often solves these types of problems.

My recommendatation for this is to copy the source files to a directory on the hard drive, boot with a floppy, and reinstall from that directory.
 
Joined
Dec 9, 2000
Messages
45,855
Restart in Safe Mode, check these two entries in the HijackThis Scan and then click "fix checked":

O4 - HKLM\..\Run: [Winexec] C:\WINDOWS\Winexec.exe
O4 - HKLM\..\Run: [cyrfnqk] rundll32 C:\WINDOWS\SYSTEM\cyrfnqk.dll,Init 1

>>> delete the file c:\windows\winexec.exe !!!

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.kazwin.html

>> to start in Safe Mode, press and hold the ctrl key immediately on a reboot; you should get a startup menu from which Safe Mode can be selected.

You should also run the CoolWebShredder, CWShredder.exe from the site below and then reboot:

http://www.spywareinfo.com/~merijn/downloads.html

Give us another Copy/paste of the Scanlog after doing this. You can copy/paste it rather than attach it that makes it easier for others to see.
 

kwill

Thread Starter
Joined
Jan 5, 2003
Messages
292
I run the EXE thing but MSConfig still wont run - heres the error that comes up when I try and run it....

MSCONFIG caused an invalid page fault in
module <unknown> at 0000:01f91310.
Registers:
EAX=00000000 CS=0167 EIP=01f91310 EFLGS=00010286
EBX=00000000 SS=016f ESP=0064fba0 EBP=0064fc18
ECX=bff70000 DS=016f ESI=00000409 FS=3e3f
EDX=bffc9490 ES=016f EDI=00000409 GS=0000
Bytes at CS:EIP:

Stack dump:
bfbac08d bff70000 bfb7232c bfbac0fb 00000000 00000409 bfbac2b6 00000409 004270b8 bfbac70c 00000000 004271c0 004270b8 00427504 bff7b4d5 81771d78

Its annoying because whenever Im on the internet using IE, it occasionally says Explorer as stopped responding and it closes the browser.....
 
Joined
Dec 9, 2000
Messages
45,855
Winexec was a worm which uses and modifies Kazaa. I included a Symantec link by way of explanation.

Hopefully you just have a damaged msconfig.exe -- let's try replacing it using the System File Checker:

1. Go to Start>Run and enter SFC and click OK
2. Check "Extract one File"
3. Enter the file name and click on "Start"
4. In the "Restore from" field enter:: D:\WIN98 [if 'D' is not the letter of your CD-Rom drive, modify appropriately]
5. Click OK

{if you do not have a Windows system CD, try subsitituting c:\windows\options\cabs in the"restore from field"}


Also, post a fresh Scanlog so we can see if there are any new problems and the old ones have been properly fixed.

Did you run the CoolWebShreder?

By the way does msconfig run in Safe Mode? If it does, then it is not damaged.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top