1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] MSConfig and RegEdit won't open

Discussion in 'Earlier Versions of Windows' started by NXXcdo, Sep 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. NXXcdo

    NXXcdo Thread Starter

    Joined:
    Aug 30, 2003
    Messages:
    45
    MSConfig and RegEdit will only start up for about 2 seconds, and then they close. I have Spybot S&D, but couldn't find the virus/spybot/whatever. Here is my HijackThis log file:

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\CBRSS.EXE
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
    C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\DELFIN\PROMULGATE\PGMONITR.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\DATA LIFEGUARD\8263142\PROGRAM\BACKWEB-8263142.EXE
    C:\PROGRAM FILES\MSI\PC ALERT 4\PCALERT4.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Microsoft System Restore Configuration] CBRSS.EXE
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LiveMonitor] C:\PROGRAM FILES\MSI\LIVE UPDATE 2\LMONITOR.EXE
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [seticlient] C:\Program Files\[email protected]\[email protected] -min
    O4 - HKLM\..\Run: [servicepack lptt01] "c:\program files\servicepack\servicepack.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
    O4 - HKCU\..\RunOnce: [Microsoft System Restore Configuration] CBRSS.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
    O4 - Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
    O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = ?
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O4 - Global Startup: Data LifeGuard.lnk = C:\Program Files\Data LifeGuard\8263142\Program\backWeb-8263142.exe
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
    O9 - Extra button: Copernic Agent (HKLM)
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37862.4863657407
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cab
    O16 - DPF: Yahoo! Exploder - http://download.games.yahoo.com/games/clients/y/vtk_x.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
    O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab
    O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v40/focus/focus.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
    O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://mirror.worldwinner.com/games/v42/territory/territory.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v49/swapit/swapit.cab
    O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v44/bjattack/bjattack.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://ftp.coupons.com/r3120/cpbrxpie.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab
    O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v44/h2hpool/h2hpool.cab
    O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/brickout/brickout.cab
    O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://mirror.worldwinner.com/games/v46/tracman/tracman.cab
    O16 - DPF: {E5EF1E59-8AFD-425A-9F30-817FD6507215} (Darts Control) - http://mirror.worldwinner.com/games/v40/darts/darts.cab
    O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
    O16 - DPF: {5DB05CB8-7751-469D-A1DD-45C8C201C013} (Blender 3D Plug-in Active X Control) - http://entropy8zuper.org/airport/customs/Blender3DPlugin.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab
    O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt2_x.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
    O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://geotoo.mkm-wpe.net/activex/AxisCamControl.ocx
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4281/mcfscan.cab
    O16 - DPF: {ED3CE078-BB89-42C6-A748-2EC19EA004D4} (BoxFrogAX Control) - http://www.boxfrog.com/BoxFrogConvert.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0804a8ff6b9966323c00/netzip/RdxIE601.cab
    O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin.com/plugin/111956.exe
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Restart in Safe Mode: shutdown completely, wait about 20 seconds. On restart press the ctrl key promptly to access the boot menu and the Safe Mode option.

    In Safe Mode run Explorer and delete this file:

    C:\WINDOWS\SYSTEM\CBRSS.EXE

    Also run HijackThis and check and "fix" the following entries:

    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

    O4 - HKLM\..\Run: [Microsoft System Restore Configuration] CBRSS.EXE

    O4 - HKCU\..\RunOnce: [Microsoft System Restore Configuration] CBRSS.EXE

    ^^ note there are two instances of this to be deleted from the registry.

    >>> reboot and test for resolution. Post another Scanlog if not.

    By the way, if your task manager works (ctrl-alt-del) you may be able to end task the cbrss.exe process and complete the rest of the operation without using Safe Mode.
     
  3. NXXcdo

    NXXcdo Thread Starter

    Joined:
    Aug 30, 2003
    Messages:
    45
    It worked. Thanks.:D
    (y) (y) 2 Thumbs up.

    By the way, nice sig.
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    :cool:

    You're welcome.

    It was a "spybot" variant. Most of them affect XP/2k systems, but this one does its thing on Win98 as well.
     
  5. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    I might add this for HJT to fix also
    O4 - HKLM\..\Run: [servicepack lptt01] "c:\program files\servicepack\servicepack.exe"

    you NEED to run Javacool's RapidBlaster killer : http://www.wilderssecurity.net/downloads/rbkiller.exe

    Windows98 had no servicepacks.
    IE and MS Office did, but not Win98 itself.
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    NightHawk lives up to his name! (Tx, might have to change mine to "Mr. Magoo")

    While your at it, you might also want to install, UPDATE and run Spybot to clean out any residual files or entries left by the MyBar search Hijacker as well.

    http://tomcoyote.org/SPYBOT/
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164651

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice