[Resolved] Problem With Msconfig

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Buc47

Thread Starter
Joined
Mar 29, 2004
Messages
6
I have Windows ME, I've tried to run MSCONFIG and the window disappears in 1 second. Also, same result with running REGEDIT.
I've downloaded Hijackthis and here is the scan log:
Any suggestions? Thanks


Scan saved at 7:16:35 PM, on 3/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\WINCFG.SCR
C:\WINDOWS\MXCUCTGC.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ROAD RUNNER\MEDIC\RRMEDIC.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\RRIM\AIM.EXE
C:\CHRIS\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [Winsock2 driver] WINCFG.SCR
O4 - HKLM\..\Run: [inblblcn] C:\WINDOWS\mxcuctgc.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [Winsock2 driver] WINCFG.SCR
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Medic.lnk = C:\Program Files\Road Runner\Medic\RRMedic.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Instant Messenger (SM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .tif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.5958101852
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt (file missing)
 
Joined
Nov 2, 2002
Messages
22,468
There have been a lot of viruses and trojan program going around that disable both of these. I'm not sure if a simple thing like a system restore will necessarily get rid of them.

You might update your anti-virus software as well as download good anti-spyware programs and run some scans. If you have NAV, you might find that this doesn't work either. Typically it needs to be uninstalled and reinstalled again.
 
Joined
Oct 4, 2001
Messages
783
For your MSCONFIG try this:

click My Computer

C:\ drive

Windows

System

Rename Msconfig.exe to Msconfig.old

Then go to

C:\ drive

Windows

Options

Install

WIN_17.CAB

scroll down to msconfig.exe

right click on it

choose Extract

Reboot


Or you can extract it from here:
http://www2.whidbey.com/djdenham/Msconfig.htm
just use the one marked Win95 as that is from Win98 and will work in WinME.
 
Joined
Nov 2, 2002
Messages
22,468
What about regedit? And are you sure that since both programs open and then close, it is a problem with the program itself?
 
Joined
Jan 11, 2004
Messages
485
No one commented on his HJT log.
I'm a novice but think I see some problems in it, but! as I said I'm a novice. Should he wait or PM someone to look at it, or do ya'll think it's clean?
Just an observation and suggestion.
 

Buc47

Thread Starter
Joined
Mar 29, 2004
Messages
6
Thanks for the replies, I'll begin to try some of your suggested remedies tonite when I've got some time. Once again, thanks.
 
Joined
Dec 9, 2000
Messages
45,855
Restart in Safe Mode, open HijackThis and select Scan. Check these entries and click Fix Selected:

O4 - HKLM\..\Run: [Winsock2 driver] WINCFG.SCR
O4 - HKLM\..\Run: [inblblcn] C:\WINDOWS\mxcuctgc.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] WINCFG.SCR

Then ensure Show all files is selected in Folder Options > View and use Windows explorer to find and delete the bolded files above.

You will probably have to do a file search for the one that has no path information, though it is likely in windows or c:\windows\system

How to start in Safe Mode:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Post another scanlog after you have followed those instructions and let us know if the problem is resolved.

Also, if you are not happy with those Yahoo search and start pages, check and fix those as well. Include the "about blank" entries too.
 

Buc47

Thread Starter
Joined
Mar 29, 2004
Messages
6
Rollin Rog, I followed your instructions and can now successfully use the MSCONFIG window.(y) If I paste the Startup list could you tell me what I can remove the checks from? It takes a few minutes to boot up. (Do I need a new thread for this?) Thanks for the help everyone, this forum is great!
Here is the new HJT log:
Logfile of HijackThis v1.97.2
Scan saved at 8:35:12 PM, on 3/31/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ROAD RUNNER\MEDIC\RRMEDIC.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\CHRIS\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Medic.lnk = C:\Program Files\Road Runner\Medic\RRMedic.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Instant Messenger (SM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .tif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.5958101852
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt (file missing)
 
Joined
Dec 9, 2000
Messages
45,855
Great, here is a good link on which you will find references and recommendations for most of those startups:

http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM
also:
http://www.windowsstartup.com/wso/search.php

A quick look, I would not have starting:

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Medic.lnk = C:\Program Files\Road Runner\Medic\RRMedic.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

Most of these can be run from a shortcut or the Start> Programs Menu when you really need them
 
Joined
Nov 2, 2002
Messages
22,468
Just in case anything got missed, was a new type of program, or had anything left behind, you might still want to download a good Spyware and Trojan Removal program.

Spybot Search and Destroy:
http://www.safer-networking.org/index.php?page=spybotsda

SpySweeper:
http://www.webroot.com/wb/products/spysweeper/index.php
This will also protect your home page from being hijacked.

Ad-Aware:
http://www.lavasoft.de/

With any of the above three programs, just like with Anti-Virus software, should have the latest updates installed before doing a scan.

CWShredder:
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

KazaaBeGone
http://www.spywareinfo.com/~merijn/files/kazaabegone.zip

Programs that can help prevent getting infected:

Spyware Blaster
http://www.javacoolsoftware.com/spywareblaster.html

Spyware Guard
http://www.wilderssecurity.net/spywareguard.html
 

Buc47

Thread Starter
Joined
Mar 29, 2004
Messages
6
thanks, I've got cwshredder and spybot already. I'll check on the others.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top