msconfig i used to use msconfig to keep my startup list quite small. Now when i run it (start > run > msconfig) i get the following error message; "windows cannot find "msconfig", make sure you typed trhe name correctly then try again. To search for a file, click the start button then click search." i can find the "msconfig" tool by using the search tho. wondering why its suddenly stopped working. :spangled: its located in c:\windows\pchealth\helpctr\binaries thers anothe file, a .pf file called msconfig.exe-35e4dae9.pf and thats located in c:\windows\prefetch. anyone got any ideas, cheers anyway
I've just googled and it SEEMS like it's a virus - a trojan of some kind. Do the usual - use all 3 recommended AVs, turn off system restore - MAKE SURE YOU'VE GOT THE MOST RECENT DEFs. Find the name of it - then google for the cleaning routine.
ave scanned wit a few AVs which are updated, used anti spy - ad progs, if its malware then al probs need somet else. nowt comes up when i scan tho. i read that some malware - viruses removed system applications from your computer but nowts been found. :spangled:
Could be a new one.... are you getting many problems with it? only oher thing is the Unhijack this utility or the RootKit Revealer utility to see if you can find anything...
Logfile of HijackThis v1.99.1 Scan saved at 10:31:35, on 21/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\Lee\LOCALS~1\Temp\Rar$EX00.093\RootkitRevealer.exe C:\DOCUME~1\Lee\LOCALS~1\Temp\O.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\Lee\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107903479046 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O - ??????????????????????????????????? - C:\DOCUME~1\Lee\LOCALS~1\Temp\O.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe im a bit sus about 0.exe, cant find owt on it
yeah, just noticed that... try deleting any reference to it in regedit, kill of any processes, empty temp folder, etc, etc, etc... worth a shot!
i ran that rootrevealer and tried to save the log file but it hasnt saved it, i running another test as i type this edit: HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 16/02/2005 22:37 26 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 16/02/2005 22:37 26 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\a347scsi\Config\jdgg40 16/02/2005 22:39 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 21/06/2005 09:53 0 bytes Hidden from Windows API. C:\Documents and Settings\Lee\Desktop\hijackthis.zip:Zone.Identifier 21/06/2005 10:30 26 bytes Hidden from Windows API. C:\Documents and Settings\Lee\Desktop\tds3setup.exe:Zone.Identifier 21/06/2005 10:17 26 bytes Hidden from Windows API. C:\Documents and Settings\Lee\Local Settings\Temp\~DFA2B8.tmp 21/06/2005 10:31 16.00 KB Hidden from Windows API. C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\8MGNQ3RD\newreply[1].htm 21/06/2005 10:33 30.19 KB Hidden from Windows API. C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\8MGNQ3RD\newreply[1].php 21/06/2005 10:33 7.48 KB Hidden from Windows API. C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\QXSZY9EX\newreply[1].htm 21/06/2005 10:29 2.30 KB Hidden from Windows API. C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\QXSZY9EX\showthread[1].htm 21/06/2005 10:34 50.29 KB Visible in directory index, but not Windows API or MFT. C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\QXSZY9EX\showthread[1].php 21/06/2005 10:34 11.73 KB Visible in directory index, but not Windows API or MFT. C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\SXC9QFCL\newreply[1].php 21/06/2005 10:34 1.10 KB Visible in directory index, but not Windows API or MFT. C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\UT0RUX25\newreply[1].htm 21/06/2005 10:34 2.30 KB Visible in directory index, but not Windows API or MFT.
im not too familiar with th registry but ave emptied the IE cache cookies and deleted temp files, also killed processes. still no joy
i can still use msconfig, the root to the file is stored in the ru box so al jsut leave it like that. nowt seems to be affected apart fro that one thing. al just leave it for now, cheers for the help anyway
Not got time to go thru properly, but you need to get rid of C:\DOCUME~1\Lee\LOCALS~1\Temp\O.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe O23 - Service: O - ??????????????????????????????????? - C:\DOCUME~1\Lee\LOCALS~1\Temp\O.exe
Reet, read through the sticky, and use a couple of online av scans, and use all 4 of the anti-spyware programs (in safe mode). If still a prob, post a fresh HJThis log
