MSConfig

Discussion in 'other software & services' started by marcelj, Feb 13, 2006.

Thread Status:
Not open for further replies.
  1. marcelj

    marcelj Registered Member

    Joined:
    Mar 11, 2005
    Posts:
    13
    Since some time already I can not run MSConfig anymore. I'm working with WXP-PRO SP2.
    When I just installed it, some 2 years ago, it did run normally.
    But now when I try to activate it, I see the "busy" icon for a couple of seconds and then

    it disappears and nothing happens.
    I also tried to run it in a CMD-box, nothing.
    I know there are plenty of alternatives for manipulating the startup-part, but I'm just

    wondering why suddenly the standard program fails to run.
    Anyone any idea?

    Greetings,
    Marcel
     
  2. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    Do you get any error reported in the event log? (Control Panel | Administrative Tools | Event Viewer | Application or System)
     
  3. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,400
    Location:
    California - USA
    I hope you are running an up-to-date AV, because your comp may very well be infected. This behavior is symptomatic of a virus, but regardless, you need 'Scotty'.

    Scotty is the pet of WinPatrol, available in both freeware and payware versions. With WinPatrol I have never again used MSCONFIG. It allows you to get a better understanding of what programs are being added to your computer. It monitors important system areas that are commonly altered by many malicious programs. This includes the startup groups (registry and startup folder), cookies and active tasks. You can terminate processes and enable or disable startup programs. The cookie monitoring option allows you to automatically delete cookies based on a keyword found in the cookie name. Additional features include a WHOIS lookup tool and an option to alert you on changes. WinPatrol is easy to use, yet powerful. You can download the freeware version from.... http://www.snapfiles.com/download/dlwinpatrol.html

    Hope this helps. ~pv
     
    Last edited: Feb 13, 2006
  4. marcelj

    marcelj Registered Member

    Joined:
    Mar 11, 2005
    Posts:
    13
    Hi Trickyricky,

    No error whatsoever.

    Hi PVSurfer,

    I know there are loads of alternatives, especially for the startup-part of MSConfig, but the problem is that I don't understand what is stopping the standard MSConfig to run normally in my environment.
    But anyway, I'll give Scotty a try, maybe it is better than TuneUpUtilities which I'm currently using.
    Thanks so far and if you can come up with something else I would appreciate it.

    Greetz,
    Marcel
     
  5. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hi marcelj,

    The exe itself may be damaged. If you have your sp2 cd handy, look for Msconfig - Corrupt here.
    If no good you may have problem's within your registry (additional M$ link's follow).


    GF
     
  6. marcelj

    marcelj Registered Member

    Joined:
    Mar 11, 2005
    Posts:
    13
    Hi GlobalForce,

    I had a brief look at both the links you mentioned, mighty interesting.
    The "re-installing" from the original CD I've tried already, but that didn't solve the problem.
    The rest of both articles takes more time to read carefully (my native language is not English), but as soon as I've read them and tried out what is mentioned in there, I'll let you know the result. But again, it may take some time.

    Thanks for now,
    Marcel
     
  7. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Just a thought marcelj ....

    Depending on what security apps you have installed you may want to check and make sure none of them are limiting access to the registry. I'll have myself a peek (as time permit's) and try to determine which key's are brought into play when opening the utility. I also thought this might help you with translation's. ;)


    GF
     
  8. marcelj

    marcelj Registered Member

    Joined:
    Mar 11, 2005
    Posts:
    13
    Hi GlobalForce,

    Thanks a lot for the translation link, very usefull.
    The RegMon utility I had already downloaded somewhere in the past.
    I activated it, changed the filter to MSCONFIG and started MSConfig.
    This gives a whole bunch of entries in RegMon, which I saved to a file (85kB!!).
    Now I hope I can trigger something in this logfile causing the problem. That will be a problem, I think, cause one must know how to interpret these logfile entries. And I'm afraid I don't.
    I'll let you know if and when I find something in this file.

    Thanks so far,
    Marcel
     
  9. marcelj

    marcelj Registered Member

    Joined:
    Mar 11, 2005
    Posts:
    13
    Hi GlobalForce.

    I had a look at the regmon logfile and that doesn't give me a good feelin'.
    Maybe that's normal, but I'm really worried about that.
    Next step for me is to find somebody how knows how to analyze the log.
    Do you by any chance know someone? Or a way to figure it out myself?

    To give you an impression of what errors are in the log I'll insert a couple of lines in this reply.

    Greetz,
    Marcel

    >>>>>
    34097 49.98125458 explorer.exe:3144 QueryValue HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE\RunAsCommand NOT FOUND
    34098 49.98126602 explorer.exe:3144 CloseKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE SUCCESS
    34099 49.98149109 explorer.exe:3144 OpenKey HKCU\Applications\MSCONFIG.EXE NOT FOUND
    34100 49.98150635 explorer.exe:3144 OpenKey HKCR\Applications\MSCONFIG.EXE NOT FOUND
    >>>>>
    34103 49.98169327 explorer.exe:3144 QueryValue HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE\AppendPath NOT FOUND
    >>>>>
    34109 49.98181152 explorer.exe:3144 QueryValue HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE\RunAsOnNonAdminInstall NOT FOUND
    >>>>>
    34133 50.07182693 msconfig.exe:3976 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcGenral.DLL NOT FOUND
    34134 50.07205963 msconfig.exe:3976 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll NOT FOUND
    34135 50.07207489 msconfig.exe:3976 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll NOT FOUND
    34136 50.07209396 msconfig.exe:3976 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll NOT FOUND
    34137 50.07210922 msconfig.exe:3976 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll NOT FOUND
    34138 50.07212830 msconfig.exe:3976 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll NOT FOUND
    34139 50.07215118 msconfig.exe:3976 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MFC42u.DLL NOT FOUND
     
  10. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hi marcel .... was hoping you'd get back wanting to sort this out!


    No, those NOT FOUND entries aren't normal and maybe not too much to worry about just yet. When you stated trying to re-install from cd,
    is this the command you issued (where *x* represent's the appropriate drive letter's) ....

    expand -r x:\i386\msconfig.ex_ x:\windows\pchealth\helpctr\binaries

    A few question's marcel. Does your XP cd include sp2 (in other word's, is it integrated)? Do you run any registry cleaner's?
    Is there any reference to a T.V. Media program on your machine? Does msconfig run if executing from it's *home* directory?

    A few task's to go along with these question's if you wouldn't mind. ;)
    Could you confirm whether or not those NOT FOUND dll's are in your system32 folder. I'd also like to see the content's of your binaries folder ....

    c/p from a command window and edit out all but dir's listing or, with the prompt still open, type > cd %systemroot%\pchealth\helpctr\binaries
    then > dir >%systemroot%\bin_content.txt (find bin_content.txt in your windows folder and c/p here).


    *Something to this effect though the system I'm posting from is rather, mmmm .... outdated!* :cautious::D
    You haven't mentioned which VS you run as pvsurfer's inquisition is a real consideration (a past infection may have jostled some file paths), maybe a quick online check would help eliminate that concern. While there are repair utilities available (test purposes + requires the Windows Scripting Host), I think it would be wise to first check and make sure your trying to open msconfig with Administrative right's .... even trying the Administrator's account from safe-mode.


    GF
     
    Last edited: Feb 22, 2006
  11. marcelj

    marcelj Registered Member

    Joined:
    Mar 11, 2005
    Posts:
    13
    Hi GlobalForce,

    I did the same action met RegMon/MSConfig on my wife's computer where MSConfig does start up normally and saw the same (that is a load of the same) NOT FOUND entries as in my regmon.log, so that could be normal behaviour. No idea.
    When using the EXPAND command I replaced the x: with the corresponding drive-letters.
    My XP-CD says "Including Service Pack 1a". I upgraded to SP2 lateron. BTW my system is upgraded to the last february-patches.
    The content of Binaries (I'm working with the Dutch XP-version):

    De volumenaam van station C is WindowsXP-Pro
    Het volumenummer is 7908-EDB9

    Map van C:\WINDOWS\PCHealth\HelpCtr\Binaries

    24-02-2006 13:52 <DIR> .
    24-02-2006 13:52 <DIR> ..
    24-02-2006 13:52 0 bin-dir.txt
    08-04-2003 13:00 21.504 brpinfo.dll
    08-04-2003 13:00 7.168 HCAppRes.dll
    04-08-2004 01:03 768.512 helpctr.exe
    08-04-2003 13:00 99.840 HelpHost.exe
    04-08-2004 01:03 743.936 helpsvc.exe
    17-07-2004 22:56 319.951 hscsp_w3.cab
    04-08-2004 01:03 18.944 hscupd.exe
    04-08-2004 01:03 160.256 msconfig.exe
    04-08-2004 01:03 160.256 msconfig.exe_old
    04-08-2004 01:03 379.392 msinfo.dll
    08-04-2003 13:00 35.328 notiflag.exe
    08-04-2003 13:00 2.355.964 pchdt_w3.cab
    04-08-2004 01:03 102.400 pchshell.dll
    04-08-2004 01:03 38.912 pchsvc.dll
    15 bestand(en) 5.212.363 bytes
    2 map(pen) 6.463.152.128 bytes beschikbaar

    I did run xp_emegencyutil.exe already. After exiting it left TasMan and Regedit open (if I remember well) but not MSConfig. Tried to run MSconfig as well as Copy-of-msconfig after XP_Emerg, unfortunately the same result.

    I also tried XP_Fix, didn't solve the problem either (http://www.visualtour.com/downloads/xp_fix.exe).
    And I've done almost all the steps mentioned on http://wiki.castlecops.com/Malware_Remo...:_Overview

    The VS I'm using is Avast home edition, but I also ran a Panda online check.
    I have also resident S&D TeaTimer, SpywareGuard, SpywareBlaster and run Ad-Aware every so often.

    Checking for the DLL's being in System32 I'll do in a later stage (I have to go now), but I'll let you know the results.

    22:00 hr.
    I've just done the checking of the in the Regmon.log NOT FOUND DLL's. I don't know whether or not they are in the right place, but they are all there. Here is what I found:

    Map van C:\WINDOWS\AppPatch

    04-08-2004 01:03 1.852.416 acgenral.dll

    Map van C:\WINDOWS\ServicePackFiles\i386

    04-08-2004 01:03 1.024.512 kernel32.dll
    04-08-2004 01:03 343.040 msvcrt.dll
    04-08-2004 01:03 578.560 user32.dll
    04-08-2004 01:03 278.016 gdi32.dll
    04-08-2004 01:03 1.024.000 mfc42u.dll
    04-08-2004 01:03 581.120 rpcrt4.dll
    04-08-2004 01:03 684.032 advapi32.dll
    04-08-2004 01:03 1.281.024 ole32.dll
    04-08-2004 01:03 553.472 oleaut32.dll
    04-08-2004 01:03 18.944 version.dll
    04-08-2004 01:03 474.112 shlwapi.dll
    04-08-2004 01:03 8.431.104 shell32.dll
    04-08-2004 01:03 65.536 shimeng.dll
    04-08-2004 01:03 179.200 winmm.dll
    04-08-2004 01:03 728.576 userenv.dll
    04-08-2004 01:03 219.136 uxtheme.dll
    04-08-2004 01:03 71.680 msacm32.dll

    All these DLL's where also marked as NOT FOUND in the log I made on my wife's computer, where as already mentioned MSConfig normally runs.

    Thanks a lot so far,
    Marcel
     
    Last edited: Feb 24, 2006
Thread Status:
Not open for further replies.