PDA

View Full Version : config utility



shaffy
03-09-2004, 06:05 AM
Hi,
I'm getting the following error when i try to access msconfig via run command:

system configuration utility cannot read the config.sys file because an error occurred.

The system-reported error is: the system cannot find the path specified.

I get this message for three times and each time with option of ok and after the
3rd time i get the following:

The procedure entry point IoUnregisterDeviceInterface could not be located in the
dynamic link library NTDLL.dll

After hitting ok on the last pop-up a system configuration utility window opens but
it only shows 2 tabs: general and startup.
There are a few things which i have no idea what they are but for some reason these
strikes me: IMJPMIG8.1, MSPY2002, PHIME2002ASync and PHIME2002A.

Please help.
Thanks

Here is HijackThis log.

Logfile of HijackThis v1.97.7
Scan saved at 3:49:47 PM, on 3/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\system32\calc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinAce\WinAce.exe
C:\Documents and Settings\Shaffy\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mikespaid4email.com/scripts/runner.php?SP=0db7728dshafak
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef
/Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Forget Me Not Reminders.lnk = C:\CACARD\FMREMIND.EXE
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft
Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and
Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account
Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2)
- http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/198eb5f8d6f2e01bfa04/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipping.net/fvlite22/fvlite.cab
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2841} - http://ad.searchsquire.com/SearchSquire32.CAB
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2846} - http://ad.searchsquire.com/SearchSquire33.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup
Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37855.9686805556
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} (FViewerLoading Class) - http://www.flipviewer.com/exe/fvgen1.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

shanmuga
03-09-2004, 07:08 AM
You are infected with some common adware and other scumware, The procedure is to do a full security scan as follows; It may or may not be related to the problem with Msconfig, but once you got clear of the malware, we can find a solution for that.

Scan your system with one or two of the free web based AV scanners. Cure any malware found.

security.symantec.com/(security.symantec.com)
housecall.trendmicro.com/(housecall.trendmicro.com)
www.ravantivirus.com/scan/ www.ravantivirus.com/scan)
www.pandasoftware.com/activescan/

After the scans, Download, Install and Run Spybot Search & Destroy (http://security.kolla.de/).Check for updates. Close all Internet Explorer windows, hit 'Check for Problems', Let it fix everything it finds that's pre-checked in red.

Reboot.

Download and run AdAware (http://www.lavasoftusa.com/AdAware ). Again, be sure to update it before running. Then quarantine and cure the malware.

Reboot and post a fresh HijackThis log. Note to run the HJT from a permanent folder, not from the temp directory.

edit: and Welcome to the <img src=http://img28.photobucket.com/albums/v83/shanmuga/pcgubb.gif>

shaffy
03-09-2004, 07:14 AM
i ran spybot and adaware before posting here and found nothing...i will do exactly what you said and will post. thanks!

shanmuga
03-09-2004, 07:22 AM
The files you mentioned IMJPMIG8.1, MSPY2002, PHIME2002ASync and PHIME2002A are related to the input of Asian language characters in MS Office suite, so I guess they are legit.

You might also want to update your OS and IE to SP1. Whatever may be your reason for non-updating, it's worth to have it updated just for the security patches and fixes it includes.

Budfred
03-10-2004, 12:38 AM
Did you update Spybot and AdAware before running them? I though Spybot took out Xupitor and you still have it on your system. You also have Netster:

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/198eb5f8d6f2e0...ip/RdxIE601.cab
-Netster
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2841} - http://ad.searchsquire.com/SearchSquire32.CAB
-Xupiter / SearchSquire Variant
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2846} - http://ad.searchsquire.com/SearchSquire33.CAB
-Xupiter / SearchSquire Variant

If they are still there after you run the AV scan, use HJT to fix them, then reboot and post a fresh log....

shaffy
03-11-2004, 04:22 PM
OKAY - here is the new log... I see some of the things that i have used in the past are still showing up in the log...such as stamps.com - can i delete those?

Logfile of HijackThis v1.97.7
Scan saved at 12:10:16 PM, on 3/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Documents and Settings\Shaffy\Desktop\hijackthis1977\HijackThis. exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mikespaid4email.com/scripts/runner.php?SP=0db7728dshafak
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Forget Me Not Reminders.lnk = C:\CACARD\FMREMIND.EXE
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/198eb5f8d6f2e01bfa04/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipping.net/fvlite22/fvlite.cab
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2841} - http://ad.searchsquire.com/SearchSquire32.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37855.9686805556
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} (FViewerLoading Class) - http://www.flipviewer.com/exe/fvgen1.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

Budfred
03-11-2004, 07:54 PM
You still have Xupitor and Netster... Did you update and run Spybot?????????:confused:

Whether you did or not, please close all open windows and your browser, run HJT and fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/198eb5f8d6f2e0...ip/RdxIE601.cab
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2841} - http://ad.searchsquire.com/SearchSquire32.CAB

If this is not your intended StartPage, fix it too:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mikespaid4email.com/scri...=0db7728dshafak

You can fix any of the O16 items that you would like. They are automatically restored when you revisit the site in question. It may even be worthwhile to fix them all and rebuild them as you go...

Also, you need to update your WinXP with SP1 and critical updates since you are vulnerable to a bunch of really mean malware the way it is now....

Once you run your fixes, please reboot and run HJT again, then post a fresh log....

shaffy
03-13-2004, 01:43 AM
Ok, how is this:

Logfile of HijackThis v1.97.7
Scan saved at 9:38:42 PM, on 3/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Documents and Settings\Shaffy\Desktop\hijackthis1977\HijackThis. exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mikespaid4email.com/scripts/runner.php?SP=0db7728dshafak
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - Startup: Forget Me Not Reminders.lnk = C:\CACARD\FMREMIND.EXE
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

shaffy
03-13-2004, 01:45 AM
oh sorry, i one more thing...can i also remove this:
O4 - Startup: Forget Me Not Reminders.lnk = C:\CACARD\FMREMIND.EXE

Would you please tell me which of the things are necessary and what i can delete without harming my pc?

Budfred
03-13-2004, 02:05 AM
You can certainly fix that O4 if you don't use it or need it....

Here are other things that are optional... The ones marked with an [N] are not required and can be started manually if needed, the ones marked with a [U] are considered user's choice, keep it if you want it. The ones marked with a [?] are not really known and don't seem to do anything important... Obviously you need to be careful before you fix any of the items for McAfee or Norton, but it may be okay to remove them if you don't need them to load automatically.

[N] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
-TkBellExe (REALSCHED.EXE)
[N] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
-kernelfaultcheck (DUMPREP 0 -K)
[U] O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
-McUpdateExe (MCUPDATE.EXE)
[U] O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
-McAgentExe (MCAGENT.EXE)
[N] O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
-Imjpmig8.1 (IMJPMIG.EXE)
[N] O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
-MSPY2002 (IMSCINST.EXE)
[N] O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
-PHIME2002ASync (TINTSETP.EXE)
[N] O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
-Phime2002a (TINTSETP.EXE)
[?] O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
-McRegWiz (MCREGWIZ.EXE)
[N] O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
-Introducing Media Manager (SPLASHA.EXE)
[N] O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
-Norton System Doctor (SYSDOC32.EXE)

If this is not your intended StartPage, you can fix it too:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mikespaid4email.com/scri...=0db7728dshafak

shaffy
03-13-2004, 03:15 AM
Thanks a bunch! Now what about the msconfig command error message? What do i need to do there?

Once again, thank you very much for your time and help :)

Budfred
03-13-2004, 09:20 AM
I don't know why you would be getting that message.... As I understand it, WinXP doesn't use config.sys or msconfig in native format. If you are still getting that message, it could indicate a trojan or virus that is not showing up in HJT or something beyond my awareness (meaning someone else will need to say something about it). In the meanwhile, you can run an online virus scan and download/run the trial version of TrojanHunter or some other trojan cleaner and see if either of these options are the issue....

Paul Komski
03-13-2004, 05:56 PM
The msconfig errors you describe have been reported when there has been an incorrect path to the msconfig.exe file (or the wrong msconfig.exe in a dual boot setup) have been what the run box has attempted to open; eg http://4peeps.com/ivb/index.php?showtopic=6589

Try searching your drive for all examples of msconfig.exe and then try opening them directly. If one of them works correctly then simply make a desktop shortcut to it.

shaffy
03-14-2004, 04:13 PM
What do you mean by all example of msconfig.exe? Sorry, I'm new at this and don't know much. Thanks for the help.

Paul Komski
03-14-2004, 04:22 PM
Well, for example, I have a copy in both C:\Windows\ServicePackFiles\i386 and in C:\pchealth\helpctr\binaries on a WinXP system.