Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

msconfig won't open


  • This topic is locked This topic is locked
2 replies to this topic

#1 EverythingTech

EverythingTech

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 29 July 2013 - 03:39 AM

Hi all,

 

I'm taking a look at a friend's computer, and it seems to have a accumulated a decent amount of malware. The owner had Microsoft Secuirty Essentials installed, but evidently that didn't do much to protect his computer. I installed Malwarebytes Anti-Malware and it found 28 suspicious files/entries. Avast also found some stuff in a boot-time scan.

 

I've removed everything these programs came up with, but msconfig still won't start. Even if I try to open it from C:\WINDOWS\pchealth\helpctrl\binaries it won't load. It takes the focus away from the Explorer window for a split second, but then the focus is back to Explorer.

 

Thanks in advance!

 

Log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by User at 22:24:58 on 2013-07-28
#Option MBR scan  is disabled.
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1476 [GMT -10:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\AOL\1234126711\ee\AOLSoftware.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKey0.dll
mWinlogon: Userinit = Userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKey0.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: KeyBar 1.8 Toolbar: {9ED31F84-C8B3-4926-B950-DFF74047FF79} - c:\program files\keybar_1.8\prxtbKey0.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: KeyBar 1.8 Toolbar: {9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files\keybar_1.8\prxtbKey0.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HostManager] c:\program files\common files\aol\1234126711\ee\AOLSoftware.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [OtShot] c:\program files\otshot\otshot.exe -minimize
mRun: [BackupDutyLite] c:\program files\backupdutylite\BackUpDutyLite.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369107278765
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.137.1
TCP: Interfaces\{DC0F69F2-DC7B-4281-94A6-0DF65402B3CA} : DHCPNameServer = 192.168.137.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
LSA: Authentication Packages =  msv1_0 relog_ap
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-28 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-28 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-28 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-28 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-28 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-28 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-28 46808]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2009-1-20 98984]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-7-12 3289472]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2007-6-2 34944]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
.
=============== Created Last 30 ================
.
2013-07-29 05:38:45    --------    d-----w-    c:\documents and settings\user\application data\Malwarebytes
2013-07-29 05:38:22    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-07-29 05:38:20    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-29 05:38:20    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-29 02:47:42    7143960    ----a-w-    c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c0de19ec-fcb2-4ae9-84f3-ee864208d2a3}\mpengine.dll
2013-07-29 02:27:52    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-07-29 02:27:52    175176    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-07-29 02:27:51    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-07-29 02:27:51    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-07-29 02:27:24    41664    ----a-w-    c:\windows\avastSS.scr
2013-07-29 02:24:25    --------    d-----w-    c:\program files\AVAST Software
2013-07-29 02:23:46    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-07-27 05:46:33    --------    d-----w-    c:\program files\common files\Symantec Shared
2013-07-27 05:46:25    --------    d-----w-    c:\windows\system32\drivers\nss\0307060.005
2013-07-27 05:46:25    --------    d-----w-    c:\windows\system32\drivers\NSS
2013-07-27 05:46:25    --------    d-----w-    c:\program files\Norton Security Scan
2013-07-27 05:46:25    --------    d-----w-    c:\documents and settings\all users\application data\Norton
2013-07-27 05:46:21    --------    d-----w-    c:\program files\NortonInstaller
2013-07-27 05:46:21    --------    d-----w-    c:\documents and settings\all users\application data\NortonInstaller
2013-07-24 14:55:10    12160    -c--a-w-    c:\windows\system32\dllcache\mouhid.sys
2013-07-24 14:55:10    12160    ----a-w-    c:\windows\system32\drivers\mouhid.sys
.
==================== Find3M  ====================
.
2013-06-12 04:30:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 04:30:41    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-08 09:55:44    385024    ------w-    c:\windows\system32\html.iec
2013-06-07 21:56:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56:06    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40:45    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-09 10:28:02    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-05-08 06:10:12    770384    ----a-w-    c:\windows\system32\msvcr100.dll
2013-05-08 06:10:12    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2013-05-03 01:30:20    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-02 12:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:25:37.40 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 EverythingTech

EverythingTech
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 29 July 2013 - 09:29 PM

Nevermind, I've had it with this computer. Now it's got another hardware issue, so I'm giving up on it. No need to help me try to fix this problem. I wish I could just delete this thread...



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 02 August 2013 - 08:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users