Start/Run/Misconfig = no longer works....

  • Thread starter Thread starter ~ FreeSpirit ~
  • Start date Start date
F

~ FreeSpirit ~

Ok guys, more problems with XP-home. Now I can't use Start/Run/Misconfig
anymore. It opens for a few split seconds and closes. It's more of a FLASH
on the screen so cannot be used at all. How is this problem fixed? Finding
the misconfig exe just does the same thing. It simply flashes across the
monitor and closes. How is it made to remain open long enough to actually
use? Anyone ... ???

Also how do I get rid of this unwanted MS messenger thing? It just keeps
coming back.

Free Spirit.....
 
Free Spirit,

It's called MSCONFIG. And, viruses may terminate MSCONFIG.EXE process.

Run a full system virus scan.

Task Manager, MSCONFIG, or REGEDIT disappears while opening:
http://www.mvps.org/sramesh2k/ToolsQuit.htm

Free Online Virus Scanners and Security Tests:
http://www.mvps.org/sramesh2k/Scanners.htm

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k


Ok guys, more problems with XP-home. Now I can't use Start/Run/Misconfig
anymore. It opens for a few split seconds and closes. It's more of a FLASH
on the screen so cannot be used at all. How is this problem fixed? Finding
the misconfig exe just does the same thing. It simply flashes across the
monitor and closes. How is it made to remain open long enough to actually
use? Anyone ... ???

Also how do I get rid of this unwanted MS messenger thing? It just keeps
coming back.

Free Spirit.....
 
Free Spirit,

It's called MSCONFIG. And, viruses may terminate MSCONFIG.EXE process.

Run a full system virus scan.

$$ I already did with a freshly updated Norton and it showed no viruses.
Nothing! I update Norton at least every other day and scan the PC once a
week.

Task Manager, MSCONFIG, or REGEDIT disappears while opening:
http://www.mvps.org/sramesh2k/ToolsQuit.htm

$$ Yes, this is what's happening. I read the website but it doesn't seem
geared to non-techie people like myself. I'm not real familiar with the
registry and I'm not sure how to safely backup and reinstall the registry if
I delete the wrong thing. Also Norton doesn't find any of these viruses on
my PC.

Norton says backing the registry in XP isn't easy and recommends backing up
one key.... I'm gretting sick to my stomach.

Free Online Virus Scanners and Security Tests:
http://www.mvps.org/sramesh2k/Scanners.htm

$$ Since Norton says the PC is clean I scanned my PC with McAfee free
online scanner. This is what McAfee found. How could Norton find NOTHING
and McAfree find this????? It found 7 infected files Norton missed 45
minutes ago???? However, this virus doesn't cause the problem of the
vanishing msconfig/regedit dissapearing.

C:\hp\region\EN_AW-ie.reg Reg/Seeker
C:\hp\region\EN_BB-ie.reg Reg/Seeker
C:\hp\region\EN_BS-ie.reg Reg/Seeker
C:\hp\region\EN_GD-ie.reg Reg/Seeker
C:\hp\region\EN_JM-ie.reg Reg/Seeker
C:\hp\region\EN_TT-ie.reg Reg/Seeker
C:\hp\region\EN_US-ie.reg

What else can cause this problem besides a virus? I also run Spy-bot,
Ad-Aware, CWShredder & BODemon
weekly. How can they have all failed to spot this "Seeker" thing? I
deleted the whole infected folder.

FS...........


--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k


Ok guys, more problems with XP-home. Now I can't use Start/Run/Misconfig
anymore. It opens for a few split seconds and closes. It's more of a FLASH
on the screen so cannot be used at all. How is this problem fixed? Finding
the misconfig exe just does the same thing. It simply flashes across the
monitor and closes. How is it made to remain open long enough to actually
use? Anyone ... ???

Also how do I get rid of this unwanted MS messenger thing? It just keeps
coming back.

Free Spirit.....
 
Run HijackThis and post the log to spywareinfo forums. They may help you eliminate the malware stuff from the system. And a very valid point from Wesley. Most common mistake a normal user does is, scanning the PC with an outdated virus definitions - which is of almost no use . If you've updated it and still the problem persist, follow-up with HijackThis.

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k



Free Spirit,

It's called MSCONFIG. And, viruses may terminate MSCONFIG.EXE process.

Run a full system virus scan.

$$ I already did with a freshly updated Norton and it showed no viruses.
Nothing! I update Norton at least every other day and scan the PC once a
week.

Task Manager, MSCONFIG, or REGEDIT disappears while opening:
http://www.mvps.org/sramesh2k/ToolsQuit.htm

$$ Yes, this is what's happening. I read the website but it doesn't seem
geared to non-techie people like myself. I'm not real familiar with the
registry and I'm not sure how to safely backup and reinstall the registry if
I delete the wrong thing. Also Norton doesn't find any of these viruses on
my PC.

Norton says backing the registry in XP isn't easy and recommends backing up
one key.... I'm gretting sick to my stomach.

Free Online Virus Scanners and Security Tests:
http://www.mvps.org/sramesh2k/Scanners.htm

$$ Since Norton says the PC is clean I scanned my PC with McAfee free
online scanner. This is what McAfee found. How could Norton find NOTHING
and McAfree find this????? It found 7 infected files Norton missed 45
minutes ago???? However, this virus doesn't cause the problem of the
vanishing msconfig/regedit dissapearing.

C:\hp\region\EN_AW-ie.reg Reg/Seeker
C:\hp\region\EN_BB-ie.reg Reg/Seeker
C:\hp\region\EN_BS-ie.reg Reg/Seeker
C:\hp\region\EN_GD-ie.reg Reg/Seeker
C:\hp\region\EN_JM-ie.reg Reg/Seeker
C:\hp\region\EN_TT-ie.reg Reg/Seeker
C:\hp\region\EN_US-ie.reg

What else can cause this problem besides a virus? I also run Spy-bot,
Ad-Aware, CWShredder & BODemon
weekly. How can they have all failed to spot this "Seeker" thing? I
deleted the whole infected folder.

FS...........


--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k


Ok guys, more problems with XP-home. Now I can't use Start/Run/Misconfig
anymore. It opens for a few split seconds and closes. It's more of a FLASH
on the screen so cannot be used at all. How is this problem fixed? Finding
the misconfig exe just does the same thing. It simply flashes across the
monitor and closes. How is it made to remain open long enough to actually
use? Anyone ... ???

Also how do I get rid of this unwanted MS messenger thing? It just keeps
coming back.

Free Spirit.....
 
Wesley Vogel said:
Is Norton up to date???
Click to expand...

## I updated Norton minutes BEFORE I did the scan. Norton found NOTHING!
Online McAfee only found "Seeker." I have no idea how to remove that from
the registry.

While I'm at it, System Restore NEVER worked on this PC even after restoring
the OS. How do you get System Restore to work and actually restore the
system to a previous date? The HP tech tried that tonight and no dice!
The OS has been restored on this PC several times and never once would SR
work. So now I have 2 serious problems....
 
Run HijackThis and post the log to spywareinfo forums.

$$ I'll try that. Where do I locate a spyware forum?

They may help you eliminate the malware stuff from the system. And a very
valid point from Wesley. Most common mistake a normal user does is, scanning
the PC with an outdated virus definitions - which is of almost no use .

$$ OK... I update Norton every other day and updated it *minutes before*
the scan. I then scanned it online with McAfree and all McAfee found was
"Seeker." This has nothing to do with the original problem.

If you've updated it and still the problem persist, follow-up with
HijackThis.

$$ That wont fix the problem of the no regedit and msconfig. How do I fix
that problem? Seeker is a Browser Hijacker and doesn't cause the other
problem.

FS........

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k



Free Spirit,

It's called MSCONFIG. And, viruses may terminate MSCONFIG.EXE process.

Run a full system virus scan.

$$ I already did with a freshly updated Norton and it showed no viruses.
Nothing! I update Norton at least every other day and scan the PC once a
week.

Task Manager, MSCONFIG, or REGEDIT disappears while opening:
http://www.mvps.org/sramesh2k/ToolsQuit.htm

$$ Yes, this is what's happening. I read the website but it doesn't seem
geared to non-techie people like myself. I'm not real familiar with the
registry and I'm not sure how to safely backup and reinstall the registry if
I delete the wrong thing. Also Norton doesn't find any of these viruses on
my PC.

Norton says backing the registry in XP isn't easy and recommends backing up
one key.... I'm gretting sick to my stomach.

Free Online Virus Scanners and Security Tests:
http://www.mvps.org/sramesh2k/Scanners.htm

$$ Since Norton says the PC is clean I scanned my PC with McAfee free
online scanner. This is what McAfee found. How could Norton find NOTHING
and McAfree find this????? It found 7 infected files Norton missed 45
minutes ago???? However, this virus doesn't cause the problem of the
vanishing msconfig/regedit dissapearing.

C:\hp\region\EN_AW-ie.reg Reg/Seeker
C:\hp\region\EN_BB-ie.reg Reg/Seeker
C:\hp\region\EN_BS-ie.reg Reg/Seeker
C:\hp\region\EN_GD-ie.reg Reg/Seeker
C:\hp\region\EN_JM-ie.reg Reg/Seeker
C:\hp\region\EN_TT-ie.reg Reg/Seeker
C:\hp\region\EN_US-ie.reg

What else can cause this problem besides a virus? I also run Spy-bot,
Ad-Aware, CWShredder & BODemon
weekly. How can they have all failed to spot this "Seeker" thing? I
deleted the whole infected folder.

FS...........


--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k


Ok guys, more problems with XP-home. Now I can't use Start/Run/Misconfig
anymore. It opens for a few split seconds and closes. It's more of a FLASH
on the screen so cannot be used at all. How is this problem fixed? Finding
the misconfig exe just does the same thing. It simply flashes across the
monitor and closes. How is it made to remain open long enough to actually
use? Anyone ... ???

Also how do I get rid of this unwanted MS messenger thing? It just keeps
coming back.

Free Spirit.....
 
That wont fix the problem of the no regedit and msconfig.

How do you say that? There are lots of spyware/trojans/viruses being discovered daily, and running HijackThis lists out the processes running in your system, be it a spyware/trojan or virus.

Spywareinfo forums:
http://www.spywareinfo.com/forums/

Download Hijackthis from:
http://www.spywareinfo.com/~merijn/

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k



Run HijackThis and post the log to spywareinfo forums.

$$ I'll try that. Where do I locate a spyware forum?

They may help you eliminate the malware stuff from the system. And a very
valid point from Wesley. Most common mistake a normal user does is, scanning
the PC with an outdated virus definitions - which is of almost no use .

$$ OK... I update Norton every other day and updated it *minutes before*
the scan. I then scanned it online with McAfree and all McAfee found was
"Seeker." This has nothing to do with the original problem.

If you've updated it and still the problem persist, follow-up with
HijackThis.

$$ That wont fix the problem of the no regedit and msconfig. How do I fix
that problem? Seeker is a Browser Hijacker and doesn't cause the other
problem.

FS........

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k



Free Spirit,

It's called MSCONFIG. And, viruses may terminate MSCONFIG.EXE process.

Run a full system virus scan.

$$ I already did with a freshly updated Norton and it showed no viruses.
Nothing! I update Norton at least every other day and scan the PC once a
week.

Task Manager, MSCONFIG, or REGEDIT disappears while opening:
http://www.mvps.org/sramesh2k/ToolsQuit.htm

$$ Yes, this is what's happening. I read the website but it doesn't seem
geared to non-techie people like myself. I'm not real familiar with the
registry and I'm not sure how to safely backup and reinstall the registry if
I delete the wrong thing. Also Norton doesn't find any of these viruses on
my PC.

Norton says backing the registry in XP isn't easy and recommends backing up
one key.... I'm gretting sick to my stomach.

Free Online Virus Scanners and Security Tests:
http://www.mvps.org/sramesh2k/Scanners.htm

$$ Since Norton says the PC is clean I scanned my PC with McAfee free
online scanner. This is what McAfee found. How could Norton find NOTHING
and McAfree find this????? It found 7 infected files Norton missed 45
minutes ago???? However, this virus doesn't cause the problem of the
vanishing msconfig/regedit dissapearing.

C:\hp\region\EN_AW-ie.reg Reg/Seeker
C:\hp\region\EN_BB-ie.reg Reg/Seeker
C:\hp\region\EN_BS-ie.reg Reg/Seeker
C:\hp\region\EN_GD-ie.reg Reg/Seeker
C:\hp\region\EN_JM-ie.reg Reg/Seeker
C:\hp\region\EN_TT-ie.reg Reg/Seeker
C:\hp\region\EN_US-ie.reg

What else can cause this problem besides a virus? I also run Spy-bot,
Ad-Aware, CWShredder & BODemon
weekly. How can they have all failed to spot this "Seeker" thing? I
deleted the whole infected folder.

FS...........


--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k


Ok guys, more problems with XP-home. Now I can't use Start/Run/Misconfig
anymore. It opens for a few split seconds and closes. It's more of a FLASH
on the screen so cannot be used at all. How is this problem fixed? Finding
the misconfig exe just does the same thing. It simply flashes across the
monitor and closes. How is it made to remain open long enough to actually
use? Anyone ... ???

Also how do I get rid of this unwanted MS messenger thing? It just keeps
coming back.

Free Spirit.....
 
Run HijackThis and post the log to spywareinfo forums. They may help you
eliminate the malware stuff from the system. And a very valid point from
Wesley. Most common mistake a normal user does is, scanning the PC with an
outdated virus definitions - which is of almost no use . If you've updated
it and still the problem persist, follow-up with HijackThis.
===================
I Just downloaded HiJackThis and looked at what it found. Nothing there
that looked suspicious.

FS............
 

How do you say that?

** Because the websites said "Seeker" is a browser Hijacker, not something
that attacks things like msconfig and regedit. It directs you to other
websites.

There are lots of spyware/trojans/viruses being discovered daily, and
running HijackThis lists out the processes running in your system, be it a
spyware/trojan or virus.

** OK. I downloaded and ran HijackThis...

Spywareinfo forums:
http://www.spywareinfo.com/forums/

** OK, I'm trying to get registered there now.

Download Hijackthis from:
http://www.spywareinfo.com/~merijn/

** I already downloaded and ran it and saved the report. :-)

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k

FS..........
==================================



Run HijackThis and post the log to spywareinfo forums.

$$ I'll try that. Where do I locate a spyware forum?

They may help you eliminate the malware stuff from the system. And a very
valid point from Wesley. Most common mistake a normal user does is, scanning
the PC with an outdated virus definitions - which is of almost no use .

$$ OK... I update Norton every other day and updated it *minutes before*
the scan. I then scanned it online with McAfree and all McAfee found was
"Seeker." This has nothing to do with the original problem.

If you've updated it and still the problem persist, follow-up with
HijackThis.

$$ That wont fix the problem of the no regedit and msconfig. How do I fix
that problem? Seeker is a Browser Hijacker and doesn't cause the other
problem.

FS........

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k



Free Spirit,

It's called MSCONFIG. And, viruses may terminate MSCONFIG.EXE process.

Run a full system virus scan.

$$ I already did with a freshly updated Norton and it showed no viruses.
Nothing! I update Norton at least every other day and scan the PC once a
week.

Task Manager, MSCONFIG, or REGEDIT disappears while opening:
http://www.mvps.org/sramesh2k/ToolsQuit.htm

$$ Yes, this is what's happening. I read the website but it doesn't seem
geared to non-techie people like myself. I'm not real familiar with the
registry and I'm not sure how to safely backup and reinstall the registry if
I delete the wrong thing. Also Norton doesn't find any of these viruses on
my PC.

Norton says backing the registry in XP isn't easy and recommends backing up
one key.... I'm gretting sick to my stomach.

Free Online Virus Scanners and Security Tests:
http://www.mvps.org/sramesh2k/Scanners.htm

$$ Since Norton says the PC is clean I scanned my PC with McAfee free
online scanner. This is what McAfee found. How could Norton find NOTHING
and McAfree find this????? It found 7 infected files Norton missed 45
minutes ago???? However, this virus doesn't cause the problem of the
vanishing msconfig/regedit dissapearing.

C:\hp\region\EN_AW-ie.reg Reg/Seeker
C:\hp\region\EN_BB-ie.reg Reg/Seeker
C:\hp\region\EN_BS-ie.reg Reg/Seeker
C:\hp\region\EN_GD-ie.reg Reg/Seeker
C:\hp\region\EN_JM-ie.reg Reg/Seeker
C:\hp\region\EN_TT-ie.reg Reg/Seeker
C:\hp\region\EN_US-ie.reg

What else can cause this problem besides a virus? I also run Spy-bot,
Ad-Aware, CWShredder & BODemon
weekly. How can they have all failed to spot this "Seeker" thing? I
deleted the whole infected folder.

FS...........


--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k


Ok guys, more problems with XP-home. Now I can't use Start/Run/Misconfig
anymore. It opens for a few split seconds and closes. It's more of a FLASH
on the screen so cannot be used at all. How is this problem fixed? Finding
the misconfig exe just does the same thing. It simply flashes across the
monitor and closes. How is it made to remain open long enough to actually
use? Anyone ... ???

Also how do I get rid of this unwanted MS messenger thing? It just keeps
coming back.

Free Spirit.....
 
Ok. All the Best!

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k




How do you say that?

** Because the websites said "Seeker" is a browser Hijacker, not something
that attacks things like msconfig and regedit. It directs you to other
websites.

There are lots of spyware/trojans/viruses being discovered daily, and
running HijackThis lists out the processes running in your system, be it a
spyware/trojan or virus.

** OK. I downloaded and ran HijackThis...

Spywareinfo forums:
http://www.spywareinfo.com/forums/

** OK, I'm trying to get registered there now.

Download Hijackthis from:
http://www.spywareinfo.com/~merijn/

** I already downloaded and ran it and saved the report. :-)

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k

FS..........
==================================



Run HijackThis and post the log to spywareinfo forums.

$$ I'll try that. Where do I locate a spyware forum?

They may help you eliminate the malware stuff from the system. And a very
valid point from Wesley. Most common mistake a normal user does is, scanning
the PC with an outdated virus definitions - which is of almost no use .

$$ OK... I update Norton every other day and updated it *minutes before*
the scan. I then scanned it online with McAfree and all McAfee found was
"Seeker." This has nothing to do with the original problem.

If you've updated it and still the problem persist, follow-up with
HijackThis.

$$ That wont fix the problem of the no regedit and msconfig. How do I fix
that problem? Seeker is a Browser Hijacker and doesn't cause the other
problem.

FS........

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k



Free Spirit,

It's called MSCONFIG. And, viruses may terminate MSCONFIG.EXE process.

Run a full system virus scan.

$$ I already did with a freshly updated Norton and it showed no viruses.
Nothing! I update Norton at least every other day and scan the PC once a
week.

Task Manager, MSCONFIG, or REGEDIT disappears while opening:
http://www.mvps.org/sramesh2k/ToolsQuit.htm

$$ Yes, this is what's happening. I read the website but it doesn't seem
geared to non-techie people like myself. I'm not real familiar with the
registry and I'm not sure how to safely backup and reinstall the registry if
I delete the wrong thing. Also Norton doesn't find any of these viruses on
my PC.

Norton says backing the registry in XP isn't easy and recommends backing up
one key.... I'm gretting sick to my stomach.

Free Online Virus Scanners and Security Tests:
http://www.mvps.org/sramesh2k/Scanners.htm

$$ Since Norton says the PC is clean I scanned my PC with McAfee free
online scanner. This is what McAfee found. How could Norton find NOTHING
and McAfree find this????? It found 7 infected files Norton missed 45
minutes ago???? However, this virus doesn't cause the problem of the
vanishing msconfig/regedit dissapearing.

C:\hp\region\EN_AW-ie.reg Reg/Seeker
C:\hp\region\EN_BB-ie.reg Reg/Seeker
C:\hp\region\EN_BS-ie.reg Reg/Seeker
C:\hp\region\EN_GD-ie.reg Reg/Seeker
C:\hp\region\EN_JM-ie.reg Reg/Seeker
C:\hp\region\EN_TT-ie.reg Reg/Seeker
C:\hp\region\EN_US-ie.reg

What else can cause this problem besides a virus? I also run Spy-bot,
Ad-Aware, CWShredder & BODemon
weekly. How can they have all failed to spot this "Seeker" thing? I
deleted the whole infected folder.

FS...........


--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k


Ok guys, more problems with XP-home. Now I can't use Start/Run/Misconfig
anymore. It opens for a few split seconds and closes. It's more of a FLASH
on the screen so cannot be used at all. How is this problem fixed? Finding
the misconfig exe just does the same thing. It simply flashes across the
monitor and closes. How is it made to remain open long enough to actually
use? Anyone ... ???

Also how do I get rid of this unwanted MS messenger thing? It just keeps
coming back.

Free Spirit.....
 
FreeSpirit,

My intention is not to be rude, but for someone who states; "Norton says
backing the registry in XP isn't easy and recommends backing up one key....
I'm gretting sick to my stomach" it would only seem reasonable that you
would have trouble interpreting the results of a "Hijack This" report. Did
you actually mean that you posted the report and received feedback that
there was nothing unusual? If not, I would suggest you post the report and
have it examined by people who have a lot of experience reviewing them and
see what they find.
 
~ FreeSpirit ~ said:
Run HijackThis and post the log to spywareinfo forums. They may help you
eliminate the malware stuff from the system. And a very valid point from
Wesley. Most common mistake a normal user does is, scanning the PC with an
outdated virus definitions - which is of almost no use . If you've updated
it and still the problem persist, follow-up with HijackThis.
===================
I Just downloaded HiJackThis and looked at what it found. Nothing there
that looked suspicious.

FS............
Click to expand...
============================
The second time I got a lot more stuff. I registerd on the Forum but can't
find any *post button* or place to C&P my report to. I know you mean well
but this Forum is like trying to understand Chinese to me. I don't see that
information in the helpfiles - see below:

**Helpfile: There are three different posting screens available. [I don't
see them there.] The new topic button, visible in forums [what/where is the
Forum the report goes to?] and in topics allows you to add a new topic to
that particular forum. The new poll button (is the admin has enabled it)
will also be viewable in topics and forums allowing you to create a new poll
in the forum. (what is a poll?) When viewing a topic, there will be an add
reply button, allowing you to add a new reply onto that particular topic [I
never found the topics].**

Is there someplace easy to use and understand where I can paste my report
to? I'm completely lost on this Forum thing. If I did find the place to
past it to, it's doubtful I would ever locate the reply. The search there
only gives me "Sorry, we could not find any help topics that matched your
search criteria, please try again." I fould no place to post my report to
there.

FS.........
 
Well said, Sir_George.

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k


FreeSpirit,

My intention is not to be rude, but for someone who states; "Norton says
backing the registry in XP isn't easy and recommends backing up one key....
I'm gretting sick to my stomach" it would only seem reasonable that you
would have trouble interpreting the results of a "Hijack This" report. Did
you actually mean that you posted the report and received feedback that
there was nothing unusual? If not, I would suggest you post the report and
have it examined by people who have a lot of experience reviewing them and
see what they find.
 
Sir_George said:
FreeSpirit,

My intention is not to be rude, but for someone who states; "Norton says
backing the registry in XP isn't easy and recommends backing up one key....
I'm gretting sick to my stomach"
Click to expand...

** That's what the website said. And yes, my stomach is in knots because
if I delete the wrong KEY I'm in trouble. The techs in my town charge $40
an hour and up if I have to take the PC there.

it would only seem reasonable that you
would have trouble interpreting the results of a "Hijack This" report. Did
you actually mean that you posted the report and received feedback that
there was nothing unusual?
Click to expand...

** No, I didn't get the whole report the first time and what I saw I
recognized. Now the long report I see many things I don't recognize.

If not, I would suggest you post the report and
have it examined by people who have a lot of experience reviewing them and
see what they find.
Click to expand...

** I don't know where to post it there on the Forum thing. I see no window
to C&P it to. The few times I've tried Forums in the past I never figured
out how they work. I can't even find a page there to post and introduce
myself, and ask anyone to look at the report. I don't know where to post
THIS on that Forum.

This is the report from HijackThis:

Logfile of HijackThis v1.97.7
Scan saved at 7:46:46 AM, on 4/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\SYSTEM2.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\T3VJPXSE\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.heartoftn.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QD FastAndSafe]
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [System Terminal] SYSTEM2.EXE
O4 - HKCU\..\RunOnce: [System Terminal] SYSTEM2.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Dpcstart.lnk = C:\Program
Files\DIRECWAY\BIN\dpcstart.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &WordWeb... -
res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward &Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Si&milar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet
Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4351/mcfscan.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4027C9D0-ABA5-4111-A56F-387EEC5C221D}:
Domain = direcway.com
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4027C9D0-ABA5-4111-A56F-387EEC5C221D}:
NameServer = 66.82.4.8
 
Ok. All the Best!
================
This is very confusing to a non techie since SystemRestore NEVER worked on
this PC, even after a few Destructive Recoveries and a reformat and
reinstall of the OS by HP. :-(

I assume you're saying this "seeker" browser hijacker is causing this new
problems with msconfig/regedit and the old problem of System Restore not
working? Please remember that that the system has already been reinstalled
several times on this PC, a few times by us and once (the whole OS) by HP.
It's doubtful this Hijacker was installed with the OS each time (???). As
HP knows there has been problems with this PC from day one. Sorry.... I'm
lost here. I was up all night working on these issues and feel like I'm
spinning my wheels......

FS...........
 
No. I'm not telling that this browser hijacker / trojan is the only cause. There may also be some others in the system.

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k



Ok. All the Best!
================
This is very confusing to a non techie since SystemRestore NEVER worked on
this PC, even after a few Destructive Recoveries and a reformat and
reinstall of the OS by HP. :-(

I assume you're saying this "seeker" browser hijacker is causing this new
problems with msconfig/regedit and the old problem of System Restore not
working? Please remember that that the system has already been reinstalled
several times on this PC, a few times by us and once (the whole OS) by HP.
It's doubtful this Hijacker was installed with the OS each time (???). As
HP knows there has been problems with this PC from day one. Sorry.... I'm
lost here. I was up all night working on these issues and feel like I'm
spinning my wheels......

FS...........
 
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

Is scumware:

ShopForGood
Overview
ShopForGood, also know as TGDC IE Plugin, is a browser helper object that is
designed to redirect affiliate links.

ShopForGood - Adware removal instructions
http://www.kephyr.com/spywarescanner/library/shopforgood/index.phtml

TGDC
http://www.spywareguide.com/spydet_424_tgdc.html


--
Hope this helps. Let us know.
Wes

In
~ FreeSpirit ~ said:
Sir_George said:
FreeSpirit,

My intention is not to be rude, but for someone who states; "Norton
says backing the registry in XP isn't easy and recommends backing up
one key.... I'm gretting sick to my stomach"
Click to expand...

** That's what the website said. And yes, my stomach is in knots
because if I delete the wrong KEY I'm in trouble. The techs in my
town charge $40 an hour and up if I have to take the PC there.

it would only seem reasonable that you
would have trouble interpreting the results of a "Hijack This"
report. Did you actually mean that you posted the report and
received feedback that there was nothing unusual?
Click to expand...

** No, I didn't get the whole report the first time and what I saw I
recognized. Now the long report I see many things I don't recognize.

If not, I would suggest you post the report and
have it examined by people who have a lot of experience reviewing
them and see what they find.
Click to expand...

** I don't know where to post it there on the Forum thing. I see no
window to C&P it to. The few times I've tried Forums in the past I
never figured out how they work. I can't even find a page there to
post and introduce myself, and ask anyone to look at the report. I
don't know where to post THIS on that Forum.

This is the report from HijackThis:

Logfile of HijackThis v1.97.7
Scan saved at 7:46:46 AM, on 4/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\SYSTEM2.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\T3VJPXSE\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.heartoftn.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no
file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QD FastAndSafe]
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [System Terminal] SYSTEM2.EXE
O4 - HKCU\..\RunOnce: [System Terminal] SYSTEM2.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Dpcstart.lnk = C:\Program
Files\DIRECWAY\BIN\dpcstart.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &WordWeb... -
res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward &Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Si&milar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet
Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
-
http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4351/mcfscan.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4027C9D0-ABA5-4111-A56F-387EEC5C221D}:
Domain = direcway.com
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4027C9D0-ABA5-4111-A56F-387EEC5C221D}:
NameServer = 66.82.4.8
Click to expand...
 
Wesley Vogel said:
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

Is scumware:

ShopForGood
Overview
ShopForGood, also know as TGDC IE Plugin, is a browser helper object that is
designed to redirect affiliate links.
ShopForGood - Adware removal instructions
http://www.kephyr.com/spywarescanner/library/shopforgood/index.phtml
Click to expand...

** All I could find was BHODemon and removed it with Add/Remove Programs.
TGDC
http://www.spywareguide.com/spydet_424_tgdc.html
Click to expand...

** Some other spyware and Keyloggers were also found and removed (keys and
all) but the problem still persists. I could be wrong but I don't think this
is caused by spyware or the ever more common adware and tracker cookies.
Those pests want to sell you something - not wreck your computer. Why
nothing is finding the "problem" is beyond me.....
Hope this helps. Let us know.
Wes
Click to expand...

FS..............
 
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

According to what you posted (above) msconfig is starting when you boot.
msconfig.exe = msconfig = System Configuration Utility

Hit: Ctrl + Alt + Delete | on the Applications tab, see if
System Configuration Utility is listed | on the Processes
tab, see if msconfig.exe is listed

When you boot do you see a message that says:
[[You have used the System Configuration Utility to change the way Windows
starts.
The System Configuration Utility is currently in Diagnostic or Selective
Startup mode, causing this message to be displayed and the utility to run
every time Windows starts.]]


If you're set for Diagnostic Startup....
[[NOTE: This method temporarily disables Microsoft services (for example,
Networking, Plug and Play, Event Logging, and Error Reporting) and
permanently deletes all restore points for the System Restore utility. Do
not do this if you want to retain your restore points for System Restore or
need to use a Microsoft service to test a problem.]]
 
Back
Top