Where oh where is my msconfig.exe?
Do I still have it and it's been hidden by an installed app or is something else going on?
Thursday, March 20, 2008 by BigDogBigFeet | Discussion: Personal Computing
Hi all,
Well as a result of Po's thread Virtual Memory Question I've discovered that when I click on start, run and type in msconfig and press enter ...... nothing happens. I fired up explorer and searched my windows sub, no go and did a system Search twice and again no go. Did some web searching and discovered one of 2 possibilities an installed app has it hidden from my through a system key setting or in the worst case malware. At present I'm not suspecting malware. System has no other problems currently and it's possible any of these progs could have it hidden: Ad-Aware 2007 Free, SpyBot Search and Destroy (I'm new to both of these) I also have Tune-Up Utilities 2006 and please don't gasp, Norton System Works(well mostly, lol).
Anywho, I thought I'd post to see if anyone has some insight as to what's caused this and what Reg Key(s) might be involved. I'm thinking that's probably what's happened.
 |
|
Page 1 of 8 | |
|
|---|
BigDogBigFeet
Reply #4 Thursday, March 20, 2008 6:37 AM
He seems to be totally mad for Skinhit right now. Besides I don't have hairy man boobs and my legs and arse aren't right for his tastes.
Ok, let's see. I've found C:\WINDOWS\pchealth\helpctr\binaries and it has msconfig.exe so that does confirm the program is still on my machine. Using windows search should have found it but it didn't which seems to indicate something is blocking it. It also does not run when double clicking it.
I don't have original install disks because it's an HP machine and they give you an oh so special partition that windows treats as a separate drive. So... not sure what to make of this:
Thanks for the help by the way. I'll check this thread again when I get home from work tonight.
Reply #4 Thursday, March 20, 2008 6:37 AM
You and Po should get married......
He seems to be totally mad for Skinhit right now. Besides I don't have hairy man boobs and my legs and arse aren't right for his tastes.
Ok, let's see. I've found C:\WINDOWS\pchealth\helpctr\binaries and it has msconfig.exe so that does confirm the program is still on my machine. Using windows search should have found it but it didn't which seems to indicate something is blocking it. It also does not run when double clicking it.
I don't have original install disks because it's an HP machine and they give you an oh so special partition that windows treats as a separate drive. So... not sure what to make of this:
Put your XP disk in the drive, Start/ Run; type (c/p): sfc /scannow
Thanks for the help by the way. I'll check this thread again when I get home from work tonight.
yrag
Reply #5 Thursday, March 20, 2008 11:31 AM
Reply #5 Thursday, March 20, 2008 11:31 AM
Boot into Safe mode and hit C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe or run it from the run cmd line using the entire path. If it comes up, then some security app is blocking you from making system changes or you have an ugly running loose in your system.
BigDogBigFeet
Reply #6 Thursday, March 20, 2008 7:06 PM
Reply #6 Thursday, March 20, 2008 7:06 PM
Ya, I was afeerd u'd say that. But you're right. Time to face it. I sent an email to Symantec since I'm running Norton SystemWorks with Norton Internet Security 2008. I don't do weekly full scanning, only monthly. Sigh.
Anyway last night my stop just prior this post was their free live chat. First "agent" that entered said she needed to escalate. That person arrived and the first one left. I continued to wait. My security issue stated "I cannot run msconfig.exe, does Norton SystemWorks block this from running?" I never got an answer. The second person simply left the room and I was cutoff completely. Registered user, 3 year account with them.
So, I sent an email and their automated response said we need 96 hours to respond. They cannot even tell me an answer to that question? It's not in their knowledgebase either.
Now my mechanical mouse is leaving mouse droppings on my mouse pad and my screen is upside down and reads right to left. Just kidding. I'll work on it yrag. I've never used Hijack this but for now my next step is a full system scan in safe mode. If it is a virus I think I know how it may have happened. Live and learn.
Anyway last night my stop just prior this post was their free live chat. First "agent" that entered said she needed to escalate. That person arrived and the first one left. I continued to wait. My security issue stated "I cannot run msconfig.exe, does Norton SystemWorks block this from running?" I never got an answer. The second person simply left the room and I was cutoff completely. Registered user, 3 year account with them.
So, I sent an email and their automated response said we need 96 hours to respond. They cannot even tell me an answer to that question? It's not in their knowledgebase either.
Now my mechanical mouse is leaving mouse droppings on my mouse pad and my screen is upside down and reads right to left. Just kidding. I'll work on it yrag. I've never used Hijack this but for now my next step is a full system scan in safe mode. If it is a virus I think I know how it may have happened. Live and learn.
vStyler
Reply #7 Thursday, March 20, 2008 7:24 PM
Reply #7 Thursday, March 20, 2008 7:24 PM
Many trojans and exploits disable the use of msconfig from the run dialog. Sometimes your task manager too.
You can use a program like Ccleaner to access start-up items in much the same way tho. Try turning off \ removing ANYthing unfamilar or that you dont use at Startup. Then reboot. You may also want to check your services via Admin Tools > Services.
FYI.. some trojans can also turn ur screen upside down.. remotely.
Lastly, I wouldn't trust Norton with my Money or Mother.
You can use a program like Ccleaner to access start-up items in much the same way tho. Try turning off \ removing ANYthing unfamilar or that you dont use at Startup. Then reboot. You may also want to check your services via Admin Tools > Services.
FYI.. some trojans can also turn ur screen upside down.. remotely.
Lastly, I wouldn't trust Norton with my Money or Mother.
PoSmedley
Reply #8 Thursday, March 20, 2008 7:55 PM
Just do a system recovery. Reformat. Reinstall. Get it over with. Do it. Do it.
Do it!
Ahhh...jealousy rears it's ugly head.
You shave? oooooOOOoooooooH! How metrosexual!
Reply #8 Thursday, March 20, 2008 7:55 PM
Well as a result of Po's thread Virtual Memory Question
Just do a system recovery. Reformat. Reinstall. Get it over with. Do it. Do it.
Do it!
You and Po should get married..
Ahhh...jealousy rears it's ugly head.
Besides I don't have hairy man boobs and my legs and arse aren't right for his tastes.
You shave? oooooOOOoooooooH! How metrosexual!
BigDogBigFeet
Reply #9 Thursday, March 20, 2008 9:21 PM
Reply #9 Thursday, March 20, 2008 9:21 PM
Hi guys! Well can boot into safe mode no problems. Msconfig runs from the run command when in this mode. While in Safe Mode I've done 2 hours of scanning using Microsoft's Malicious Software Removal Tool (It responded "please remove your hands from the keyboard", I typed "Oh shit" removed my hands, and it responded "there I feel safer now"). It then allowed me to do a quick scan with it and nothing found.
I then fired up Ad-Aware 2007 free version and did a quick scan with it and it found 9 items, 8 of which were tracking cookies. Something to do with a browser hack of some sort all removed.
I ran Spybot Search & Destroy and it too came up empty.
I finally brought out the likely culprit, it's hard to distinguish it from a virus NIS 2010. A super alpha release. I started the scan and after about 1 hour it responded "I got stuck in an infinite loop while searching for myself, which way to Shangri-La?" Quick scan nothing found. Oh weel.
Deep scan tonight. Muhaw ha ha ha!
And no, msconfig still cannot be run from the run command or double clicked for that matter.
I then fired up Ad-Aware 2007 free version and did a quick scan with it and it found 9 items, 8 of which were tracking cookies. Something to do with a browser hack of some sort all removed.
I ran Spybot Search & Destroy and it too came up empty.
I finally brought out the likely culprit, it's hard to distinguish it from a virus NIS 2010. A super alpha release. I started the scan and after about 1 hour it responded "I got stuck in an infinite loop while searching for myself, which way to Shangri-La?" Quick scan nothing found. Oh weel.
Deep scan tonight. Muhaw ha ha ha!
And no, msconfig still cannot be run from the run command or double clicked for that matter.
BigDogBigFeet
Reply #10 Thursday, March 20, 2008 10:41 PM
Reply #10 Thursday, March 20, 2008 10:41 PM
So here's Symantec's response:
These guys are amazing they're telling me to get software virus removal assistance from Microsoft. Can you believe this? What the hell do I need their software for?
Thank you for contacting Symantec Technical Support.
I understand from your message that you are unable to run msconfig and wish to know whether Norton program blocks it.
This issue is not due to the Norton programs, this can happen when some threat resides on your computer or the important Windows Files are corrupted.
For assistance with this issue, please contact Microsoft. For information on contacting Microsoft Technical Support please click on the link provided below:
I understand from your message that you are unable to run msconfig and wish to know whether Norton program blocks it.
This issue is not due to the Norton programs, this can happen when some threat resides on your computer or the important Windows Files are corrupted.
For assistance with this issue, please contact Microsoft. For information on contacting Microsoft Technical Support please click on the link provided below:
These guys are amazing they're telling me to get software virus removal assistance from Microsoft. Can you believe this? What the hell do I need their software for?
yrag
Reply #11 Thursday, March 20, 2008 10:52 PM
Reply #11 Thursday, March 20, 2008 10:52 PM
If something was there, you would have found it by now and it works in safe mode via path.
Open Registry:
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE
The data string in the right pane should read:
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
If it doesn't, put it there. Re-boot
Open Registry:
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE
The data string in the right pane should read:
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
If it doesn't, put it there. Re-boot
BigDogBigFeet
Reply #12 Thursday, March 20, 2008 11:11 PM
Reply #12 Thursday, March 20, 2008 11:11 PM
More info:
This checks out just fine. When I attempt to run msconfig.exe (that is, when not in safe mode) I have discovered while checking task manager that it is in fact there as an active running process, it just isn't showing up on screen. Something that's loading in memory during regular boot-up is interfering with it most likely. Yikes. Now what?
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE
The data string in the right pane should read:
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
The data string in the right pane should read:
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
This checks out just fine. When I attempt to run msconfig.exe (that is, when not in safe mode) I have discovered while checking task manager that it is in fact there as an active running process, it just isn't showing up on screen. Something that's loading in memory during regular boot-up is interfering with it most likely. Yikes. Now what?
BigDogBigFeet
Reply #14 Thursday, March 20, 2008 11:43 PM
Reply #14 Thursday, March 20, 2008 11:43 PM
Installed trial and ran the quick scan. Nothing found sitting in memory. I'm running the full system scan currently and I'll run the full system scan with NIS tonight. If nothing pops here with 2 full system scans then I'm thinking a legitimate program conflict/problem of some sort. By the way thanks again yrag, I'm at least beggining to believe there's nothing malicious on my system. Still will run full system scans.
yrag
Reply #15 Friday, March 21, 2008 12:40 AM
Reply #15 Friday, March 21, 2008 12:40 AM
Give this a try:
WWW Link
Install and browse to:
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries
Open msconfig.exe from there. Select the Profile tab in Dependency Walker and add msconfig.exe to the "arguments" field and open it.
It should show you any errors in loading....the operative word being "should"...
After that, jump in bed with Po'.....you're made for each other.
WWW Link
Install and browse to:
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries
Open msconfig.exe from there. Select the Profile tab in Dependency Walker and add msconfig.exe to the "arguments" field and open it.
It should show you any errors in loading....the operative word being "should"...
After that, jump in bed with Po'.....you're made for each other.
BigDogBigFeet
Reply #16 Friday, March 21, 2008 1:02 AM
Reply #16 Friday, March 21, 2008 1:02 AM
It's looking for DWMAPI.DLL gives 2 warnings:
Warning: At least one delay-load dependency module was not found.
Warning: At least one module has an unresolved import due to a missing export function in a delay-load dependent module.
Seems to be flagging these as well red symbol SHLWAPI.DLL and MPR.DLL.
Could it be something is not right in services.msc?
He does strange things with memory sticks, chocolates and latex gloves. I know I saw it on his live web cam site "Mo' Po' ya no"
Warning: At least one delay-load dependency module was not found.
Warning: At least one module has an unresolved import due to a missing export function in a delay-load dependent module.
Seems to be flagging these as well red symbol SHLWAPI.DLL and MPR.DLL.
Could it be something is not right in services.msc?
After that, jump in bed with Po'.....you're made for each other.
He does strange things with memory sticks, chocolates and latex gloves. I know I saw it on his live web cam site "Mo' Po' ya no"
yrag
Reply #17 Friday, March 21, 2008 1:24 AM
Reply #17 Friday, March 21, 2008 1:24 AM
C:\WINDOWS\system32\SHLWAPI.DLL and MPR.DLL see what versions they are.
BigDogBigFeet
Reply #18 Friday, March 21, 2008 1:31 AM
Reply #18 Friday, March 21, 2008 1:31 AM
MPR.DLL 5.1.2600.2180 SHLWAPI.DLL 6.0.2900.3231
yrag
Reply #19 Friday, March 21, 2008 1:40 AM
Right
Wrong
When did msconfig stop showing (if you know) and are you running Vista?
Reply #19 Friday, March 21, 2008 1:40 AM
MPR.DLL 5.1.2600.2180
Right
SHLWAPI.DLL 6.0.2900.3231
Wrong
When did msconfig stop showing (if you know) and are you running Vista?
BigDogBigFeet
Reply #20 Friday, March 21, 2008 7:39 AM
Reply #20 Friday, March 21, 2008 7:39 AM
It says this: modified Thursday, October 11, 2007, 1:13:45 AM for SHLWAPI.DLL 6.0.2900.3231
It says this: modified Tuesday, August 10, 2004, 2:00:00 PM for MPR.DLL 5.1.2600.2180
I think you found the problem yrag! I'm supposed to be running XP SP2 latest updates.
One more piece to this strange puzzle, I did a full system restore around 12/2007 01/2008. So, why the modified date of 10/11/2007 on a system dll? Oh well, could still have a nasty then. It got corrupt somehow. So, is it fixable, that is start by replacing it with the correct version? Sure does explain Symantec's response better.
It says this: modified Tuesday, August 10, 2004, 2:00:00 PM for MPR.DLL 5.1.2600.2180
I think you found the problem yrag! I'm supposed to be running XP SP2 latest updates.
One more piece to this strange puzzle, I did a full system restore around 12/2007 01/2008. So, why the modified date of 10/11/2007 on a system dll? Oh well, could still have a nasty then. It got corrupt somehow. So, is it fixable, that is start by replacing it with the correct version? Sure does explain Symantec's response better.
Please login to comment and/or vote for this skin.
Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:
- Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
- Access to a great community, with a massive database of many, many areas of interest.
- Access to contests & subscription offers like exclusive emails.
- It's simple, and FREE!
|
|
Page 1 of 8 | |
|
|---|
Reply #1 Thursday, March 20, 2008 1:08 AM
Put your XP disk in the drive, Start/ Run; type (c/p): sfc /scannow
If by chance you have a backup image