# Very Frustrated!! Cannot Run Msconfig



## matestit (Nov 18, 2004)

I have the same problem of Foxmag86 (Msconfig do not start on WinXP Pro SP2). It's very curious that I have too AVG Antivurus Free ver.7.0 just installed (but I can't remember how far I used Msconfig the last time).

So, I have alredy used AD_AWARE and I didn't find any problem.
The same after full scan of AVG Antivirus.
Following is there my Log file, could you help me:

Logfile of HijackThis v1.98.2
Scan saved at 16.25.59, on 18/11/04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft Office\Office\1040\msoffice.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxxxx.com
O17 - HKLM\Software\..\Telephony: DomainName = xxxxxx.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BFA6757-1A78-49B3-A4B4-A55FEB0F49D5}: NameServer = 192.168.2.28,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxxxxx.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxxxxx.com


----------



## dvk01 (Dec 14, 2002)

There's nothing obvious showing in the log, but it does look a very short log for XP SP2

Run an online antivirus check from at least one and preferably 2 of the following sites 
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://www3.ca.com/virusinfo/
http://www.bitdefender.com/scan/licence.php
http://www.commandondemand.com/eval/index.cfm
http://www.freedom.net/viruscenter/onlineviruscheck.html
http://info.ahnlab.com/english/
http://www.pcpitstop.com/pcpitstop/AntiVirusCntr.asp

reboot again

then post a new hijackthis log to check what is left


----------



## matestit (Nov 18, 2004)

ok, I scanned agian all my pc with
http://housecall.trendmicro.com/
and with
http://www.pandasoftware.com/activescan/

Ps. Regedit works properly also before the a.m. antivirus check.

I reboot every time before scan and I reboot again before get the following new log:

Logfile of HijackThis v1.98.2
Scan saved at 13.51.07, on 19/11/04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft Office\Office\1040\msoffice.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxxx.com
O17 - HKLM\Software\..\Telephony: DomainName = xxxxx.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BFA6757-1A78-49B3-A4B4-A55FEB0F49D5}: NameServer = 192.168.2.26,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxxxx.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxxxx.com


----------



## Kai (Aug 12, 2004)

I Would Recommend Downloading Giant Antispyware, Trial Version.
It Detects more then Ad-Aware and Spybot.

http://www.giantcompany.com/(l3wzjk45ycy42vrm3jgmaq55)/p_antispyware.aspx


----------



## matestit (Nov 18, 2004)

I downloaded and run Giant Antispyware.
No problem found.

The Log Report of HijackThis is the same as last posted.

I got crazy with this matter!
Anyelse idea?


----------



## dvk01 (Dec 14, 2002)

how are you trying to start msconfig

and what happens when you try to run it


----------



## matestit (Nov 18, 2004)

Both way, same result:

1. Start -> Run -> i type MSCONFIG and I press Return on keyboard
OR
2. double click on msconfig.exe in C:\WINDOWS\ServicePackFiles\i386

I can see for 1 second the hourglass beside the mouse pointer
and nothing else.

Very strange!


----------



## matestit (Nov 18, 2004)

Any other suggestion ?

Thx


----------



## Rollin' Rog (Dec 9, 2000)

If the msconfig you are finding in I386 is *msconfig.ex_* -- this is a cab file that must be expanded to run

The msconfig you are looking for *should* be in

C:\WINDOWS\PCHEALTH\HELPCTR\Binaries and should have a file size of 142 kb

If these files are the full, microsoft files, copy one of them to My Documents and rename it msconfig.com and try to run it directly.

If the proper files are not present or are not the full version, I will give you instructions for expanding the cab file to the proper directory.


----------



## matestit (Nov 18, 2004)

I have:
1. MSCONFIG.EX_ in C:\I386 (56 KB)
2. msconfig.exe in C:\WINDOWS\ServicePackFiles\i386 (155 KB)
3. msconfig.exe in C:\WINDOWS\PCHEALTH\HELPCTR\Binaries (155 KB)

With double click on msconfig.exe at a.m. points 1 and 2 nothing happens.

I tryed to copy the third msconfig in My_Documents end I renamed it to
msconfig.com, then double click on and the same nothing happens.

I'm got crazy!!!!


----------



## Rollin' Rog (Dec 9, 2000)

Your 155 kb size files are the correct expanded files for SP2; I should have checked my SP2 system to verify.

It's very strange behavior and does not fit with anything I've seen previously.

Would you try starting up in Safe Mode and see if the same problem persists?

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039

If you go to Administrative Tools > Events log and look under Application and System, do you see any errors corresponding to the failed attemps to run msconfig?


----------



## matestit (Nov 18, 2004)

First, Rollin' Rog ... thank you for your assistance.

Ok, I started the pc as Administrator in Safe Mode. Msconfig still not run :-(

I went to: Event Viewer -> System, and I have found the following "Error" (but nothing for Msconfig ... i think):

DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
---
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
---
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: 
A device attached to the system is not functioning. 
---
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
A device attached to the system is not functioning. 
---
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: 
A device attached to the system is not functioning. 
---
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
A device attached to the system is not functioning. 
---
The following boot-start or system-start driver(s) failed to load: 
AFD
Avg7Core
Avg7RsW
Avg7RsXP
Fips
IPSec
MRxSmb
NetBIOS
NetBT
P3
prodrv04
RasAcd
Rdbss
Tcpip
WS2IFSL


I found the a.m. Errors just after Safe_Mode pc startup.
So I tried to run Msconfig and nothigh happens.

So I check again at: Event Viewer -> System, but I found the same Errors showed up.


----------



## dvk01 (Dec 14, 2002)

Those error messages are normal in safe mode

It sounds typical of a SDbot or agobot worm but they normally show some signs in HJT log

can you please try this for me

download the new beta version of HJT and run it and post a log ( It's not for normal use yet but it is suitable to use to test this problem)

I suspect it will crash so don't panic if it does. That will tell me if something is blocking some of the drivers possibly a rootkit of some description. Once we check that part we might have a better idea of what is wrong

http://www.merijn.org/files/beta/hijackthis199_beta.zip


----------



## Rollin' Rog (Dec 9, 2000)

*edit* jogging my memory for a previous instance of something similar, I can't recall if an administrative restriction notice was associated with these, but check the registry keys specified in this trojan/worm article (run *regedit*) for entries such as "disallowrun" and "restrictrun" and remove any you find by just right clicking and deleting:

http://www.sophos.com/virusinfo/analyses/w32sdbotbr.html

=========================================

In spite of the fact that Msconfig does not show itself, does it appear in the TaskManager process list when you open the Task Manager after running it?

I don't know how much time you want to devote to this, but if you are a little on the "geeky" side, you might want to try using "Dependency Walker" to see what fails when you try to run it.

http://www.dependencywalker.com/

To use it, once installed. navigate to"

C:\WINDOWS\PCHEALTH\HELPCTR\Binaries

and open msconfig.exe from there. Then select the Profile tab in Dependency Walker and add msconfig.exe to the "arguments" field and open it.

Make a note of any errors or other red flagged entries. Some will be normal but we may get a clue as to what is happening from that.

Another free utility is:

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Files visible in Process Explorer can be opened in Dependency Walker by right clicking on them and selecting "launch depends"


----------



## matestit (Nov 18, 2004)

@ dvk01:
I run the new beta version of HJT (without crash) and here is the log :

Logfile of HijackThis v1.99.0
Scan saved at 12.35.49, on 01/12/04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft Office\Office\1040\msoffice.exe
C:\Program Files\hijackthis199_beta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxxxx.com
O17 - HKLM\Software\..\Telephony: DomainName = xxxxxx.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BFA6757-1A78-49B3-A4B4-A55FEB0F49D5}: NameServer = 192.168.1.28,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxxxxx.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xxxxxx.com
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe


----------



## matestit (Nov 18, 2004)

@ Rollin' Rog:
I went to Sophos website and I read the instructions. I checked in Regedit and I didn't find anything strange, so I think W32/Sdbot-Br worm is "away" from my pc 

Then I opened Task Manager, and I launched Msconfig. I saw the proccess Msconfig.exe appears in the Process list but for less then 1 second, and suddenly it disappears!

Last, I have installed Dependency Walker. Have a look at the following LOG, I thing there is an important information about one missing DLL file (MFC42LOC.DLL).
Pls. let me know if I have to run also the other sw (procexp).

 
Warning: At least one module has an unresolved import due to a missing export function in a delay-load dependent module.

 
--------------------------------------------------------------------------------
Starting profile on 01/12/04 at 12.56.20

Operating System: Microsoft Windows XP Professional (32-bit), version 5.01.2600 Service Pack 2
Program Executable: c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE
Program Arguments: msconfig.exe
Starting Directory: C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\
Search Path: C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

Options Selected:
Simulate ShellExecute by inserting any App Paths directories into the PATH environment variable.
Log DllMain calls for process attach and process detach messages.
Hook the process to gather more detailed dependency information.
Log LoadLibrary function calls.
Log GetProcAddress function calls.
Log debug output messages.
Automatically open and profile child processes.
--------------------------------------------------------------------------------

Started "MSCONFIG.EXE" (process 0x7B4) at address 0x01000000. Successfully hooked module.
Loaded "NTDLL.DLL" at address 0x7C900000. Successfully hooked module.
Loaded "KERNEL32.DLL" at address 0x7C800000. Successfully hooked module.
DllMain(0x7C900000, DLL_PROCESS_ATTACH, 0x00000000) in "NTDLL.DLL" called.
DllMain(0x7C900000, DLL_PROCESS_ATTACH, 0x00000000) in "NTDLL.DLL" returned 1 (0x1).
DllMain(0x7C800000, DLL_PROCESS_ATTACH, 0x00000000) in "KERNEL32.DLL" called.
DllMain(0x7C800000, DLL_PROCESS_ATTACH, 0x00000000) in "KERNEL32.DLL" returned 1 (0x1).
Injected "DEPENDS.DLL" at address 0x08370000.
DllMain(0x08370000, DLL_PROCESS_ATTACH, 0x00000000) in "DEPENDS.DLL" called.
DllMain(0x08370000, DLL_PROCESS_ATTACH, 0x00000000) in "DEPENDS.DLL" returned 1 (0x1).
Loaded "MFC42U.DLL" at address 0x72830000. Successfully hooked module.
Loaded "MSVCRT.DLL" at address 0x77C10000. Successfully hooked module.
Loaded "GDI32.DLL" at address 0x77F10000. Successfully hooked module.
Loaded "USER32.DLL" at address 0x77D40000. Successfully hooked module.
Loaded "ADVAPI32.DLL" at address 0x77DD0000. Successfully hooked module.
Loaded "RPCRT4.DLL" at address 0x77E70000. Successfully hooked module.
Loaded "OLEAUT32.DLL" at address 0x77120000. Successfully hooked module.
Loaded "OLE32.DLL" at address 0x774E0000. Successfully hooked module.
Loaded "VERSION.DLL" at address 0x77C00000. Successfully hooked module.
Loaded "SHELL32.DLL" at address 0x7C9C0000. Successfully hooked module.
Loaded "SHLWAPI.DLL" at address 0x77F60000. Successfully hooked module.
Loaded "SHIMENG.DLL" at address 0x5CB70000. Successfully hooked module.
Loaded "ACGENRAL.DLL" at address 0x6F880000. Successfully hooked module.
Loaded "WINMM.DLL" at address 0x76B40000. Successfully hooked module.
Loaded "MSACM32.DLL" at address 0x77BE0000. Successfully hooked module.
Loaded "USERENV.DLL" at address 0x769C0000. Successfully hooked module.
Loaded "UXTHEME.DLL" at address 0x5AD70000. Successfully hooked module.
DllMain(0x6F880000, DLL_PROCESS_ATTACH, 0x00000000) in "ACGENRAL.DLL" called.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "InitializeCriticalSectionAndSpinCount") called from "ACGENRAL.DLL" at address 0x6F8ACDA5 and returned 0x7C80B6B1.
DllMain(0x6F880000, DLL_PROCESS_ATTACH, 0x00000000) in "ACGENRAL.DLL" returned 1 (0x1).
DllMain(0x08370000, DLL_PROCESS_ATTACH, 0x0007FD30) in "DEPENDS.DLL" called.
DllMain(0x08370000, DLL_PROCESS_ATTACH, 0x0007FD30) in "DEPENDS.DLL" returned 1 (0x1).
DllMain(0x77C10000, DLL_PROCESS_ATTACH, 0x0007FD30) in "MSVCRT.DLL" called.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "InitializeCriticalSectionAndSpinCount") called from "MSVCRT.DLL" at address 0x77C379C2 and returned 0x7C80B6B1.
DllMain(0x77C10000, DLL_PROCESS_ATTACH, 0x0007FD30) in "MSVCRT.DLL" returned 1 (0x1).
DllMain(0x77D40000, DLL_PROCESS_ATTACH, 0x0007FD30) in "USER32.DLL" called.
DllMain(0x77D40000, DLL_PROCESS_ATTACH, 0x0007FD30) in "USER32.DLL" returned 1 (0x1).
DllMain(0x77F10000, DLL_PROCESS_ATTACH, 0x0007FD30) in "GDI32.DLL" called.
DllMain(0x77F10000, DLL_PROCESS_ATTACH, 0x0007FD30) in "GDI32.DLL" returned 1 (0x1).
DllMain(0x72830000, DLL_PROCESS_ATTACH, 0x0007FD30) in "MFC42U.DLL" called.
LoadLibraryA("MSVCRT.DLL") called from "MFC42U.DLL" at address 0x728C76DC.
LoadLibraryA("MSVCRT.DLL") returned 0x77C10000.
LoadLibraryA("C:\WINDOWS\system32\MFC42LOC.DLL") called from "MFC42U.DLL" at address 0x728C7A79.

 
LoadLibraryA("C:\WINDOWS\system32\MFC42LOC.DLL") returned NULL. Error: The specified module could not be found (126).

 
DllMain(0x72830000, DLL_PROCESS_ATTACH, 0x0007FD30) in "MFC42U.DLL" returned 1 (0x1).
DllMain(0x77E70000, DLL_PROCESS_ATTACH, 0x0007FD30) in "RPCRT4.DLL" called.
DllMain(0x77E70000, DLL_PROCESS_ATTACH, 0x0007FD30) in "RPCRT4.DLL" returned 1 (0x1).
DllMain(0x77DD0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "ADVAPI32.DLL" called.
DllMain(0x77DD0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "ADVAPI32.DLL" returned 1 (0x1).
DllMain(0x774E0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "OLE32.DLL" called.
DllMain(0x774E0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "OLE32.DLL" returned 1 (0x1).
DllMain(0x77120000, DLL_PROCESS_ATTACH, 0x0007FD30) in "OLEAUT32.DLL" called.
DllMain(0x77120000, DLL_PROCESS_ATTACH, 0x0007FD30) in "OLEAUT32.DLL" returned 1 (0x1).
DllMain(0x77C00000, DLL_PROCESS_ATTACH, 0x0007FD30) in "VERSION.DLL" called.
DllMain(0x77C00000, DLL_PROCESS_ATTACH, 0x0007FD30) in "VERSION.DLL" returned 1 (0x1).
DllMain(0x77F60000, DLL_PROCESS_ATTACH, 0x0007FD30) in "SHLWAPI.DLL" called.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "CreateTimerQueue") called from "SHLWAPI.DLL" at address 0x77F65BC9 and returned 0x7C834076.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "DeleteTimerQueue") called from "SHLWAPI.DLL" at address 0x77F65BD8 and returned 0x7C862AEB.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "CreateTimerQueueTimer") called from "SHLWAPI.DLL" at address 0x77F65BE7 and returned 0x7C825911.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "ChangeTimerQueueTimer") called from "SHLWAPI.DLL" at address 0x77F65BF7 and returned 0x7C81F3AA.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "DeleteTimerQueueTimer") called from "SHLWAPI.DLL" at address 0x77F65C05 and returned 0x7C8258C4.
DllMain(0x77F60000, DLL_PROCESS_ATTACH, 0x0007FD30) in "SHLWAPI.DLL" returned 1 (0x1).
DllMain(0x7C9C0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "SHELL32.DLL" called.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "CreateActCtxW") called from "SHELL32.DLL" at address 0x7CA3B2A6 and returned 0x7C8151D4.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "ActivateActCtx") called from "SHELL32.DLL" at address 0x7C9DFBB3 and returned 0x7C80A634.
LoadLibraryW("comctl32.dll") called from "SHELL32.DLL" at address 0x7CA3AF6F.
Loaded "COMCTL32.DLL" at address 0x773D0000. Successfully hooked module.
DllMain(0x773D0000, DLL_PROCESS_ATTACH, 0x00000000) in "COMCTL32.DLL" called.
DllMain(0x773D0000, DLL_PROCESS_ATTACH, 0x00000000) in "COMCTL32.DLL" returned 1 (0x1).
LoadLibraryW("comctl32.dll") returned 0x773D0000.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "DeactivateActCtx") called from "SHELL32.DLL" at address 0x7C9DFC1E and returned 0x7C80A665.
LoadLibraryW("comctl32.dll") called from "SHELL32.DLL" at address 0x7CA3B09E.
LoadLibraryW("comctl32.dll") returned 0x773D0000.
GetProcAddress(0x773D0000 [COMCTL32.DLL], "InitCommonControlsEx") called from "SHELL32.DLL" at address 0x7CA3B0AE and returned 0x773D407E.
DllMain(0x7C9C0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "SHELL32.DLL" returned 1 (0x1).
DllMain(0x76B40000, DLL_PROCESS_ATTACH, 0x0007FD30) in "WINMM.DLL" called.
DllMain(0x76B40000, DLL_PROCESS_ATTACH, 0x0007FD30) in "WINMM.DLL" returned 1 (0x1).
DllMain(0x77BE0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "MSACM32.DLL" called.
DllMain(0x77BE0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "MSACM32.DLL" returned 1 (0x1).
DllMain(0x769C0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "USERENV.DLL" called.
DllMain(0x769C0000, DLL_PROCESS_ATTACH, 0x0007FD30) in "USERENV.DLL" returned 1 (0x1).
DllMain(0x5AD70000, DLL_PROCESS_ATTACH, 0x0007FD30) in "UXTHEME.DLL" called.
DllMain(0x5AD70000, DLL_PROCESS_ATTACH, 0x0007FD30) in "UXTHEME.DLL" returned 1 (0x1).
LoadLibraryW("rpcrt4.dll") called from "RPCRT4.DLL" at address 0x77E9FAF5.
LoadLibraryW("rpcrt4.dll") returned 0x77E70000.
LoadLibraryA("COMCTL32.DLL") called from "MFC42U.DLL" at address 0x7283F0CB.
LoadLibraryA("COMCTL32.DLL") returned 0x773D0000.
GetProcAddress(0x773D0000 [COMCTL32.DLL], "InitCommonControlsEx") called from "MFC42U.DLL" at address 0x7283F0E0 and returned 0x773D407E.
LoadLibraryA("COMCTL32.dll") called from "MFC42U.DLL" at address 0x728C6EEB.
LoadLibraryA("COMCTL32.dll") returned 0x773D0000.
GetProcAddress(0x773D0000 [COMCTL32.DLL], "InitCommonControlsEx") called from "MFC42U.DLL" at address 0x728C6FC2 and returned 0x773D407E.
LoadLibraryA("COMCTL32.DLL") called from "MFC42U.DLL" at address 0x7283F0CB.
LoadLibraryA("COMCTL32.DLL") returned 0x773D0000.
GetProcAddress(0x773D0000 [COMCTL32.DLL], "InitCommonControlsEx") called from "MFC42U.DLL" at address 0x7283F0E0 and returned 0x773D407E.
LoadLibraryA("COMCTL32.DLL") called from "MFC42U.DLL" at address 0x7283F0CB.
LoadLibraryA("COMCTL32.DLL") returned 0x773D0000.
GetProcAddress(0x773D0000 [COMCTL32.DLL], "InitCommonControlsEx") called from "MFC42U.DLL" at address 0x7283F0E0 and returned 0x773D407E.
LoadLibraryA("COMCTL32.DLL") called from "MFC42U.DLL" at address 0x7283F0CB.
LoadLibraryA("COMCTL32.DLL") returned 0x773D0000.
GetProcAddress(0x773D0000 [COMCTL32.DLL], "InitCommonControlsEx") called from "MFC42U.DLL" at address 0x7283F0E0 and returned 0x773D407E.
LoadLibraryA("COMCTL32.DLL") called from "MFC42U.DLL" at address 0x7283F0CB.
LoadLibraryA("COMCTL32.DLL") returned 0x773D0000.
GetProcAddress(0x773D0000 [COMCTL32.DLL], "InitCommonControlsEx") called from "MFC42U.DLL" at address 0x7283F0E0 and returned 0x773D407E.
GetProcAddress(0x7C800000 [KERNEL32.DLL], "GetUserDefaultUILanguage") called from "MFC42U.DLL" at address 0x728CB1CE and returned 0x7C812DE0.
GetProcAddress(0x773D0000 [COMCTL32.DLL], "PropertySheetW") called from "MFC42U.DLL" at address 0x728C6FC2 and returned 0x773DCFC2.
LoadLibraryA("COMCTL32.dll") called from "SHLWAPI.DLL" at address 0x77F6D10E.
LoadLibraryA("COMCTL32.dll") returned 0x773D0000.
GetProcAddress(0x773D0000 [COMCTL32.DLL], 0x00000148) called from "SHLWAPI.DLL" at address 0x77F6D0A6 and returned 0x773E14DD.
GetProcAddress(0x77D40000 [USER32.DLL], "GetSystemMetrics") called from "MFC42U.DLL" at address 0x72846BCC and returned 0x77D48F75.
GetProcAddress(0x77D40000 [USER32.DLL], "MonitorFromWindow") called from "MFC42U.DLL" at address 0x72846BDD and returned 0x77D4D989.
GetProcAddress(0x77D40000 [USER32.DLL], "MonitorFromRect") called from "MFC42U.DLL" at address 0x72846BEE and returned 0x77D4E1FB.
GetProcAddress(0x77D40000 [USER32.DLL], "MonitorFromPoint") called from "MFC42U.DLL" at address 0x72846BFF and returned 0x77D4E4E9.
GetProcAddress(0x77D40000 [USER32.DLL], "EnumDisplayMonitors") called from "MFC42U.DLL" at address 0x72846C10 and returned 0x77D4DA8B.
GetProcAddress(0x77D40000 [USER32.DLL], "EnumDisplayDevicesW") called from "MFC42U.DLL" at address 0x72846C21 and returned 0x77D653D9.
GetProcAddress(0x77D40000 [USER32.DLL], "GetMonitorInfoW") called from "MFC42U.DLL" at address 0x72846C41 and returned 0x77D4D9E9.
GetProcAddress(0x773D0000 [COMCTL32.DLL], "ImageList_LoadImageW") called from "MFC42U.DLL" at address 0x728C6FC2 and returned 0x773E9303.

 
Second chance exception 0xC00000FD (Stack Overflow) occurred in "USER32.DLL" at address 0x77D484D7.

 
Exited "MSCONFIG.EXE" (process 0x7B4) with code -1073741571 (0xC00000FD).
Entrypoint reached. All implicit modules have been loaded.


----------



## Rollin' Rog (Dec 9, 2000)

I get the same error in mfc42loc.dll as well, so that's not it. That is evidently some resource dll for Japenese language systems.

The problem seems to be here:

Second chance exception 0xC00000FD (Stack Overflow) occurred in "USER32.DLL" at address 0x77D484D7.
Exited "MSCONFIG.EXE" (process 0x7B4) with code -1073741571 (0xC00000FD).

Verify the user32.dll version and size that you have. In my XP SP2 system, the file in c:\Windows\system32 and in c:\Windows\servicepackfiles\I386

is version 5.1.2600.2180 and is 563/564 kb in size\

http://support.microsoft.com/dllhelp/default.aspx?fid=16879

You don't need to do anything with Process Explorer, but it integrates nicely with Dependency Walker and may come in handy.


----------



## matestit (Nov 18, 2004)

USER32.DLL -> Version is the same of you

On XP windows -> Search Results, I see the 2 same files
but Size is 564 KB (same for both; not 563 and 564 as you)

right click on file -> Properties, and I find the same values for both:
Size: 577.024 bytes (563 KB)

But here: http://support.microsoft.com/dllhel....aspx?fid=16879
I find 577024 (ok) and 574464 (???)


----------



## Rollin' Rog (Dec 9, 2000)

The MS site is giving it in bytes, not kb; no difference there. And the other difference has to do with the "size on disk" or something like that.

I don't know what to tell you at this stage. Stack overflows are either because something is conflicting with protected memory or there is file corruption -- as far as I know.

You could see if you can copy the file from the Service Pack folder to system32 and overwrite it -- but this seems like a very longshot fix.

Other alternatives are to try uninstalling XP SP 2 and see if you have the same problem and then reinstall it.

Or you could simply live without msconfig and use a 3rd party substitutue for most of its functions.

Autoruns could be used for clean booting, for example:

http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml

PS> if you suspect AVG 7, try uninstalling it: you can always re-run the setup file to reinstall. I can't imagine how it could cause the issue in Safe Mode though.

Hmmm... Had AVG 7 already downloaded so I installed it on my SP2 system. So far I don't see a problem with msconfig, but I haven't actually updated or scanned with it yet.


----------



## matestit (Nov 18, 2004)

Ok ... the big mistery!

I have AVG7 on another Pc and it has no problem with Msconfig.

I have tried Autoruns and it is a good alternative to msconfig.

So thank you very much for support to you and Dvk01.


----------



## cassini_mtn (Jul 2, 2004)

You could boot to safe mode & try renaming msconfig.exe to msconfig.xex . Windows may not allow this, but you could try. If Windows allows this, then extract a new copy of msconfig.exe. 

Problems occuring in safe mode are caused by only:
1. corrupt registry;
2. corrupt OS;
3. virus;
4. hardware. 

When did the problem begin? After installing / upgrading / removing hardware / software? 

Did the computer come with XP SP2 or did you upgrade to SP2? If you upgraded, when did you do so? 

CM


----------



## Rollin' Rog (Dec 9, 2000)

I think he as already tried that. But since this problem does seem so specific to msconfig, and it is possible Service Pack cab file is equally corrupt, it might not be a bad idea to try copying over msconfig.exe from another SP2 system.


----------



## matestit (Nov 18, 2004)

Unfortunately I don't know how long msconfig doesn't run.

Yes, I have installed & removed some new/old sw, it's very difficult remember something useful.

I will try to copy msconfig from another pc with SP2 and I'll let you know what will happen.


----------



## cassini_mtn (Jul 2, 2004)

Did the computer come with XP SP2 or did you upgrade to SP2? If you upgraded, when did you do so? 

Did the problem begin after upgrading to SP2; immediately after; 2 months after? 

CM


----------



## matestit (Nov 18, 2004)

I upgraded my pc to SP2 in August 2004. After that my pc was ok and also Msconfig was running.
I don't know exactly when my msconfig stopped running.

I have a second pc at home that I install and remove the same sw of this one and at home Msconfig is perfectly running.
So I copied C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe from the pc at home and pasted it on the pc with msconfg not running.
The same Msconfig doesn't run.

To try this copy/paste I have booted on Safe Mode WInXP and logged as Administrator. All the operation copy/paste/rename was ok.
But now in Normal Mode boot if I erase the old msconfig.exe immediately the pc creaate a new msconfig.exe file (maybe it's a system file so WinXP protect itself).
BUT, after (too many) actions copy/paste and rename, NOW I have just one msconfig.exe file in C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\,
BUT when I do Start -> Run -> msconfig
appears a WinXP ("red X") window saying: "wWindows cannot find 'msconfig'".

What I have to do to restore the right MSCONFIG.exe ???


----------



## Rollin' Rog (Dec 9, 2000)

Try deleting the file entirely. Do not reboot -- which is when System File Protection would kick in.

Then just copy over a new msconfig.exe

Don't do any renaming.

And make sure you have "Hide Extensions for Known File Types" UNchecked in Folder Options > View. This can cause renaming problems when enabled.

It sounds though like this problem is not in the file itself and the problem is remaining a mystery


----------



## matestit (Nov 18, 2004)

........mmmmmmmmmmmm...............

If I cancel C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe I have just 3 seconds time to paste a previous_copied (Ctrl+C) msconfig.exe file.
If I do nothing after 3 seconds one msconfig.exe file automatically appears.

So, I fastly copied the new msconfig.exe in folder and everything is ok.
BUT, when I do Start -> Run -> msconfig the usual window appears:
(X) Windows cannot find 'msconfig'.

VERY STRANGEEEEEEEEEEEEEEE !!! :-(
my pc got crazy ... as me!
So now it's impossible also just RUN the Msconfig!

Note: the first time I tried to copy/paste/rename, first I renamed the original file msconfig.exe (that didn't start) in msconfig.OLD and copy the new (good) msconfig.exe file in C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\.
Then Start->Run->msconfig and a message appears. I don't remeber well what the message said, but the meanings was: "Choose which program needs to open msconfig.OLD".

Incredible! the new file named msconfig.exe stay already in C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\ together msconfig.OLD and when doing Start->Run->msconfig, WInXP tried to launch msconfig.OLD and NOT the right msconfig.exe who stayed in the right directory!

I think the error message I find now is linked to this strange behaviour of WinXP.


----------



## cassini_mtn (Jul 2, 2004)

be sure your computer is set to "show all files" and unchecked is "hide file extensions . . ."
control panel > classic view > folder options > "view" tab

set search [ start > search > files or folders ] to search hidden & system files

search for: msconfig.exe

I found it on the C:\Windows\ . . \binaries & in C:\windows\system32\dllcache

boot to safe mode
move msconfig.old to your desktop

copy msconfig.exe from C:\windows\system32\dllcache

to

C:\Windows\ . . \binaries

then: start > run > remove contents;
type: msconfig
click "ok"

record results

if successful, boot to normal mode.

then: start > run > remove contents;
type: msconfig
click "ok"

record results

report results

hth

cm


----------



## Rollin' Rog (Dec 9, 2000)

Make sure there is just one msconfig in that folder, and it is named msconfig.exe

Also run *regedit* and navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths

Scroll down the App Paths key and look for a folder called msconfig.exe and ensure the path in the right hand pane is correct and has msconfig.exe at the end.

see attachment for a pic.

Make sure there is no other msconfig folder there by chance.


----------



## matestit (Nov 18, 2004)

@ cassini_mtn:
>>> be sure your computer is set to "show all files" and unchecked is "hide file extensions . . ."
OK, my settings are ok.

Searching for: msconfig.exe, I found:
1. msconfig.exe in C:\WINDOWS\ServicePackFiles\i386 (155 KB)
2. msconfig.exe in C:\WINDOWS\PCHEALTH\HELPCTR\Binaries (155 KB)
------------------------------

@ Rollin' Rog:
OK, the "secret" was here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths

The "value" was set to _msconfig.OLD
I reset it to msconfig.exe and now is "ok"

Rember "ok" for me is that msconfig however does not run and I use the alternative sw "Autoruns".


----------



## cassini_mtn (Jul 2, 2004)

matestit: 
what do you mean by "I use the alternative sw "Autoruns"."?


----------



## matestit (Nov 18, 2004)

I mean that when I do Start -> Run -> msconfig the window:
"(X) Windows cannot find 'msconfig'."
doesn't appear. (I solved just this problem)

BUT msconfig.exe still not run.

So I have in alternative to use Autoruns.


----------



## Rollin' Rog (Dec 9, 2000)

Strange problem for sure. Wish I knew what to suggest from here, but besides doing a lot of uninstalling and reinstalling which is just as likely to cause more problems than be helpful -- I don't think you are losing much by relying on autoruns.exe -- unless the problem rears its ugly head in some other system files.


----------



## cassini_mtn (Jul 2, 2004)

matestit: 
OK. 

What happens if you go to c:\ . . .binaries\msconfig.exe and try to run it? 

CM


----------



## matestit (Nov 18, 2004)

>> What happens if you go to c:\ . . .binaries\msconfig.exe and try to run it?

.... msconfig does not run .... just an hourglass "flash" and anything else
... no one trace in Process List


----------



## cassini_mtn (Jul 2, 2004)

I have not a clue.

I'll be interested to learn the fix for this one. 

cm


----------



## Rollin' Rog (Dec 9, 2000)

So would I.

Matestit, I don't think I've had you do this, so perhaps one more try at finding something running, that might be present in Safe Mode as well as normal.

Download and unzip pv.zip

http://tools.zerosrealm.com/pv.zip

Run "runme.bat" and choose option #1 to display dlls loading with explorer.

Save the text file and upload it here as an attachment. Since Explorer runs in Safe Mode, we might see something there that doesn't belong.

By the way, you can also test to see if it runs with Explorer terminated. To do this open the Task Manger (crtl-alt-del) and select Explorer.exe and "end process" on it.

Your normal desktop will disappear but the Task Manager will remain open. Choose File > New Task and either enter msconfig.exe or browse to it and run it. See if it opens and stays open.

To re-enable Explorer, just enter explorer.exe in the "new task" field. For that matter, you can terminate any process with a "user name" on it, but you would probably want to shutdown and reboot afterwards to re-enable them again.


----------

