Question

Locked

MSCONFIG.EXE not allowing me to save change! I AM ADMIN!

By mikedeewithadt ·
I have looked for a few hours for the last couple days for an answer to this question:

I am the Administrator on my computer. It is on a small home network with 1 other computer with an Intellinet Wired Router. I am running Win XP SP2. If more specs are required please ask.

But anyways, when I try to use MSCONFIG.EXE or a program called AutoRuns(which is basically an easier to understand msconfig) any changes I make revert upon reboot and my selection of normal startup from the general? tab of msconfig. I get an error message to the extent of "an access error has occured logon as administrator or go to your admin" or something to that effect.

I'm lost! Please help.

Thanks in advance
Mike

This conversation is currently closed to new comments.

25 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next
Thread display: Collapse - | Expand +

All Answers

Collapse -

Thanks for the replies

by mikedeewithadt In reply to Check permissions

I am currently out of town and unable to try any of these suggestions. When i get back on Saturday I will try all the suggestions and post back my findings for either more information/suggestions or to explain the solution that worked so that maybe someone in the future can have any easier time than I have with this problem.

Thanks again and I'll post on Saturday.

Have a Great Weekend
Michael

Collapse -

No, Thank you for letting us know

by Jacky Howe In reply to Thanks for the replies

it's really a pity that there is a lot of people on these forums who will just post and never bother to reply. I really wish that there were more here like you. Thanks again and you enjoy your weekend.

Edited: context

Collapse -

Or... take the answer and run!

by Snuffy09 In reply to No, Thank you for letting ...

no thumb either

Collapse -

Not the only OP that doesn't

by Jacky Howe In reply to Or... take the answer and ...

mark the answers Helpful when a solution has been provided. I've been around long enough to know who to ignore. They get the benefit of the doubt the first time that they post a question but if a Helpful answer gets ignored when a second question is posted they go on my list and I stop responding to their questions. Easy fix. There are a couple of regular posters here who are border line. Sometimes a Helpful answer is overlooked and it is marked as Helpful later on, in that case they are removed from my list and I will try to help them out. I don't mind a Thank You as it shows recognition for your input but a Thumb is better.

Collapse -

agree

by Snuffy09 In reply to Not the only OP that does ...
Collapse -

I get what your saying but..

by mikedeewithadt In reply to agree

Ok I actually just got back into town last night and slept most of the day today! I haven't tried any of these responses but I consider them all helpful so I guess I am supposed to mark them all as helpful? I'm not really forum savvy so not to sure how this works but I want to do it right so that you all will help me again in the future!!

Anyways I will do as you say to the best of my understanding and mark the responses I try as helpful. Thank you all again for your time in making these responses and HAPPY VALENTINES DAY!!

Michael

Collapse -

Like this suggestion

by mikedeewithadt In reply to Check permissions

I understand to a point what you are saying but can't get anything to work and as I said before I just seem to screw my computer up even more. Appreciate the help and all but at this point I just want my computer back to not being so sluggish and to heck with being able to change the MSCONFIG stuff.

Thanks
Michael

Collapse -

Can you post

by Jacky Howe In reply to Like this suggestion

your HijackThis log for us to have a look at. You should be able to open it in Notepad and highlight all of the text by pressing Crtl+a and then Ctrl+c to copy it and then in a new post press Ctrl+v to paste it.

Collapse -

Or try this

by Jacky Howe In reply to Can you post

Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

Removing malware from System Restore points
To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

Default Start Menu XP
If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

Classic Start Menu XP
If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

Vista
Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

Click Start, Run type msconfig and press Enter.

Now if you have the Configuration Utility open.
Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, save the settings and restart the PC.
When the System is disinfected re-run the Configuration Utility and in the System Configuration Utility dialog box, click the General tab, and then click Normal Startup.

Download Malwarebytes Anti-Malware, install it and update it.

Click this link <a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>malwarebytes</u></a>

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

I would keep scanning with it until it is clean by closing out and rebooting and running it again.

Just to be on the safe side when you finish do an online scan with Bitdefender. Or Google for an online scanner.

Click this link <a href="http://www.bitdefender.com/scan8/ie.html" target="_blank"><u>bitdefender</u></a>

If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM.

From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.

Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.

Download Spybot - Search & Destroy and install it. Update it. http://www.safer-networking.org/en/download/index.html

With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

Also run this Rootkit Revealer GMer

Click this <a href="http://www.gmer.net/index.php" target="_blank"><u>gmer</u></a>

FAQ

Click this <a href="http://www.gmer.net/faq.php" target="_blank"><u>link</u></a>

BleepingComputer
Click this <a href="http://www.bleepingcomputer.com/malware-removal/" target="_blank"><u>bleepingcomputer</u></a>

How to check the Host file

Step 1: Click the Start button and select Run. Now type the following text in that Run box and press Enter:

notepad c:\WINDOWS\system32\drivers\etc\hosts

Step 2: You will see a new notepad window on your screen containing some information. You should have a single entry of 127.0.0.1 localhost. If there are any other entries in there it means that those sites are being blocked and it is probably due to an infection.

If it is the DNS changer fixwareout will remove this.

http://download.bleepingcomputer.com/lonny/Fixwareout.exe

The DNSChanger trojan is usually a small file (about 1.5 kilobytes) that is designed to change the 'NameServer' Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan. As a result of this change a victim's computer will contact the newly assigned DNS server to resolve names of different webservers. And some of the resolved names will not point to legitimate websites - they will point to fake websites that look like real ones, but are created to steal sensitive information (like credit card numbers, logins and passwords).

VARIANT: Trojan.Win32.DNSChanger.al

Update your Antivirus software.
</br>

Collapse -

Trying this

by mikedeewithadt In reply to Or try this

Sorry I have been out of town for the past week and this is my desktop computer. It is completely messed up. The little bit of work I was able to do on it I think I just made it worse. Now my display driver is messed up and I can't reinstall it. My Microsoft office Outlook program is broken as well. Everytime I try and open it I get a setup box with a process bar then an error message says I don't have permission to change HKEY_blah blah blah. Same type of issue I have been having yet more pronounced.

Starting to think it is a virus or malware of some type like you just suggested Jacky. Going to follow previous post and see whats up, here is my HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:06 PM, on 2/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=6**57
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/ad-aware/personal/106/upgrade.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = By Hawaiian Telcom
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1**0-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1**0-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: ljJATJda - ljJATJda.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RpcMgr - Unknown owner - C:\WINDOWS\system32\wins\svchost.exe (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 7509 bytes

PS!!! NOT SURE IF THIS MATTERS BUT THIS IS A LAPTOP THAT THE SCREEN IS BROKEN ON SO I USE IT AS A DESKTOP COMPUTER. I MENTION THIS BECAUSE MY DISPLAY DRIVER IS INTEGRATED WITH THE MOTHERBOARD? I GUESS... SOMETHING LIKE THAT

Back to Software Forum
25 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next

Related Discussions

Related Forums