MSCONFIG Reboot

  1. 12-01-2009  #1
    Lazorith
    Lazorith is offline Newbie

    MSCONFIG Reboot

    when i go into Mcconfig my computer reboots.

    I have regfixpro and all their software and it picks up nothing. nor does AVG

    Everytime on reboot i get a windows error message (its fake though) and it says something bout a trojan.

    I also have stopsign and it names a virus called: siggen.1993

    this is my hijack file. as you can see there is also a ton of rundll files...

    Logfile of HijackThis v1.99.1
    Scan saved at 9:38:07 AM, on 1/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)

    Running processes:
    C:\WINDOWS1\System32\smss.exe
    C:\WINDOWS1\system32\winlogon.exe
    C:\WINDOWS1\system32\services.exe
    C:\WINDOWS1\system32\lsass.exe
    C:\WINDOWS1\system32\svchost.exe
    C:\WINDOWS1\System32\svchost.exe
    C:\WINDOWS1\system32\spoolsv.exe
    C:\WINDOWS1\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS1\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS1\system32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS1\system32\rundll32.exe
    C:\WINDOWS1\system32\rundll32.exe
    C:\WINDOWS1\system32\rundll32.exe
    C:\WINDOWS1\system32\rundll32.exe
    C:\WINDOWS1\system32\rundll32.exe
    C:\WINDOWS1\system32\rundll32.exe
    C:\WINDOWS1\system32\rundll32.exe
    C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
    C:\WINDOWS1\system32\wscntfy.exe
    C:\Program Files\eAcceleration\Framework\eac_svc.exe
    C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
    C:\Program Files\eAcceleration\Station\station_bk.exe
    C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\KillBox.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    F2 - REG:system.ini: UserInit=C:\WINDOWS1\system32\Userinit.exe
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [wclock] "C:\Documents and Settings\Owner\Application Data\Google\yfijv17721328.exe" 2
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegFixPro] C:\Program Files\RegFixPro\RegFixPro.exe -boot
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PrivacyControl] C:\Program Files\PrivacyControl\PrivacyControl.exe -boot
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3D764873-348C-11DC-8135-000C29FC39E5} (Zoom11.Ctrl) - http://www.zoom11.com/Zoom11.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195009277589
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3788ADA3-C86B-490C-8EE0-8ED00744423D}: NameServer = 66.174.92.14 69.78.96.14
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS1\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS1\system32\WPDShServiceObj.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
    O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
    O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe



    can anyone help me diagnose my problem?

  3. 12-01-2009  #2
    Dzidorek
    Dzidorek is offline Newbie
    i had same problem today but i found it and googled it so here i am

    i see that u have 1 file in ur logs "O4 - HKLM\..\Run: [wclock] "C:\Documents and Settings\Owner\Application Data\Google\yfijv17721328.exe" 2"

    that file called "yfijv17721328.exe" in ur catalogue "C:\Documents and Settings\Owner\Application Data\Google\yfijv17721328.exe" is making ur pc rebooting.

    How i finish with it i opened very fast Msconfig and ticked that file off from there but i think that u can also try to Download program called "Advanced WindowsCare V2 Personal" its free scan with it and later there u can get into startup things try it and lemme know if i helped you (:

    Ps. sorry for my english im still learning
  4. 13-01-2009  #3
    Lazorith
    Lazorith is offline Newbie
    Thank you. And my stopsign was able to find and remove it!

    The virus was/is:


    Full Virus Scan Details:

    Trojan.Siggen.1993: Virus
    c:\documents and settings\owner\application data\google\mjkspc.dll._eac_qt_ is Quarantined.


    PS for someone learning English you speak/type it well :-)
  5. 13-01-2009  #4
    Dzidorek
    Dzidorek is offline Newbie
    You're welcome. (:
  6. 13-01-2009  #5
    Lazorith
    Lazorith is offline Newbie
    yeah but now i gotta figure out why loads of rundll are running.

    each time another rundll is ran i get a ping

    in otherwords someone is pinging my computer..

    no scanners will pick up anything. so anyone help with that?
  7. 14-01-2009  #6
    rpmorrow
    rpmorrow is offline Valued Member
    You need to run Malwarebytes Antimalware. The problem you hae may prevent malwarebytes from loading, if so, rename the mbam.exe file, to something else then run it.
+ Reply to Thread
« Music downloads | i have no sound any ideas why? »