2 hour restart... wtf

Welcome to Major Geeks!

If you have run the cleaning procedure and still have problems, you need to do what the cleaning procedure requested which is the below:

 

You did not put your PC into Normal Startup mode with MSconfig as requested in step 1 of the READ & RUN ME. You must do this right now and you must not use MSconfig like this anymore. You have a bunch of malware and other things stuck in there and we cannot properly continue until you do this. The READ & RUN ME stated your cleanup would be delayed if you did not follow these instructions.

You also will then need to disable Spybot's Teatimer as requested in the READ & RUN ME since it appears you had it stuck in MSconfig to which is not what we want. We want it disabled within the Spybot program.

What problems did you have? Did you follow instructions properly for using it? Did you receive errors? Did it get to the point of rebooting and did it reboot and display a log? Attach the C:\Bug.txt file which may be a problem report from ComboFix. Attach this log now before continuing.

Per our request in the READ & RUN ME you should only run scans once and then attach the requested logs so that we can see what is being found on the PC. Please run Malwarebytes one more time and attach the log even if nothing is found.

There are dozens of infected files on your PC an it would be much easier if we got the scans to run properly. They normally fix many of these problem files automatically. Please try booting into Safe Boot mode and running first SUPERAntiSpyware and see the instructions about options to disable if it is causing crashers. Whether SAS runs or not, then also from Safe Boot mode run ComboFix. Attach the logs from the ones that run.

The below files DO NOT belong in the Windows folder. Move them somewhere else if you need them; otherwise, delete them. Do not save your downloads in this folder!!!

Code:

C:\Windows\
3gpboo~1.exe  May 26 2008      160364  "3GP Booster Pack Uninstaller.exe"
animat~1.exe  May 26 2008      160247  "Animated GIF Booster Pack Uninstaller.exe"
anytrial.exe  Feb  7 2008       15872  "AnyTrial.exe"
audioc~1.exe  Dec  7 2007      162352  "Audio Converter Pro Uninstaller.exe"
filere~1.exe  Dec 19 2007      120587  "File Renamer - Basic Uninstaller.exe"
movboo~1.exe  May 26 2008      160202  "MOV Booster Pack Uninstaller.exe"
mpeg-2~1.exe  May 26 2008      160412  "MPEG-2 Booster Pack Uninstaller.exe"
mpeg-4~1.exe  May 26 2008      160283  "MPEG-4 Booster Pack Uninstaller.exe"

Why are you running this PC without an antivirus program?

Did you install the below?
O4 - Startup: FreeMeter.exe.lnk = RETTIG Nick\Desktop\PROGRAMS\FreeMeter\FreeMeter.exe

 

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O23 - Service: AQXLL - Unknown owner - C:\Users\RETTIG~1\AppData\Local\Temp\AQXLL.exe (file missing)
O23 - Service: IYKW - Unknown owner - C:\Users\RETTIG~1\AppData\Local\Temp\IYKW.exe (file missing)
O23 - Service: JSRW - Unknown owner - C:\Users\RETTIG~1\AppData\Local\Temp\JSRW.exe (file missing)

After clicking Fix, exit HJT.



Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

While there was a bunch of malware and we still have a little more to do, your problem with restarting may not be due to malware. You should check out your Event Viewer logs to see if anything is being reported.

I also strongly advise that you uninstall the cracked/cheat software you are using. The main one I see (and I don't know if there are others) is AnyDVD and the service you are running to allow you to use it. Namely the below:

O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp - C:\Windows\AnyTrial.exe


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=,,C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimecontinue.

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixUI.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folder except ones from the current date (Windows will not let you delete the files from the current day).
C:\Users\RETTIG Nick\AppData\Local\Temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You will have to post about these in the Software Forum since they are not malware issues. You need post all of the info on the Events. Normally you can double click to get more info. Also you should check to see if there are any application errors being logged.

Your logs are clean, but I do suggest that you stop loading uTorrent at startup. You are leaving your PC open to the world all of the time. You can see all the connections being made to your PC in your runkeys.txt log which is inside of the MGlogs.zip file.

Also what are the two new folders from? Did you install some new software that I did not request?

Code:

 
"C:\Windows\System32\"
JOYPORT       Aug  5 2008              "joyport"
SYMBOLS       Aug  5 2008              "symbols"

I do see the below which are new and they were not part of my instructions.

Code:

"C:\Program Files\"
AUSLOG~1      Aug  4 2008              "Auslogics"
UNIBLUE       Aug  4 2008              "Uniblue"

You apear to have used UniBlue Register Booster and you are on your own with that as I did not ask you to run this and never would have. I'm not saying it caused any problems for sure but you should not be doing anything that we do not request while seeking help in the Malware Forum.



If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combo-fix folder from combofix.
4. If we had you run Avenger, you can delete all files related to Avenger now.
5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
8. Go to add/remove programs and uninstall HijackThis.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!