Win 32: Malware Gen

[jeanie_mcgough]

My computer sometimes will switch off on start up and it takes 2 or 3 trys before it starts.  I have done Superspyware, malware and avast. Avast boot scan brought up win 32:malware gen but it cannot repair, delete or send to chest.  Could this be the shutting down problem?  Also how do I get rid of the malware.

[Pondus]

follow this guide from Essexboy and post the log`s here as attachments in your next reply
http://forum.avast.com/index.php?topic=53253.0

down left corner: additional options > attach > ( MBAM scan log / OTL.Txt / Extras.Txt )

[jeanie_mcgough]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4271

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

03/07/2010 17:53:11
mbam-log-2010-07-03 (17-53-11).txt

Scan type: Quick scan
Objects scanned: 22746
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
I cannot find an otl extra

[jeanie_mcgough]

I ran the otl again and now attach the extra log I had to change a setting in otl to get the extra log

[essexboy]

Hm Vista is notorious for slow starts from my experience - what is the location of the file that Avast finds ?

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:OTL
[2009/03/01 17:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeanie\AppData\Roaming\Mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

THEN

To try and ease the startup try this

Download Startup Control Panel here
Instal and you will find a startup icon in the control panel - run this

• In the HKLM tab, you may disable (be careful --> "disable") all the entries except your security software 
  
• In the HKCU tab, you may disable all entries.
  
• In the StartUp tab, you may disable all entries.
  

Note : if you notice that some programs no longer run, you can enable them again by running Startup Control Panel, selecting the entry and choosing Run Now.
If you are in doubt with something, don't hesitate to ask ;)

FINALLY

Download and run Puran Disc Defragmenter

[jeanie_mcgough]

Loacation is *RAW:c\users\jeanie\documents\wind53-eng-v110[1]\wind53 set up ms1.

When I do the otl scan all  the setting say safe list.

I have had the computer for two years now and it is only the past couple of months that it shuts down before windows installs.

I only use the computer for basic things and i am not very technical. Can I do any  harm by installing the start up control panel you suggest   

[essexboy]

Startup control panel will do no harm - I use it on my windows 7 64 bit 

I see you have run combofix - could I see the log please, it will be at C:\combofix.txt

[jeanie_mcgough]

Sorry i have deleted combo fix.  Should I run this again.  Also how ofter should i run the puran defrag and should i do a boot run

[essexboy]

For the first run on Puran I would do a boot defrag and thereafter do a normal one every week or so

Aye lets have another CF run to see what drivers are hiding

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[jeanie_mcgough]

Log attached.  I have also noticed that in the performance event viewer I hhave had critical warning about start up and boot performance. I have attached this.   Thanks for all your effor+ System

  - Provider

   [ Name]  Microsoft-Windows-Diagnostics-Performance
   [ Guid]  {cfc18ec0-96b1-4eba-961b-622caee05b0a}
 
   EventID 100
 
   Version 1
 
   Level 1
 
   Task 4002
 
   Opcode 34
 
   Keywords 0x8000000000010000
 
  - TimeCreated

   [ SystemTime]  2010-07-04T10:02:24.189Z
 
   EventRecordID 6763
 
  - Correlation

   [ ActivityID]  {00000000-F6C8-0000-9F77-56A65F1BCB01}
 
  - Execution

   [ ProcessID]  1936
   [ ThreadID]  2464
 
   Channel Microsoft-Windows-Diagnostics-Performance/Operational
 
   Computer Jeanie-PC
 
  - Security

   [ UserID]  S-1-5-19
 

- EventData

  BootTsVersion 2
  BootStartTime 2010-07-04T09:59:53.671Z
  BootEndTime 2010-07-04T10:02:20.439Z
  SystemBootInstance 928
  UserBootInstance 919
  BootTime 121827
  MainPathBootTime 53727
  BootKernelInitTime 20
  BootDriverInitTime 1532
  BootDevicesInitTime 11772
  BootPrefetchInitTime 53853
  BootPrefetchBytes 708120576
  BootAutoChkTime 0
  BootSmssInitTime 21206
  BootCriticalServicesInitTime 1251
  BootUserProfileProcessingTime 599
  BootMachineProfileProcessingTime 387
  BootExplorerInitTime 13098
  BootNumStartupApps 20
  BootPostBootTime 68100
  BootIsRebootAfterInstall false
  BootRootCauseStepImprovementBits 0
  BootRootCauseGradualImprovementBits 0
  BootRootCauseStepDegradationBits 0
  BootRootCauseGradualDegradationBits 0
  BootIsDegradation false
  BootIsStepDegradation false
  BootIsGradualDegradation false
  BootImprovementDelta 0
  BootDegradationDelta 0
  BootIsRootCauseIdentified false

[essexboy]

Hmm a 3 minute boot time is long

MainPathBootTime 53727
BootPrefetchInitTime 53853

these are the two longest elements at 53 seconds each

These elements can safely be removed from start up

NvCplDaemon
NvMediaCenter
PCSuiteTrayApplication
QuickTime Task
iTunesHelper
TkBellExe
SunJavaUpdateSched
Adobe Reader Speed Launcher
Adobe ARM

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Click Start > Run  and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes.  Run weekly to keep your system clean
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave:

[jeanie_mcgough]

Computer shutting down frequently on start up before windows.  Have to start it 2 to 3 times.  Have you any idea where I can get help on this as there now does not appear to be any malware, spyware or virus . 

[essexboy]

What may help is a fresh install - my experience with Vista is that as time progresses it gets slower and slower, much worse than XP. 

But I do know where a lot of technicians help out 
 
If you start a topic here I will ask Ron or Broni to have a look at it for you http://www.geekstogo.com/forum/index.php?showforum=79

Just pm me the link ( I have the same user name there)

[jeanie_mcgough]

I have put new topic on link where you said under hardware.  You must think im stupid but how do i pm you?.

[jeanie_mcgough]

now done the link as requested.My 13 yr old son fixed it.  Oh to be young again.