Rootkit: Hidden file and self starting computer

Hi, I have had problems with my computer starting up by it self after a while everytime I turn it of and have had to shut of the powersupply everytime I shut my computer down. I put the computer on a scan with Avast! this morning and now that I came home it had two ressults:

appdata\local\temp{61ADEDF1-399A-4185-962C-581704D250B2}\fpb.tmp Hot: Rootkit: hidden file
appdata\local\temp\dlmAE74.tmp\neurowiseSetup.exe PUP:Win32:PUP-gen [PUP]

The second file avast moved to quarantine but the other files directory do not exist and avast can’t remove it.
Now I tried removing the temp map content manually if the file had changed name or something strange and then I ran in to an other problem.
4 files I’m not able to delete:

~DF8B716B4800059378.TMP
FXSAPIDebugLogFile
63547c51a55c7182c5c77fb521826c6c_fce8395f8fd8a84b_6229ccd76215aea1_0_0 (VLC file format, in NVIDIA Corporation\NV_Cache)
63547c51a55c7182c5c77fb521826c6c_fce8395f8fd8a84b_6229ccd76215aea1_0_0.toc

the nvidia files I guess could be something that should be there but my experience with the Temp folder is that basicly everything there is stuff that is not really needed and can be deleted.

I don’t like that the computer starts by itself and that I can not find the file avast complained about nor remove it with avast so I am looking for help and tips of what this could be about and what I should do.
If it comes down to it I can re-install the whole computer, I have started to think about doing so anyhow but would prefer to wait a while with that and solve my problem some other way.

Thanks for any responses and feel free to ask for more info if needed, I will try and get any info that might be needed. I have downloaded some files from torrents if it helps some how but not like I used to before I got Steam and Netflix haha!

clear your temp files with this

TFC-cleaner http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

when done, follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes / Farbar Recovery Scan Tool / aswMBR logs

There we go, here are all the files you asked for done in the order the guide asked for.

And thank you for the fast reply!

removal expert are notified, it may take some time before they are online…

wow … you had an enormus amount of PUP crap from conduit

Do you have your computer set to wake on LAN ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

I did the thing you suggested but when I turned it of last night the computer still started it self after about 1 hour, I have never had that problem before, the only problem I’ve had is that it wakes from sleep mode after about 30min if I use it but never has the computer started from being shutdown by it self. That started about 5 days ago now.

Could you follow the steps here and let me know if that stops it

http://www.ehow.com/how_6942595_disable-wake-up-lan.html

I have now made the changes, will see when I turn the computer off before going to bed if it helps. I do think it might, but I’ll post the ressult in the morning when I wake up or when I go to bed if it starts it self before I have fallen asleep!

It did not help, the computer is still starting it self after a while of being shutdown.
I have had thoughts of re-installing my computer and I am starting to think that I might do so but it would be nice to know better how to handle and what to do if something like this happends again!

It sounds to me as though you are setting it to sleep rather than shutdown. I will need to do some research on this

But when you shut down does the computer power itself off or is the power light still showing ?

It powers it self off, the only light still active is the Motherboards power light that indicates that the powersupply is supplying power.
That’s why I don’t understand why it starts it self, I am a moderately advanced user so I do go around doing things to see how it works but I havn’t done anything lately that could cause this behavior.

Might it be something with my motherboards (Asus, don’t remember the full name right now) wireless network thing that came with it to do? I moved the computer and have used that thing now for some days.
But I have used that thing before and then it did not make this kind of thing happen, but it is the only thing that I can see that would cause my problem if it is not some virus or something but I doubt that is the case.

Pull out the power plug.
Leave the system without power for about 5 minutes.
Put the plug back in.
Don’t press the power button or reset button!
Does the system start booting automatically?

Will try that a bit later during the day.
The interesting thing now is that it no longer goes out of sleep mode like it used to. I have had my computer in sleepmode during the night and unlike powering it of it does not start it self or go out of sleep mode then…

I have no idea what is going on with my computer haha

Sounds very much like a system problem as opposed to malware. When you turn it off and unplug it does it restart ?

As soon as I get home I will try shutting off the power completely and plugging it back in after a short while, I will respond later ( in about 9 hours) with the results.

If it does not start it self after a while in that case, what could that mean, and what would it suggest if it doesn’t start it self? Or is it too hard to say what the most likely problem is?

It would suggest that rather than turning off the system is going to sleep or hibernating, and the wake on LAN or mouse is enabled

It hasn’t started yet, will see if it does before I go to sleep or during the night.
The thing is that all the lights turns off like normal, it does not have hybernate as a option normally. And the sleep works fine, if I manually put it in sleep mode like I have done the last nights the light blinks like it should and it does not wake up. It is strange though, it has always woken from sleep from the day I built it, I guess the wake on LAN thing worked out that issue!

Let me know if it starts again and I will see if I can find another solution

I will see if it starts during the night after removing all power, if it does not I will try again if it starts when I just turn it off normally then I will reply again with the result :slight_smile:

Update:
It did not start during this night after I made sure all the power was out of the computer, motherboard lights was out and so on, I will try a normal shutdown later today and see if it still doesn’t work like it should.

If I am lucky the problem somehow solved it self and my computer won’t start it self after shutdown anymore haha

Update 2:
The computer still starts it self, this time after about 10 min after shutdown. But sleep still works fine unlike before.