Win 32: Malware Gen

My computer sometimes will switch off on start up and it takes 2 or 3 trys before it starts. I have done Superspyware, malware and avast. Avast boot scan brought up win 32:malware gen but it cannot repair, delete or send to chest. Could this be the shutting down problem? Also how do I get rid of the malware.

follow this guide from Essexboy and post the log`s here as attachments in your next reply
http://forum.avast.com/index.php?topic=53253.0

down left corner: additional options > attach > ( MBAM scan log / OTL.Txt / Extras.Txt )

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4271

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

03/07/2010 17:53:11
mbam-log-2010-07-03 (17-53-11).txt

Scan type: Quick scan
Objects scanned: 22746
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
I cannot find an otl extra

I ran the otl again and now attach the extra log I had to change a setting in otl to get the extra log

Hm Vista is notorious for slow starts from my experience - what is the location of the file that Avast finds ?

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2009/03/01 17:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeanie\AppData\Roaming\Mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

To try and ease the startup try this

Download Startup Control Panel here
Instal and you will find a startup icon in the control panel - run this

[*] In the HKLM tab, you may disable (be careful → “disable”) all the entries except your security software
[*] In the HKCU tab, you may disable all entries.
[*] In the StartUp tab, you may disable all entries.

Note : if you notice that some programs no longer run, you can enable them again by running Startup Control Panel, selecting the entry and choosing Run Now.
If you are in doubt with something, don’t hesitate to ask :wink:

FINALLY

Download and run Puran Disc Defragmenter

Loacation is *RAW:c\users\jeanie\documents\wind53-eng-v110[1]\wind53 set up ms1.

When I do the otl scan all the setting say safe list.

I have had the computer for two years now and it is only the past couple of months that it shuts down before windows installs.

I only use the computer for basic things and i am not very technical. Can I do any harm by installing the start up control panel you suggest

Startup control panel will do no harm - I use it on my windows 7 64 bit ;D

I see you have run combofix - could I see the log please, it will be at C:\combofix.txt

Sorry i have deleted combo fix. Should I run this again. Also how ofter should i run the puran defrag and should i do a boot run

For the first run on Puran I would do a boot defrag and thereafter do a normal one every week or so

Aye lets have another CF run to see what drivers are hiding

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Log attached. I have also noticed that in the performance event viewer I hhave had critical warning about start up and boot performance. I have attached this. Thanks for all your effor+ System

  • Provider

[ Name] Microsoft-Windows-Diagnostics-Performance
[ Guid] {cfc18ec0-96b1-4eba-961b-622caee05b0a}

EventID 100

Version 1

Level 1

Task 4002

Opcode 34

Keywords 0x8000000000010000

  • TimeCreated

[ SystemTime] 2010-07-04T10:02:24.189Z

EventRecordID 6763

  • Correlation

[ ActivityID] {00000000-F6C8-0000-9F77-56A65F1BCB01}

  • Execution

[ ProcessID] 1936
[ ThreadID] 2464

Channel Microsoft-Windows-Diagnostics-Performance/Operational

Computer Jeanie-PC

  • Security

[ UserID] S-1-5-19

  • EventData

    BootTsVersion 2
    BootStartTime 2010-07-04T09:59:53.671Z
    BootEndTime 2010-07-04T10:02:20.439Z
    SystemBootInstance 928
    UserBootInstance 919
    BootTime 121827
    MainPathBootTime 53727
    BootKernelInitTime 20
    BootDriverInitTime 1532
    BootDevicesInitTime 11772
    BootPrefetchInitTime 53853
    BootPrefetchBytes 708120576
    BootAutoChkTime 0
    BootSmssInitTime 21206
    BootCriticalServicesInitTime 1251
    BootUserProfileProcessingTime 599
    BootMachineProfileProcessingTime 387
    BootExplorerInitTime 13098
    BootNumStartupApps 20
    BootPostBootTime 68100
    BootIsRebootAfterInstall false
    BootRootCauseStepImprovementBits 0
    BootRootCauseGradualImprovementBits 0
    BootRootCauseStepDegradationBits 0
    BootRootCauseGradualDegradationBits 0
    BootIsDegradation false
    BootIsStepDegradation false
    BootIsGradualDegradation false
    BootImprovementDelta 0
    BootDegradationDelta 0
    BootIsRootCauseIdentified false

Hmm a 3 minute boot time is long

MainPathBootTime 53727 BootPrefetchInitTime 53853
these are the two longest elements at 53 seconds each

These elements can safely be removed from start up

NvCplDaemon NvMediaCenter PCSuiteTrayApplication QuickTime Task iTunesHelper TkBellExe SunJavaUpdateSched Adobe Reader Speed Launcher Adobe ARM

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following


:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave:

Computer shutting down frequently on start up before windows. Have to start it 2 to 3 times. Have you any idea where I can get help on this as there now does not appear to be any malware, spyware or virus .

What may help is a fresh install - my experience with Vista is that as time progresses it gets slower and slower, much worse than XP.

But I do know where a lot of technicians help out ;D

If you start a topic here I will ask Ron or Broni to have a look at it for you http://www.geekstogo.com/forum/index.php?showforum=79

Just pm me the link ( I have the same user name there)

I have put new topic on link where you said under hardware. You must think im stupid but how do i pm you?.

now done the link as requested.My 13 yr old son fixed it. Oh to be young again.

I have asked Broni to take a look - you will be in good hands ;D

Thanks. No doubt will speak to you with my next problem