Windows – Hijack.StartMenu Malwarebytes Anti-Malware is a false positive

I use combofix successfully on 64bit Vista regularly. In my experience, 64bit does take advantage of system operations regardless of whether or not application does. Although I wouldn't agree that vista 64 is 100% rootkit free, it is a lot harder to get rootkits on a 64bit OS. It is difficult for manufacturers of hardware to make drivers for 64bit still, I don't think we will see too many 64bit root kits for a while. And if you hate on 64bit get used to it, whether you like it or not, 4gb of ram will become obsolete. When it does 64bit will be required.

Though the safest course would be to reinstall the operating system and all applications as suggested by barlop, if you believe that your system has been compromised, I've sometimes found that using several antivirus/antispyware products will allow me to identify malware. It isn't always that one product is far superior to all others, but, instead, that the developers of some products have not yet encountered a new malware variant, but one particular company or organization has already encountered it and has updated their virus/spyware definitions to detect it. So for malware x, product A, B, C, and D may miss it, but product E may find it while for malware y, A, C, D, and E may not identify it, but B does. When I've had the time, I've sometimes tried a dozen or more before finding one that detected a particularly insidious piece of malware. Some other suggestions for legitimate, free antivirus/antispyware products you could try that shouldn't conflict with an existing antivirus/antispyware product on your system, if you choose the free, on-demand only version, i.e., it runs only when you manually start it, rather than one that constantly monitors your system:

1. Ad-Aware Free Antivirus+
2. Sophos Virus Removal Tool
3. SUPERAntispyware
4. Spybot - Search & Destroy

Rootkit detectors:

1. GMER
2. Kaspersky TDSSKiller
3. Malwarebytes Anti-Rootkit

I like to be able to boot an infected system from a Live CD, so that the operating system normally used to boot the system is not running at the time of the scan. Many antivirus vendors provide a free Live CD you can use for such purposes. Some that I've used include the following:

1. Avira Rescue System
2. AVG Rescue CD
3. BitDefender Rescue CD
4. F-Secure Rescue CD
5. Kaspersky Rescue Disk

Note: if you wish to identify malware on a system, perhaps even when you intend, eventually, to wipe the system and start anew, and wish to try multiple programs, you need to be willing and able to not use the system for other purposes for quite some time, since a scan with just one product may sometimes take a couple of hours. You don't have to sit there watching the scan, but you need to accept that the system may not be available for your use for some time or at least may perform very slowly, though I would avoid using a system I thought might be infected for other purposes in any case. I usually perform an image backup of a system first, so that I can always revert to the prior state and test again with some other product, if I want to compare products or a particular one renders the system unbootable after it has removed what it identifies as malware, which can, sometimes, be due to false positives.

Sometimes I use that approach to determine what website was the source for an infection. By looking at time stamps on files associated with an infection and correlating them with website visits, using tools such as the free Web Browser Tools provided by NirSoft that allow you to examine the browser history of various browsers.

And, if you have a particular file you suspect is a culprit for an infection, you can upload it to a site that scans files with multiple antivirus programs. Sites that provide that type of service for free include the following:

1. VirusTotal - now owned by Google
2. Jotti's Malware Scan
3. VirSCAN

Spending the time to identify the exact cause of an infection can often consume far more time than wiping and reloading the system, though, and you may decide to do that in the end, anyway.