Firefox problems, Blue screen, High commit charge

[elementofice]

Yea so i followed all the instructions on that preliminary viruse/malware/spware removal post. The only thing I skipped was that online scanner since it took too long to prepare and scan and my computer goes blue screen before it can finish. Right now I can only use safe mode since on startup in normal mode about 2 mins in it will show the blue screen which says something about there was a problem so windows shut down, check your driver and BIOS stuff, etc. That is the main problem. Other symptons include Firefox taking 10+ minutes to load up, and having high commit charge on startup. For example, svchost.exe, explorer.exe, these processes that is essential to every computer, usually go take up less than 10,000K memory usage, but now they are all within the 20k-50k range and my commit charge is crazy high, something like 1000/1300 M Commit charge as opposed to the 300/1300M commit charge that I used to have. So, anyone have any ideas =\?

O and I cant do a HJT log since normal mode is completely screwed over and in safe mode, the resolution is 800x600, and when I click HJT, it goes to that acept license page but the "I accept" cannot be shown due to the resolution.

Also, can I have some opinions as to whether I should try and fix all these problems or should I just reformat =\?

 

[momok]

Hi,

I noticed that your AVG log displays 'No Action Taken' for all the files detected.

I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

You may wish to copy and paste these instructions on notepad for easier reference later.

Download the Pocket Killbox from HERE. Extract it but don`t run it yet.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Run the killbox program which you downloaded. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. (You can copy and paste the filepaths)

C:\WINDOWS\system32\swxcacls.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\swsc.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\swreg.exe
C:\WINDOWS\system32\drivers\tmcomm.sys

Reboot into normal mode and rehide your protected OS files.

I would like you to visit this link http://virusscan.jotti.org/

Click the Browse... button and navigate to the following file:
C:\WINDOWS\system32\acx.dll
Click Open

Please let me know the results.

For HJT, try pressing 'tab' once, then 'space' and then 'Enter'.
If it does not work, try pressing 'tab' twice before spacebar and enter.
Don't forget to get the latest HJT and rename the exe.

Thereafter, please post a fresh HJT, ComboFix and AVG Antispyware log from normal mode as an attachment into this thread.


Regards,
Your friendly Momok =)

This thread is for the use of elementofice only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[elementofice]

I deleted all that stuff using Killbox already, but the blue screen still appears 1-2 minutes after rebooting into normal mode. The blue screen says this:

"A problem has been detected and windows has been shut down to prevent damage to your computer

If this is 1st stop you seen this stop error screen, restart. If it appears again, follow these steps:

Check to be sure u have adequate disk space (i do). If a driver is identified in the stop message (there was no driver identified), disable or check with manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. IF you need to use safe mode to remove or diable components, restart your comp, press F8 to select advanced startup options, and select safe mode.

Technical info:

*** Stop: 0x0000008E (0xc0000005, 0x82BAE31F, 0xEEED098C, 0x00000000

Beginning dump of physical memory
Physical memory dup complete.
Contact your system admin or technical support group for further assistance."

So ive done the killbox part but couldnt do a HJT AVG or comboscan in normal mode.

What else should I do?

I just made killbox delete all those files again and when I click yes for reboot I got this message named PEndingFileRenameOperations. The contents were:

"PendingFileRenameOperations Registry Data has been Removed by External Process"

 

[momok]

Hi,

In that case could you post your logs from safe mode?
I cannot be sure if that problem is strictly malware related. Could be some other problem. But I'll take a look at your logs just to be sure (will also PM Howard on this)


Regards,
Your friendly Momok =)

This thread is for the use of elementofice only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[elementofice]

Here u go. HJT and avg antispyware logs in safe mode. Comboscan log in safe mode is attached in the first post of this thread

 

[momok]

Hi,

Please post a fresh ComboFix log after the killbox removal.
Your other logs look clean.

I've messaged Howard, and we'll wait for him to see what he can do for your problem.


Regards,
Your friendly Momok =)

This thread is for the use of elementofice only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[elementofice]

k heres the combofix

 

[howard_hopkinso]

All your logfiles are clean.

Go and read this thread HERE and see if it helps you to identify the culprit. If it doesn`t, please attach 5 or 6 of your latest minidumps here.

Regards Howard