First, please be advised that your problems don't appear as if they're an issue with malware.. Immediately after a reformat and reinstall, assuming you installed all appropriate drivers, etc., there should be NO issues at all. If there are, then it's not related to malware, it's a hardware issue.
But regarding the malware that was found, to make sure you've got it all...
On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:
Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware Manual Updater
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
Hope this helps.
Windows XP sp3 (don't know where to find version number)
Nvidia gforce 6800 series
asus p4s800 motherboard
soundmax intergrated sound card
intel pent4 3gig hyperthreader processor
linksys wireless-g pci adapter
Anyway for the last 2 weeks i have been fighting with bsod shutdown everytime i download, install, idling, in safe mode u name it it has happened then. They happen randomly and the stop errors are random also (i don't think they apply but i'll dig out my minidumps if they are needed later). I also had problems with windefender noticing changes in various programs. When I tried to download Avast antivirus, I clicked on download and I got a file to file download, instead of the normal Internet to file download. This made me worry , so I immediatly cancelled it. This is when I received the first lsass.exe error.
The lsass.exe error , where the window pops up with 60sec and ur computer is going to reboot. The error itself said:
The process winlogon.exe has initiated the restart of your computer for the following reason: No title of this reason can be found. Minor reason: 0x6. Shut down type: reboot. Comment: the system process c:\windows\system32\lsass.exe terminated unexpectly with the status code -1073741819. The system will now shut down and restart.
Everything I downloaded was corrupt or something in the programs failed to install, so I used flash drive and downloaded stuff I tried off of another computer. When I finally got my virus protection up, it keep having errors: !avast The AAVM subsystem detected an RPC error. The operation could not be completed. (This happened when I double clicked on the avast icon in bar on bottom of screen). Another Error with avast was: Error: Microsoft Visual C++ Runtime Library (header) RUN TIME ERROR: Program C:\program files\alwil software\avast4\ashWebsv.exe This application has request the runtime to terminate itself in an unusual way.
I reformatted 4 times. 2 times normal, once not hooked to internet, once using a different installation disk.
I swapped out hard drive, the ram, disabled video card to rule out device failure. All scans were coming up clean... chkdisk, avast, windefender, maleware, sopho antiroot, free online scans.
I was on the last straw. I was ready to give up and throw the darn thing away, it was getting worse and worse... so i chalked it up to motherboard failure, but i just didn't want to believe it. At this point i figured there was no hope and I know i shouldn't of done this without someone helping me out that was knowledgable, but at this point I didn't care if the computer didn't start up again. I downloaded ComboFix and ran that.
ComboFix quarantined 6 files:
When i saw this i searched the net and saw these , or at least the last 3, could be connected with vundo. Finally something that didn't point to hardware failure.
For the first time in 2 weeks. My computer stayed on all night with not one shutdown. So when I got up, I updated everything except windows on my computer. I ran Avast and it came up with:
C:\WINDOWS\MEMORY.DMP Infected: Win32: Downloader-GB, which i deleted because it would not let me put in chest for some reason, then i ran malewarebytes and nothing came up. I ran Avast one more time to be sure and it came up again. The same file, except this time it said it was affected with Win32:Zbot-AVH [trj] . Ran spybot s&d, nothing came up. Ran sopho rootkit: the only thing i got with this was a warning Error parsing raw registry hive s-1-5-18. Registry scan may not be supported on this version of windows. I ran RootKit revealer and i got alot of swearware registries on that. But from what i have read that is related to Combofix. (which i uninstalled using combofix \u in run command, so why are those still there?)
How can I be sure the threat , virus, worm whatever it is, is gone?
Reformatting never solved the problem before so please suggest something else. Whatever is on my computer somehow either survives reformat or attacks me as soon as it is done.