Help!

[batchmister1]

When my computer is on it switches from the normal screen display settings to 4bit 640 by 480 settings. This change causes the computer to reset most of the time. I get prompted to reset. The error message says that the proper display settings will be restored, however the computer still reverts back to the 4bit 640 by 480 settings.

I used to have this problem before but I reformatted my hard drive and didn't have it anymore. I realized today that I downloaded a virus from a website that I had been visiting. I visited the site on Friday and had the same problem. Right after I visit the site the computer starts going slow. Music playback and video playback are slow and choppy. Then the screen changes to 4bit 640 by 480 settings. It tries to say there is something wrong with my video card but I know that's wrong. The problem gets so bad that when I boot up, I am prompted for a proper boot device or media. I have to use my Windows XP disc to boot. Sometimes it says that I can't reboot. Most of the time I shutdown when I see the message, reboot and Windows works just fine. When the computer is on I may or may not have to deal with the 4bit 640 by 480 settings. But right after I visit the website I definitely do.

I tried scanning with Norton AV, MalwareBytes, & SuperAntiSpyware. All came up with nothing.

I also get these error messages:

Error loading Operating Sytstem.

And the error message that comes up (sometimes) when the screen switches to 4bit 640 by 480 is:

the G400D display driver has stopped running normally. Save your work and reboot the system to restore full display functionality. The next time you reboot the machine a dialog will be displayed giving you a chance to upload data about the failure to Microsoft.


Note: I did try updating the drivers once, to know avail.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 20:59:51.50 on Wed 06/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.285 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.google.com/accounts/Serv...t&ltmplcache=2
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: FlashCatchBHO Class: {88618a96-6d8a-42e7-b932-9073d5b2080f} - c:\program files\flashcatch\flashcatch.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: FlashCatch: {10cecf4f-a96e-4803-8ac2-f565fb29ff47} - c:\program files\flashcatch\flashcatch.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MAFWTaskbarApp] c:\windows\system32\MAFWTray.exe
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link rangebooster n dwa-542\wirelesscm.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240969679988
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ln3prcgg.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?shva=1#inbox|http://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1
FF - component: c:\program files\flashcatch\firefox\components\FlashCatch.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-4-28 16384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-8 308936]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2002-8-19 116336]
R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2002-7-25 35552]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2009-5-9 27328]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090603.004\NAVENG.Sys [2009-6-3 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090603.004\NavEx15.Sys [2009-6-3 876144]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2002-7-25 235744]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-4-28 54432]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\nbservice.exe --> c:\program files\common files\nero\nero backitup 4\NBService.exe [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-19 63176]

=============== Created Last 30 ================

2009-06-03 18:18 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 09:40 208,744 a------- c:\windows\system32\muweb.dll
2009-06-03 09:40 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-03 09:40 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-02 14:16 64,254,867 a------- C:\Synth Pads.zip
2009-05-28 14:55 <DIR> --d----- c:\windows\system32\scripting
2009-05-28 14:55 <DIR> --d----- c:\windows\l2schemas
2009-05-28 14:54 <DIR> --d----- c:\windows\system32\en
2009-05-28 14:54 <DIR> --d----- c:\windows\system32\bits
2009-05-28 14:50 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-28 14:47 <DIR> --d----- c:\windows\network diagnostic
2009-05-28 14:44 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-05-26 11:49 <DIR> --d----- c:\program files\NCH Software
2009-05-26 11:48 <DIR> --d----- c:\program files\NCH Swift Sound
2009-05-25 09:05 <DIR> --d----- c:\program files\common files\xing shared
2009-05-25 09:04 <DIR> --d----- c:\program files\common files\Real
2009-05-24 23:42 69 a------- c:\windows\NeroDigital.ini
2009-05-23 14:48 <DIR> --d----- c:\windows\RegisteredPackages
2009-05-22 08:05 135 a------- C:\drmHeader.bin
2009-05-17 08:04 <DIR> --d----- c:\program files\PhotoScape
2009-05-12 23:55 <DIR> --d----- c:\program files\common files\wsm
2009-05-12 23:55 <DIR> --d----- c:\program files\Kate's Video Joiner
2009-05-12 13:46 37,201 a------- c:\documents and settings\administrator\Synth Pads.zip
2009-05-12 13:46 86,568 a------- c:\documents and settings\administrator\Synth Brass.zip
2009-05-12 13:46 95,280 a------- c:\documents and settings\administrator\Synth Leads.zip
2009-05-12 13:46 189,658 a------- c:\documents and settings\administrator\Synth Bass.zip
2009-05-11 23:41 <DIR> --d----- c:\windows\system32\KB905474
2009-05-09 06:01 27,328 a------- c:\windows\system32\drivers\iLokDrvr.sys
2009-05-07 08:33 223,128 a------- c:\windows\system32\drivers\vaxscsi.sys
2009-05-07 08:33 <DIR> --d----- c:\program files\Alcohol Soft
2009-05-06 18:32 642,560 a------- c:\windows\system32\drivers\sptd.sys
2009-05-06 18:32 96,256 a------- c:\windows\system32\drivers\sptd9485.sys
2009-05-05 21:42 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-05 14:25 <DIR> --d----- c:\program files\FlashCatch
2009-05-05 14:20 <DIR> --d----- c:\program files\MSXML 4.0

==================== Find3M ====================

2009-06-02 14:15 25,611,277 a------- C:\Synth Leads.zip
2009-05-28 16:24 98,304 a------- c:\windows\DUMP610b.tmp
2009-05-28 16:21 98,304 a------- c:\windows\DUMP5e7b.tmp
2009-05-28 14:59 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-26 14:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 14:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-25 09:04 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-25 09:04 348,160 a------- c:\windows\system32\msvcr71.dll
2009-05-25 07:00 2,608 a------- c:\windows\system32\d3d9caps.dat
2009-05-24 02:18 98,304 a------- c:\windows\DUMP5b7d.tmp
2009-05-06 01:51 90,112 a------- c:\windows\DUMP57f3.tmp
2009-04-28 19:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-28 14:42 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-15 13:25 129,784 -------- c:\windows\system32\pxafs.dll
2009-04-15 13:25 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-04-15 13:25 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-04-15 13:25 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-04-15 13:25 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 13:25 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 13:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 13:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 13:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 13:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 13:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 13:24 684,032 a------- c:\windows\system32\DivX.dll
2009-03-08 05:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 05:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 05:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 05:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 05:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 05:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 05:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 05:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 05:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 05:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll

============= FINISH: 21:00:33.95 ===============

[batchmister1]

still need help.

[Ried]

Hello batchmister1,

It could very well be OS issues.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on combofix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.