[Inactive] Bizzare video problems

[petflunky]

Hi
Recently I had about 5 computers have the video go wonky on them, meaning it went from 1024 x 768 with 32 bit color to 640 x 480 with 4 bit color. Yes, 4 bit. Also, after a while I couldn't even login, because I was getting login errors, which unfortunately I had written down, but can't find my notes now. Basically, the login error had something to do with remote user accounts, but the user accounts are all local to the machine.

There had been some construction going on in the building where they were all placed, so even though 1 of the computers acted up a couple weeks before the rest, I figured it was due to the construction (multiple power outages, moving machines from office to office, etc).

So anyway, I ran antivirus first, and it found nothing. Then I took a couple of the machines and wiped the drives, to see if that made a difference. I used the built in software restore function. The 5 computers are all HP xw4600 workstations. No dice. The video problem was still there.

Next, I took a generic xp disk and installed it on the machine, and grabbed the drivers for the video card from the nvidia website. No dice, the problem still happened. When I wiped the drive, I included the "restore" portion of the hard drive, so there was nothing on it.

So, I began to think maybe the machines were damaged by a brownout or something, and replaced them for now, until I could get this figured out.

However, now I have a couple of HP laptops doing the exact same thing!

I'm stumped. I've googled it, and I can't find any logical reason for this to be happening. BTW, the laptops are HP 6710b, and a 6730b. Again, virtually identical.

Oh, another tidbit of information that may help. When logging onto the machine in safe mode, the video is fine. Only when doing a normal boot up does the problem happen.

Anybody have a clue??

Thanks!

[petflunky]

Here's the content of the error message one of the laptops is getting when I login.

Error signature: BCCode:10000007e BCP1:Coooooo5 BCP2 : F31DEEE9 BCP3: F78F2154 BCP4:F78F1E50 OSVer : 5_1_2600 SP: 3_0 Product : 256_1.

[Train]

This problem may occur if the computer is infected with a variant of the HaxDoor virus.
And see you have others infected now.

http://support.microsoft.com/kb/903251

or follow these instructions.
http://discussions.virtualdr.com/sho...d.php?t=167915

[petflunky]

Hi
Here's a copy of the malwarebytes log.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4874

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/18/2010 1:48:26 PM
mbam-log-2010-10-18 (13-48-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 257514
Time elapsed: 41 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I'm rerunning the gmer program, because I ran it in safe mode and it found nothing. I will post it later when it's done.

Just an FYI, before I thought about posting here, I an spybot and Ad Aware, and they both found stuff, but it didn't fix the problem (this is a different machine from the ones I originally listed).

I have more machines that just got infected. I am not a happy camper at this point. Bleh.

[petflunky]

Hi
Here's the gmer log. It took a while because the machine kept locking up. It finally got finished, though.

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-20 07:30:55
Windows 5.1.2600 Service Pack 3
Running: gmerh.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdipow.sys


---- System - GMER 1.0.15 ----

SSDT E41F4FC0 ZwConnectPort

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1852] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

[petflunky]

Hi again
Here's the dds log. Mods, please move this to the virus/malware section. I didn't realize it was a virus/malware problem when I posted.

Thanks


DDS (Ver_10-10-10.03) - NTFSx86
Run by Administrator at 7:51:33.00 on Wed 10/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.18 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [PTHOSTTR] c:\program files\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [LayoutM] KLayMgr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184608371656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {C548F035-6BD3-4A74-970D-1A462BD123F7} = 10.1.0.12,10.1.0.10
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\3vw9y0ea.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-16 476160]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-10-6 1275216]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101010.003\naveng.sys [2010-10-11 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101010.003\navex15.sys [2010-10-11 1371184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-14 133104]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-10-6 173392]

=============== Created Last 30 ================

2010-10-20 11:31:56 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2010-10-20 11:31:13 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-10-19 22:57:01 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
2010-10-19 15:23:20 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-10-19 15:20:54 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Identities
2010-10-19 15:20:28 -------- d-----w- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2010-10-19 15:20:18 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple Computer
2010-10-18 17:02:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-18 17:01:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-18 17:01:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-18 17:01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-15 15:53:44 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-10-15 15:53:34 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2010-10-15 15:02:44 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-14 19:29:58 -------- d-----w- c:\program files\Lavasoft
2010-10-14 19:19:45 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-14 12:12:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-13 20:44:21 -------- d-----w- c:\program files\common files\Windows Live
2010-10-13 20:20:45 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-13 20:19:52 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-13 20:18:04 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-13 20:18:04 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-13 20:18:03 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-13 20:18:03 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-13 20:18:02 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-13 20:18:02 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-13 20:18:02 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-13 20:18:02 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-13 20:18:00 -------- d-----w- C:\e7d36825a2d885c617c61902443c404c
2010-10-13 20:09:59 -------- d-----w- c:\windows\system32\GroupPolicy
2010-10-13 20:09:59 -------- d-----w- c:\program files\Windows Desktop Search
2010-10-13 20:08:15 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-10-13 20:08:15 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-10-13 20:08:15 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-10-13 18:53:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-13 18:53:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-12 21:38:31 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-12 21:38:30 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 21:38:30 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 21:38:07 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-09-24 17:12:27 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 7:53:01.12 ===============

[petflunky]

Oh, I forgot to mention that I still have the original video problem. Any ideas?

Thanks

[jdc2000]

That fact that the problem is spreading to other computers, including laptops that would not normally be affected by a power surge would seem to indicate malware.

However, a reformat should eliminate that, unless you either have a BIOS infection (unlikely), or the PC your reformatted and reinstalled Windows on was connected to your network that other infected computers on it, or your reinstallation media has malware on it.

At this point, I would try disconnecting one of the affected computers from all networks, and wiping the hard disk (use DBAN or something similar), and the reinstall Windows. If that does not cure the video issue, then it is likely a hardware problem on that computer. If the computers are all the same make and model, and are all about the same age, you may have a batch of motherboards with failing capacitors.

[Broni]

Is this a computer, which was freshly formatted?

[petflunky]

Hi
The logs posted are from a computer that was not recently reformatted. It seems that running Malwarebytes, gmer, and ad-aware cleaned the malware and viruses off of it. I've had another machine get infected, but I think I'm ahead of the curve now, so to speak. Hopefully this is the end of the problems.

That said, I did have one machine that was corrupted right after I did a restore (using the restore portion of the HD). After I totally wiped that drive, it seemed to be ok.

I'm still curious as to why the big signal that the machines are infected is the video going wonky. That's happened on every machine that has gotten infected.

[Broni]

I suggest, we run some further scans.
Let me know.

[petflunky]

Well, the machine that I posted the malwarebytes log and gmer log is back in service, and seems to be ok. I'm currently working on a couple others that have the same trouble. If you have suggestions on software to use for scanning, I'll try it on these machines and see what happens.

[Broni]

I can't really suggest much, since I have no idea what the problems are.
Surely, run full scan with your AV program and Malwarebytes.

You're always welcome to create new topic and post logs.

[petflunky]

Well, what's been suggested so far, has put several machines back into comission. So, a big thank you to all for that I have one machine left, that's being stubborn, so it might get wiped, and save me some hassle.

Thank You very much! You guys have been awesome!