Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Screen issues in normal mode but not elsewhere

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Screen issues in normal mode but not elsewhere

Unread postby greensmurfet » June 7th, 2015, 5:25 pm

Hi,

This is my parents computer that I was trying to fix up for them. It got to a point where blue screens were showing up for them and they couldn't get into the computer from start up because of them. I took the laptop, ran Hiren's boot, saved what they wanted saved, then accessed the recovery and repartitioned and did a reinstall. First saw problems when I had to force the computer off after the initial Windows setup (was just a black screen). I had opened the computer to clean it and reapply thermal paste since it was running hot and thought it was a problem with reassembly but it's working fine now. Turned it back on and got it to the desktop. The screen after a few minutes will suddenly have red and black striations on the screen. It rebooted itself after a few minutes. Tried again and it did that then changed to a series of multicolored squares. Rebooted again by itself and started in safe mode. Works fine in safe mode. Been on it for the last few hours. It doesn't seem to be hardware at this point so I believe it is a virus. Any help would be appreciated. Also I have a picture of the screen when it went multicolored squares if you would like to see that. DDS is run from safe mode since screen doesn't last long in normal mode. I can reattempt the scan in normal mode if need be. Thank you.


DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6000.16386
Run by Reed Family at 7:32:14 on 2015-06-07
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1541 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: <No Name>: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBHO.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: VeriSoft Access Manager: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: Show Norton Toolbar: {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840} : DHCPNameServer = 192.168.1.254
AppInit_DLLs= APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
S2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070108.003\IDSvix86.sys [2007-6-19 212280]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-19 1174664]
.
=============== Created Last 30 ================
.
2015-06-07 14:30:07 -------- d-----w- c:\users\reed family\appdata\local\OCCT_-_Ocbase_-_Adrien_Me
2015-06-07 14:25:59 -------- d-----w- c:\program files\OCCTPT
2015-06-07 14:18:17 -------- d-----w- c:\windows\system32\directx
2015-06-07 08:25:09 -------- d-----w- c:\users\reed family\appdata\local\QuickPlay
2015-06-07 08:24:48 -------- d-----w- c:\users\reed family\Bluetooth Software
2015-06-07 08:23:18 229376 ----a-w- c:\windows\system32\BtwRSupport.dll
2015-06-07 08:23:11 -------- d-----w- c:\windows\system32\es-MX
2015-06-07 08:23:11 -------- d-----w- c:\windows\system32\es-AR
2015-06-07 08:23:10 -------- d-----w- c:\program files\WIDCOMM
2015-06-07 08:22:35 -------- d-----w- c:\users\reed family\appdata\local\VirtualStore
2015-06-07 08:22:18 -------- d-----w- c:\program files\Bioscrypt
2015-06-07 08:22:13 339968 ----a-r- c:\windows\system32\msvcr70.dll
2015-06-07 08:21:52 -------- d-----w- c:\program files\Fingerprint Sensor
2015-06-07 08:10:17 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 7:32:33.70 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2007 8:00:28 PM
System Uptime: 6/7/2015 7:04:56 AM (0 hours ago)
.
Motherboard: Quanta | | 30CB
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 85 GiB total, 66.151 GiB free.
D: is FIXED (NTFS) - 93 GiB total, 93.068 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1.287 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP58: 6/7/2015 1:20:57 AM - First_User_Boot
RP59: 6/7/2015 1:21:59 AM - Device Driver Package Install: AuthenTec, Inc. Personal identification devices
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Reader 8
AppCore
AuthenTec Fingerprint Sensor Minimum Install
AV
ccCommon
ESU for Microsoft Vista
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0056
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Java(TM) SE Runtime Environment 6
LightScribe 1.4.136.1
LiveUpdate 3.2 (Symantec Corporation)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
MSCU for Microsoft Vista
MSRedist
muvee autoProducer 6.0
My HP Games
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
OCCT 4.4.1
PSSWCORE
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
VeriSoft Access Manager
Vongo
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
6/7/2015 7:06:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl spldr SRTSPX Wanarpv6
6/7/2015 7:06:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/7/2015 7:06:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/7/2015 7:06:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/7/2015 7:06:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/7/2015 7:06:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/7/2015 7:05:46 AM, Error: EventLog [6008] - The previous system shutdown at 5:21:37 AM on 6/7/2015 was unexpected.
6/7/2015 5:20:34 AM, Error: EventLog [6008] - The previous system shutdown at 5:16:50 AM on 6/7/2015 was unexpected.
6/7/2015 5:16:16 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/7/2015 5:14:50 AM, Error: EventLog [6008] - The previous system shutdown at 1:24:58 AM on 6/7/2015 was unexpected.
.
==== End Of File ===========================
greensmurfet
Active Member
 
Posts: 2
Joined: June 7th, 2015, 10:40 am
Advertisement
Register to Remove

Re: Screen issues in normal mode but not elsewhere

Unread postby Gary R » June 8th, 2015, 1:11 am

Sounds more like a video driver problem than malware.

The reason you don't have the problem when booted into Safe Mode is that in Safe Mode Windows uses the generic Video Driver that comes with Windows (hence the very basic image quality when booted into Safe Mode), whereas in Normal Mode it uses the Video Driver that is specific to your computer build (which is why when it works, the image quality is usually better when booted into Normal Mode).

This forum specialises in malware removal, and from what I can see of your logs, there's no obvious signs of Malware, and your symptoms are not Malware specific.

Because of this, I recommend you try one of the following forums, where they deal with hardware and driver issues, and where you're more likely to get your problem resolved.

http://www.bleepingcomputer.com/forums/ ... -hardware/
http://forums.whatthetech.com/index.php ... wforum=126
http://www.geekstogo.com/forum/forum/9- ... ripherals/

The sites above are in no order of preference, and the quality of help at each is generally very good.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Screen issues in normal mode but not elsewhere

Unread postby greensmurfet » June 8th, 2015, 8:46 pm

Thanks for the help. I was starting to think it was a software issue after some other tests I did on it. I'll look at the sites you recommended. Thanks again.
greensmurfet
Active Member
 
Posts: 2
Joined: June 7th, 2015, 10:40 am

Re: Screen issues in normal mode but not elsewhere

Unread postby Gary R » June 9th, 2015, 1:17 am

You're welcome. Hope they're able to help you get your problems solved.

Good luck :)

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware