This is my parents computer that I was trying to fix up for them. It got to a point where blue screens were showing up for them and they couldn't get into the computer from start up because of them. I took the laptop, ran Hiren's boot, saved what they wanted saved, then accessed the recovery and repartitioned and did a reinstall. First saw problems when I had to force the computer off after the initial Windows setup (was just a black screen). I had opened the computer to clean it and reapply thermal paste since it was running hot and thought it was a problem with reassembly but it's working fine now. Turned it back on and got it to the desktop. The screen after a few minutes will suddenly have red and black striations on the screen. It rebooted itself after a few minutes. Tried again and it did that then changed to a series of multicolored squares. Rebooted again by itself and started in safe mode. Works fine in safe mode. Been on it for the last few hours. It doesn't seem to be hardware at this point so I believe it is a virus. Any help would be appreciated. Also I have a picture of the screen when it went multicolored squares if you would like to see that. DDS is run from safe mode since screen doesn't last long in normal mode. I can reattempt the scan in normal mode if need be. Thank you.
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6000.16386
Run by Reed Family at 7:32:14 on 2015-06-07
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1541 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: <No Name>: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBHO.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: VeriSoft Access Manager: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: Show Norton Toolbar: {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840} : DHCPNameServer = 192.168.1.254
AppInit_DLLs= APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
S2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070108.003\IDSvix86.sys [2007-6-19 212280]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-19 1174664]
.
=============== Created Last 30 ================
.
2015-06-07 14:30:07 -------- d-----w- c:\users\reed family\appdata\local\OCCT_-_Ocbase_-_Adrien_Me
2015-06-07 14:25:59 -------- d-----w- c:\program files\OCCTPT
2015-06-07 14:18:17 -------- d-----w- c:\windows\system32\directx
2015-06-07 08:25:09 -------- d-----w- c:\users\reed family\appdata\local\QuickPlay
2015-06-07 08:24:48 -------- d-----w- c:\users\reed family\Bluetooth Software
2015-06-07 08:23:18 229376 ----a-w- c:\windows\system32\BtwRSupport.dll
2015-06-07 08:23:11 -------- d-----w- c:\windows\system32\es-MX
2015-06-07 08:23:11 -------- d-----w- c:\windows\system32\es-AR
2015-06-07 08:23:10 -------- d-----w- c:\program files\WIDCOMM
2015-06-07 08:22:35 -------- d-----w- c:\users\reed family\appdata\local\VirtualStore
2015-06-07 08:22:18 -------- d-----w- c:\program files\Bioscrypt
2015-06-07 08:22:13 339968 ----a-r- c:\windows\system32\msvcr70.dll
2015-06-07 08:21:52 -------- d-----w- c:\program files\Fingerprint Sensor
2015-06-07 08:10:17 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 7:32:33.70 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2007 8:00:28 PM
System Uptime: 6/7/2015 7:04:56 AM (0 hours ago)
.
Motherboard: Quanta | | 30CB
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 85 GiB total, 66.151 GiB free.
D: is FIXED (NTFS) - 93 GiB total, 93.068 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1.287 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP58: 6/7/2015 1:20:57 AM - First_User_Boot
RP59: 6/7/2015 1:21:59 AM - Device Driver Package Install: AuthenTec, Inc. Personal identification devices
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Reader 8
AppCore
AuthenTec Fingerprint Sensor Minimum Install
AV
ccCommon
ESU for Microsoft Vista
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0056
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Java(TM) SE Runtime Environment 6
LightScribe 1.4.136.1
LiveUpdate 3.2 (Symantec Corporation)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
MSCU for Microsoft Vista
MSRedist
muvee autoProducer 6.0
My HP Games
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
OCCT 4.4.1
PSSWCORE
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
VeriSoft Access Manager
Vongo
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
6/7/2015 7:06:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl spldr SRTSPX Wanarpv6
6/7/2015 7:06:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/7/2015 7:06:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/7/2015 7:06:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/7/2015 7:06:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/7/2015 7:06:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/7/2015 7:05:46 AM, Error: EventLog [6008] - The previous system shutdown at 5:21:37 AM on 6/7/2015 was unexpected.
6/7/2015 5:20:34 AM, Error: EventLog [6008] - The previous system shutdown at 5:16:50 AM on 6/7/2015 was unexpected.
6/7/2015 5:16:16 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/7/2015 5:14:50 AM, Error: EventLog [6008] - The previous system shutdown at 1:24:58 AM on 6/7/2015 was unexpected.
.
==== End Of File ===========================