White screen blocks Windows 7, even while booting

AtheFU

Member
Joined
May 11, 2013
Posts
19
Location
AUT
Hi!

I got a PC which is causing me much trouble since mid December. Since then I get a mystical white screen, every time when i try to start the PC.

Every 30th to 50th time (I'm not exaggerating) it happens that it starts normally, sometimes twice in a row, but after that I must try it many times until it will start normally again. This can take up to an hour. And when the white screen is showing up I can't even see the boot screen.
Already after pressing the power button the white screen shows up, if not it will after waking up from the stand by mode.

The interesting thing is, that I can hear the windows start sound, so it seems like the white screen is like a wall and every thing behind the wall is working. I stumbled upon a virus names BKA Virus but I did nothing against it. The only thing that I've done is checking the hard drives with crystal disks. But the tool said that everything is fine. I also updated the GPU driver, I thought it might help, but it didn't.

I created the logs as you said in the instruction, I hope you can help me, you did it once a few months ago in this Thread (Windows 7 (Pro x86) will not update - 0x800B0100 & 8024200D), it's the same PC.

Thanks a lot!

Here are the Files:

checkup.txt:

Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 
View attachment attach dds.zip

Edit by Corine to paste logs.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by FXC at 17:31:37 on 2014-01-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3327.1634 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Fitbit\fitbit-tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\FXC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
uRun: [Fitbit Service Monitor] c:\program files\fitbit\fitbit-tray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN2AMBWH4905KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRunOnce: [Application Restart #3] c:\users\fxc\appdata\local\pokki\engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="c:\users\fxc\appdata\local\pokki\engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
uRunOnce: [Application Restart #2] c:\users\fxc\appdata\local\pokki\engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="c:\users\fxc\appdata\local\pokki\engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SAOB Monitor] c:\program files\acronis\trueimagehome\onlinebackupstandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
StartupFolder: c:\users\fxc\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\fxc\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{5550E90F-0743-4206-82CD-42D06EF643EC} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{BEB3DAD2-0AA2-4598-908C-ABA860511B3E} : DHCPNameServer = 10.0.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fxc\appdata\roaming\mozilla\firefox\profiles\ix1x1jze.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2013-12-18 1494304]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1404000.028\symds.sys [2013-6-17 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1404000.028\symefa.sys [2013-6-17 934488]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2013-7-9 752128]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.2.0.19\definitions\bashdefs\20131218.001\BHDrvx86.sys [2013-12-18 1098968]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1404000.028\ccsetx86.sys [2013-6-17 134744]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2009-8-6 13440]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.2.0.19\definitions\ipsdefs\20140106.001\IDSvix86.sys [2014-1-7 394456]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1404000.028\ironx86.sys [2013-6-17 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1404000.028\symnets.sys [2013-6-17 339544]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2013-7-9 3246040]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-12-18 14658848]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-5-6 3574624]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2013-7-9 167968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-20 108120]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2009-8-6 215168]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [2009-8-6 12288]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2009-8-6 321280]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2009-8-6 77056]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2009-8-6 396672]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2009-8-6 17920]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-18 34080]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Fitbit;Fitbit Data Uploader;c:\program files\fitbit\fitbit.exe [2013-5-7 773152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-5-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-17 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-17 14848]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2013-5-7 21992]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-17 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-5-6 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-01-04 17:12:01 -------- d-----w- c:\program files\CrystalDiskInfo
2014-01-04 17:11:39 -------- d-----w- c:\users\fxc\appdata\local\Programs
2013-12-18 12:49:32 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-12-18 12:49:32 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-12-18 12:49:31 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-12-18 12:48:53 -------- d-----w- c:\users\fxc\appdata\local\NVIDIA Corporation
2013-12-18 12:48:01 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2013-12-18 12:47:30 -------- d-----w- c:\users\fxc\appdata\local\NVIDIA
2013-12-18 12:45:23 982232 ----a-w- c:\windows\system32\nvspcap.dll
2013-12-18 12:38:31 -------- d-----w- C:\NVIDIA
2013-12-17 02:01:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-17 02:01:00 270848 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-12-17 02:01:00 251392 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-12-17 02:01:00 235216 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-12-15 07:09:10 806096 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-12-13 02:03:15 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-13 02:03:14 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2013-12-12 03:15:28 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-12 03:15:28 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 03:15:27 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-12 03:15:27 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 03:15:27 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 03:15:27 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 03:15:27 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 03:15:26 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-12 03:15:25 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 03:15:24 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 03:15:24 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 16:46:32 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-11 16:46:32 -------- d-----w- c:\program files\iTunes
2013-12-11 16:46:32 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2013-12-11 05:16:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 05:16:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-05 08:42:26 32544 ----a-w- c:\windows\system32\nvaudcap32v.dll
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-11 14:26:52 4321056 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 14:26:52 3036960 ----a-w- c:\windows\system32\nvsvc.dll
2013-11-11 14:26:50 664352 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 14:26:50 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 14:26:50 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-11-11 14:26:50 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 07:59:28 590112 ----a-w- c:\windows\system32\nvStreaming.exe
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
============= FINISH: 17:32:37.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2013-05-06 09:33:21
System Uptime: 2014-01-07 05:53:38 (12 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q-E
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | LGA 775 | 3003/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 388.749 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 270.863 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
M: is CDROM ()
Z: is FIXED (NTFS) - 466 GiB total, 124.095 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP114: 2014-01-07 07:57:48 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acronis*True*Image*Home 2011
Adobe Flash Player 11 Plugin
Adobe Photoshop Lightroom 5.2
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Cool & Quiet
CrystalDiskInfo 6.0.4
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Fitbit Base Station (Driver Removal)
Fitbit v2.1.0.9
GeForce Experience NvStream Client Components
GOG.com Downloader version 3.5.2
GOG.com Heroes of Might and Magic 3
Google Calendar Sync
Heroes of Might and Magic 3 Complete
HP FWUpdateEDO2
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
iCloud
iTunes
Java 7 Update 45
Java Auto Updater
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Movie Collector
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Norton Internet Security
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 331.82
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
TeamViewer 8
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VLC media player 2.0.6
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
2014-01-07 07:54:51, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2014-01-07 07:08:44, Error: Service Control Manager [7034] - The Fitbit Data Uploader service terminated unexpectedly. It has done this 1 time(s).
2014-01-04 18:09:52, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
.
==== End Of File ===========================
 
Last edited by a moderator:
Hi, AtheFU.

I edited your post to paste the logs. The text files were unreadable in the zip file.

I am not seeing in your logs that resembles the German BKA ransomware. However, let's see if Malwarebytes see something.

Please download Malwarebytes' Anti-Malware to your desktop from here.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    -- Update Malwarebytes' Anti-Malware and
    -- Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, check the following settings:
    -- On the Scanner tab, check Perform quick scan.
    -- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    MBAM_SR_zps573fd52e.jpg
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy/paste the contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
The restart was neither with quick scan, nor with full scan necessary.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
Malwarebytes : Free Anti-Malware

Database version: v2014.01.08.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
FXC :: FXC-PC [administrator]

Protection: Enabled

2014-01-08 18:05:40
mbam-log-2014-01-08 (18-05-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 216393
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Malwarebytes Anti-Malware (Trial) 1.75.0.1300
Malwarebytes : Free Anti-Malware

Database version: v2014.01.08.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
FXC :: FXC-PC [administrator]

Protection: Enabled

2014-01-08 18:05:40
mbam-log-2014-01-08 (18-05-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 216393
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Thank you for copy/pasting the log. All Malwarebytes found was a "PUP" -- Potentially Unwanted Program.

Not that I think it would be related to the white screen issue you've described, but let's see what AdwCleaner finds.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
 
Thank you so far for your help, I hope this is the File that you wanted.

It was necessary to reboot the PC once, but (luckily) it started normally.
There was no other reboot beside this one.



AdwCleaner[S0].txt


# AdwCleaner v3.016 - Report created 10/01/2014 at 19:18:35
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : FXC - FXC-PC
# Running from : C:\Users\FXC\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\FXC\AppData\Roaming\Mozilla\Firefox\Profiles\ix1x1jze.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1184 octets] - [10/01/2014 17:34:44]
AdwCleaner[S0].txt - [1115 octets] - [10/01/2014 19:18:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1175 octets] ##########





AdwCleaner[S0].txt

1 von 1
 
Just to be sure you understand, I am not seeing anything that I believe is related to a rogue-type ransomware trojan. What has been found is ad-ware and potentially unwanted programs. However, to be complete, let's get a second opinion from another antivirus program from the one you are using.

Please go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
 
I'll post the logs in a few hours.

Do you think the origin of this issue is a hardware problem?

The hardware isn't the newest, except for the HDDs, they are just a couple of months old, the rest is from 2009.

Just for the record:
Mainboard S-775 ASUS P5Q-E, ATX (90-MIB4J0-G0EAY00Z)
INTEL Core 2 Duo E8400, 2 x 3,00GHz (BX80570E8400)
DDR2-RAM KIT 4096 MB, PC2-800 MHz, CL5, CORSAIR (2x 2GB) (TWIN2X4096-6400C5)
PCI-E 2.0 EVGA e-GeForce 9800 GTX+, Retail, 512MB (512-P3-E879-AR)
 
Being almost 5 years old, yes, hardware could indeed be the problem. After we finish ensuring the system is clean, I'll have you explain the remaining issues in the Hardware forum where those experts can take a look.
 
Here is the logfile:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=29c4c7287a5fa14780803f33722323a9
# engine=16622
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-12 05:19:35
# local_time=2014-01-12 06:19:35 (+0100, W. Europe Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 93 2649327 152143760 0 0
# compatibility_mode=5893 16776574 100 94 15985872 141178366 0 0
# scanned=347721
# found=0
# cleaned=0
# scan_time=8336
 
Thank you for getting a "second opinion" from ESET, which appears to confirm that the problem you are having is not malware related.

1. You can go ahead and delete SecurityCheck from your desktop. However, note that tomorrow brings a massive Patch Tuesday with not only Microsoft Security Updates but also an important security update for Java.

2. Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

3. If you are still having problems with startup and the white screen, please describe the problem in the Hardware forum.
 
Thank you Corinne, I really appreciate your help!!

I'm a little bit impressed because the problem itself is just ...

long story short: the monitor is defect, thats why a white screen appears and why I still can hear the windows sound.

omg it's humiliating :D
 
It seemed to make sense that it was hardware related but there are so many types of malware, particularly ransomware, that it can be frustrating tracking down the source. Besides, as a bonus, we did a bit of cleanup of some adware/PUPs.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top