[CouchPotatoGuy]

Hello,

I was told to repost in this forum for a better answer. Basically I have a laptop with Windows Vista. I installed a program from an unknown publisher (yes, I'm that stupid). Afterward, I uninstalled the program but problems only got worse. First, internet explorer wouldn't reopen after closing it. Logging off and then back on didn't fix the problem. I also kept getting error messages regarding adobe reader. I uninstalled the program but still no solution. I was about to uninstall Internet explorer but I wanted to restart the computer to make sure it wasn't fixable in that way.

After restarting, I went to log on and got the blue screen error (blue screen of death). It restarted and I chose safe mode this time. With "safe mode with networking", I'm able to use most programs (including IE) just fine. I ran a McAfee scan on my computer. It detected and fixed one problem. But my computer still only worked on safe mode. I tried the free internet scan on "Trend Micro"s website. It turned up results in the scan but had difficulty retrieving info on how to remove it (maybe b/c of safe mode, but maybe b/c of a virus). I researched more trying to find a virus scan that works in safe mode. I re-scanned with "Avira AntiVir" (which works in safe mode) but it turned up no results.

I also have uninstalled all the programs I installed around the time of the BSOD problem through "Control Panel --> Programs and Features". Not only that, I've tried using system restore. However, the restore point is long before the time this problems started occuring. Also, the computer had to restart to finish the restore. When it did, it said the restore was unsuccessful.

I haven't tried "rolling back the drivers" or anything else that some websites recommend when you see a blue screen of death because I don't think those are the causes. I think it has something to do with that unknown publisher's program. That's exactly the time problems started occurring.

I've also run a hijack this scan and the results should be attached. Any help is greatly appreciated. (I also apologize if I had terrible grammar above. It's late and I've been working on this for a while ).

-CouchPotatoGuy

[CouchPotatoGuy]

So just to clarify (I know it might be hard to read what I was trying to say), I think I have a virus, but I haven't been able to use any good virus scans that detect malware because I can only access my computer through safe mode. I used AntiVir (which has the benefit of working in safe mode) but it didn't turn up anything. If anyone knows any malware scanning software that's really good and works in safe mode, please suggest it.

Thanks

[CouchPotatoGuy]

Not being impatient. I just found a way to capture more useful information that will hopefully make it easier to solve. I was able to stop the blue screen from flashing away before I could read the info. I snapped a picure of it and it can be found HERE. The relevant info (I think) is down below. It says:

Technical Information:

*** Stop: 0x0000008E (0xc0000005, 0x94c42B4B, 0x8A164FE0, 0x00000000)

-CouchPotatoGuy

[CouchPotatoGuy]

Bump

[CouchPotatoGuy]

Bump

[CouchPotatoGuy]

Bump

[CouchPotatoGuy]

Bump

[CouchPotatoGuy]

Bump

[muppy03]

Hello and welcome to TSG

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-

• Continue to respond to this thread until I give you the All Clean!
• Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
• Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
• Please follow all instructions in the order posted.
• If you have any questions or do not understand instructions, please ask before continuing.
• Please reply to this thread. Do not start a new topic.

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

• R3 - URLSearchHook: (no name) - - (no file)
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.2.cab
  O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{114F5C11-9BDC-4C18-8385-68D5B3C14B77}: NameServer = 85.255.112.147,85.255.112.103
  O17 - HKLM\System\CCS\Services\Tcpip\..\{5FE3EEAA-32EE-4018-BAA4-72E385CA0165}: NameServer = 85.255.112.147,85.255.112.103
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.147,85.255.112.103
  O17 - HKLM\System\CS1\Services\Tcpip\..\{114F5C11-9BDC-4C18-8385-68D5B3C14B77}: NameServer = 85.255.112.147,85.255.112.103
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.147,85.255.112.103

Once selected close all windows except HJT an click on Fix Checked

See if you can now BOOT in Normal Mode

Please download Malwarebytes' Anti-Malware and save to your desktop. When saving RENAME to muppy.exe.

• Double-click muppy.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  
  Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
  
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  
  Note:
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Please reply with:-

• MBAM log
• New HJT log

[CouchPotatoGuy]

I did everything up to "boot in normal mode". After clicking "fix checked" and restarting, I was unable to login without the blue screen popping up again. I still was able to install MBAM. But it doesn't run in safe mode. I do apologize. I accidentally installed another program that I thought was MBAM but instead was just a popup. Attached is my new HiJackThis log.

[muppy03]

Did you rename MBAM?

[CouchPotatoGuy]

Yes, I renamed the installer "muppy.exe".

[muppy03]

Download and Run: RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[CouchPotatoGuy]

Both of the requested documents are attached.

[muppy03]

Quote:

I installed a program from an unknown publisher (yes, I'm that stupid). Afterward, I uninstalled the program but problems only got worse.

What Program was it please?

Do you know what these are?

• C:\Program Files\Causes
  C:\Program Files\African Safari

Double check MBAM was renamed and try to run again make sure you right click and choose run as administrator

If no luck please run GMER

• Download GMER by GMER from one of the links below:
  Link1
  Link2
• Unzip it to a folder on your desktop
• Double click on gmer.exe to launch GMER
• If asked, allow the gmer.sys driver load
• If it warns you about rootkit activity and asks if you want to run scan, click OK
• If you don't get a warning then
  • Click the rootkit tab
  • Click Scan
• Once the scan has finished, click copy
• Paste the log into notepad using Ctrl+V
• Save it to your desktop as gmerrk.txt
• Click on the >>> tab
• This will open up the rest of the tabs for you
• Click on the Autostart tab
• Click on Scan
• Once the scan has finished, click copy
• Paste the log into notepad using Ctrl+V
• Save it to your desktop as gmerautos.txt
• Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic

Please reply with:-

• MBAM log
• 2 x GMER Logs