xdeadlockxfan
Posts: 33 +0
Hi, I'm new here and I had to post because I'm still having issues with my computer after following this link:https://www.techspot.com/community/topics/updated-4-step-viruses-spyware-malware-removal-preliminary-instructions.58138/
I only downloaded the Malwarebytes' AntiMalware program and have a log below of the first scan. I also downloaded the GMER program and had issues with it. (This is the main reason why I'm posting here because the issue should be resolved after quarantining infected items but it is not; and GMER just unexpectedly shut down on me, and shut down my computer).
The Malware scan also told me (during the scanning process) that I had only 24 infected items; here in the log it does not say. I removed them and restarted my computer, but "Bad Image" pop-ups still appear!
The first two times using GMER in regular normal Windows Vista settings, I had a blue screen error and my computer unexpectedly shut down. After that, I switched to safe mode and tried GMER again, which gave me the log below.
I didn't do the DDS program yet because I wanted to get some input on the whole "Bad Image" issue, which started only last night after trying to open a few corrupted .pdf files, before going any further with diagnostics and repair.
Among the Bad Image issue, I have the google redirect issue, which I've seen quite a bit, and the .dll-program issue, which comes up in the same error message as the "Bad Image" thing.
I have a Windows Vista, Dell Inspiron 1501 Laptop, about four years old.
Here are the logs. Note, I only did AntiMalware and GMER only.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5298
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
12/11/2010 10:34:18 PM
mbam-log-2010-12-11 (22-34-18).txt
Scan type: Quick scan
Objects scanned: 156907
Time elapsed: 10 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-11 22:13:35
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL040D
Running: t8xihc4g.exe; Driver: C:\Users\Albert\AppData\Local\Temp\ugliqpow.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7402FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FFB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FEA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FECBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FE8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FFCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FE7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FE7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FE6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7407C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74007F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FE90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FF2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FF21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FF7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FF7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740283D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Here's the blue screen error details:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 50
BCP1: 87C00000
BCP2: 00000000
BCP3: A47A4EED
BCP4: 00000000
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\Mini121110-01.dmp
C:\Users\Albert\AppData\Local\Temp\WER-92453-0.sysdata.xml
C:\Users\Albert\AppData\Local\Temp\WER4992.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
-------------------
Even after the Malware scan and GMER, I still have the "Bad Image" pop-ups coming up. And I wanted some input on the GMER blue screen/shut down thing too. I can imagine it's also tied into the google redirects too- where I click a google link to a wikipedia page and it takes me to a "local" search page (like 7search or something).
Somebody please help me save my computer!
I only downloaded the Malwarebytes' AntiMalware program and have a log below of the first scan. I also downloaded the GMER program and had issues with it. (This is the main reason why I'm posting here because the issue should be resolved after quarantining infected items but it is not; and GMER just unexpectedly shut down on me, and shut down my computer).
The Malware scan also told me (during the scanning process) that I had only 24 infected items; here in the log it does not say. I removed them and restarted my computer, but "Bad Image" pop-ups still appear!
The first two times using GMER in regular normal Windows Vista settings, I had a blue screen error and my computer unexpectedly shut down. After that, I switched to safe mode and tried GMER again, which gave me the log below.
I didn't do the DDS program yet because I wanted to get some input on the whole "Bad Image" issue, which started only last night after trying to open a few corrupted .pdf files, before going any further with diagnostics and repair.
Among the Bad Image issue, I have the google redirect issue, which I've seen quite a bit, and the .dll-program issue, which comes up in the same error message as the "Bad Image" thing.
I have a Windows Vista, Dell Inspiron 1501 Laptop, about four years old.
Here are the logs. Note, I only did AntiMalware and GMER only.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5298
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
12/11/2010 10:34:18 PM
mbam-log-2010-12-11 (22-34-18).txt
Scan type: Quick scan
Objects scanned: 156907
Time elapsed: 10 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-11 22:13:35
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL040D
Running: t8xihc4g.exe; Driver: C:\Users\Albert\AppData\Local\Temp\ugliqpow.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7402FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FFB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FEA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FECBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FE8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FFCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FE7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FE7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FE6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7407C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74007F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FE90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FF2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FF21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FF7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FF7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740283D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Here's the blue screen error details:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 50
BCP1: 87C00000
BCP2: 00000000
BCP3: A47A4EED
BCP4: 00000000
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\Mini121110-01.dmp
C:\Users\Albert\AppData\Local\Temp\WER-92453-0.sysdata.xml
C:\Users\Albert\AppData\Local\Temp\WER4992.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
-------------------
Even after the Malware scan and GMER, I still have the "Bad Image" pop-ups coming up. And I wanted some input on the GMER blue screen/shut down thing too. I can imagine it's also tied into the google redirects too- where I click a google link to a wikipedia page and it takes me to a "local" search page (like 7search or something).
Somebody please help me save my computer!