Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SDFIx


  • Please log in to reply
4 replies to this topic

#1 Glasgow1

Glasgow1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 30 June 2009 - 06:48 PM

Hi,

I can't use any web search engine on my laptop , it returns a blank white screen. After searching I found tut to running SDfix then post log..

SDFIX runs till it reboots, reboot starts SDFIX again stating finishing Malware checks, then Final check Running catchme at that I get BSOD stating BAD_ROOT_HEADER it all happens very quick and is stuck in a constant loop now??

XP home
Service pack 3

Glas

Edited by The weatherman, 30 June 2009 - 07:02 PM.
Moved from hjt to a more appropriate forum. Tw


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:45 AM

Posted 01 July 2009 - 01:41 PM

SDFix has not been updated in a long time and the developer is not available at the moment to investigate issues where the tool is not completing its scan.

Try something else.

Please download Malwarebytes Anti-Malware (v1.38) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- If Malwarebytes Anti-Malware results in any error messages, please refer to Fixes for common problems and Error Codes. Some issues with errors can be related to malware infection but others are not.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Glasgow1

Glasgow1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 01 July 2009 - 04:48 PM

THx for reply.. when I double click it, nothing happens, it does appear in Task manager under processes but, nowhere else?

Glas

#4 Glasgow1

Glasgow1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 01 July 2009 - 06:25 PM

managed to get SDfix to finish in safe mode by running Bat file again and press F at option.. here is the report.txt file

SDFix: Version 1.240
Run by Administrator on 30/06/2009 at 23:41

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDfix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\seekmo\bin\10.0.424.0\arrow.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\copyright.txt - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\link.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\install.rdf - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\components\npclntax.xpt - Deleted



Folder C:\Program Files\seekmo - Removed


Removing Temp Files

ADS Check :


Checking Files :

Trojan Files Found:

C:\Program Files\seekmo\bin\10.0.424.0\arrow.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\copyright.txt - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\link.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\install.rdf - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\components\npclntax.xpt - Deleted





Removing Temp Files

ADS Check :


Checking Files :

Trojan Files Found:

C:\Program Files\seekmo\bin\10.0.424.0\arrow.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\copyright.txt - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\link.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\install.rdf - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\components\npclntax.xpt - Deleted





Removing Temp Files

ADS Check :


Checking Files :

Trojan Files Found:

C:\Program Files\seekmo\bin\10.0.424.0\arrow.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\copyright.txt - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\link.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\install.rdf - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\components\npclntax.xpt - Deleted





Removing Temp Files

ADS Check :


Checking Files :

Trojan Files Found:

C:\Program Files\seekmo\bin\10.0.424.0\arrow.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\copyright.txt - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\link.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\install.rdf - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\components\npclntax.xpt - Deleted





Removing Temp Files

ADS Check :


Checking Files :

Trojan Files Found:

C:\Program Files\seekmo\bin\10.0.424.0\arrow.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\copyright.txt - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\link.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\install.rdf - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\components\npclntax.xpt - Deleted





Removing Temp Files

ADS Check :


Checking Files :

Trojan Files Found:

C:\Program Files\seekmo\bin\10.0.424.0\arrow.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\copyright.txt - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\link.ico - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\install.rdf - Deleted
C:\Program Files\seekmo\bin\10.0.424.0\firefox\extensions\components\npclntax.xpt - Deleted





Removing Temp Files

ADS Check :


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 00:13:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 1381
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 1381
disk error: C:\Documents and Settings\FIONA\ntuser.dat, 1381
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 22 Jun 2009 292,368 A..H. --- "C:\WINDOWS\sysguard.exe"
Mon 25 Sep 2006 1,125,376 A..H. --- "C:\My Games\AquaPark\Aquapark.exe"
Mon 6 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 16 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Thu 8 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"
Mon 22 Jun 2009 292,368 A..H. --- "C:\Documents and Settings\FIONA\Local Settings\Temp\c.exe"
Mon 22 Jun 2009 0 A..H. --- "C:\Documents and Settings\FIONA\Local Settings\Temp\e.exe"
Thu 25 Jul 2002 346,602 A..HR --- "C:\Documents and Settings\FIONA\Local Settings\Temp\IEC5.tmp"
Thu 4 Aug 2005 0 A..H. --- "C:\Documents and Settings\FIONA\Local Settings\Temp\WanadooInstallationComplete.tmp"
Tue 9 Dec 2008 960,960 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42ca0b34781bca756130532c6b42000f\BIT6.tmp"
Fri 6 Mar 2009 856,008 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\68e0c5b2c4c759ac71859e06e602bdfe\BIT85.tmp"
Mon 12 Jan 2009 7,588,752 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\76a3503dd881401113089be74461f07d\BIT7.tmp"
Tue 13 Jan 2009 7,771,584 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9de4903f01b4008e08b567e41ba8107e\BIT8.tmp"
Thu 16 Nov 2006 4,348 A..H. --- "C:\Documents and Settings\FIONA\My Documents\My Music\License Backup\drmv1key.bak"
Sun 24 Dec 2006 20 A..H. --- "C:\Documents and Settings\FIONA\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 11 Dec 2005 312 A.SH. --- "C:\Documents and Settings\FIONA\My Documents\My Music\License Backup\drmv2key.bak"

Finished!

Still getting blank white screen when using any search engine

Thx in advance

Edited by Glasgow1, 01 July 2009 - 06:29 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:45 AM

Posted 01 July 2009 - 09:27 PM

Your machine is still infected. Please continue with the instructions I provided for scanning with MBAM.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users