Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what is wrong


  • This topic is locked This topic is locked
9 replies to this topic

#1 lazzeraith

lazzeraith

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 19 September 2010 - 12:34 PM

Hello, working on a friends system trying to clean it up. Ran into a problem.

Thanks for any help.

Ok, took the HD out and put it in another system and scanned it with Malwarebytes Anti-Malware. Cleaned 2 infections.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4667

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/22/2010 8:50:17 AM
mbam-log-2010-09-22 (08-50-17).txt

Scan type: Full scan (E:\|)
Objects scanned: 238300
Time elapsed: 3 hour(s), 25 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\faxpserv.dll (Trojan.PWS.Gen) -> Quarantined and deleted successfully.


Put it back into original system, now when you try to login the system locks when you try to type in password. ran chkdsk c: /p under recovery console, messaged that it had found one or more errors. Still locks up when using keyboard at login.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 23 September 2010 - 08:40 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:47 AM

Posted 26 September 2010 - 07:00 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:47 AM

Posted 01 October 2010 - 06:20 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:47 AM

Posted 03 October 2010 - 08:30 AM

Reopened at user's request

-----------------------------------------

Please give a description of the situation on the PC on behalf of those that would like to follow this thread. smile.gif
Posted Image
m0le is a proud member of UNITE

#5 lazzeraith

lazzeraith
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 03 October 2010 - 02:06 PM

Heya, been working on the system, probaly should of got back sooner but been a mess here. Anyways got some stuff cleaned up in safe mode, but when I tried to log back in regularly I kept locking up at the login screen and now have this...

I just did a repair using an XP Home SP2 cd on a system with SP3, now when I get to the login screen it says I need to activate windows before I can login to this account. When I click ok to activate it sits for a little bit then I get an error message Microsoft Feeds Synchronization has encountered a problem and needs to close. I click on the Send Error report and it does it's thing and then I click close the error report screen closes and that is it, nothing happens after. It is hooked up on a internet capable network, actually was connecting in safe mode before the repair. Now it says need to start internet connection after it has been saying the error report has been sent.


Error signature

AppName: msfeedssync.exe AppVer: 8.0.6001.18702 ModName: user32.dll
ModVer: 5.1.2600.2180 Offset: 0000bbcd

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:47 AM

Posted 03 October 2010 - 05:04 PM

Sorry, if I'm misunderstanding but have you got a repair disk for this machine?
Posted Image
m0le is a proud member of UNITE

#7 lazzeraith

lazzeraith
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 October 2010 - 11:14 AM

I used my cd to try and repair it. I don't have the one that came with the system

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:47 AM

Posted 04 October 2010 - 04:34 PM

Okay, I see. You used a SP2 disk to attempt a fix with a SP3 PC.

Let's see if we can boot this machine

Download http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/rst.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located at sdb1 named enum.log
  • Plug that USB back into the clean computer and open it

Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.

Please also note - all text entries are case sensitive

Copy and paste the enum.log for my review
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:47 AM

Posted 06 October 2010 - 06:20 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:47 AM

Posted 07 October 2010 - 06:47 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users