Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error Using Combofix


  • This topic is locked This topic is locked
No replies to this topic

#1 lovely lisa

lovely lisa

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 16 July 2007 - 04:49 PM

Hi all, i am getting a error message using combofix.exe the error message reads ""0x7c9111e0 referenced memory at 0x006c0079 could not be read""
i have no clue what this means maybe someone can give me a hand. Before running the combo fix i ran atf cleaner,ad-aware se, and super anti spyware then i ran a avg antivirus scan and then the combofix and then hijackthis, at the end (all was done in safe mode).i will post a logged file of the combofix to see if someone can help me out. Thanks.


"CraZy LoC" - 2007-07-16 17:36:43 - ComboFix 07-07-16.4 - Service Pack 2 NTFS [SAFE MODE]


((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))


2007-07-16 16:59 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-15 22:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 22:00 <DIR> d-------- C:\WINDOWS\pss
2007-07-15 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-15 20:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-15 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-15 15:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-15 13:36 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\Uniblue


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 21:51:13 -------- d-----w C:\Program Files\America Online 8.0
2007-07-06 03:32:33 -------- d-----w C:\Program Files\m.p3 Professional Edition
2007-07-06 02:43:43 -------- d-----w C:\Program Files\Corel
2007-07-06 02:41:54 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-06 02:24:39 -------- d-----w C:\DOCUME~1\CRAZYL~1\APPLIC~1\Corel
2007-06-29 15:39:27 -------- d-----w C:\Program Files\dl_Cats
2007-06-28 18:06:13 2,828 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-28 18:06:04 88 -csh--r C:\WINDOWS\system32\E01E9C7F70.sys
2007-05-24 19:01:38 -------- d-----w C:\Program Files\Dell
2007-05-24 18:31:32 -------- d-----w C:\DOCUME~1\CRAZYL~1\APPLIC~1\COMCASTTOOLBAR
2007-05-24 18:31:01 -------- d-----w C:\Program Files\ComcastToolbar
2007-05-24 18:06:15 -------- d-----w C:\Program Files\Common Files\Scanner
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 22:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-09-08 07:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2005-11-10 15:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-31 00:49 2403392 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
2006-11-17 13:46 98304 --a------ C:\Program Files\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 13:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 13:47]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 13:06 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 22:29]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-01-27 21:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-05 22:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 04:24]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 23:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-15 21:47]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL --a------ 2007-07-15 21:47 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

*Newly Created Service* - ASCTRM
*Newly Created Service* - MDMXSDK

**************************************************************************

catchme 0.3.1017 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 17:39:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"ProfileLoadTimeLow"=dword:e45482ce
"ProfileLoadTimeHigh"=dword:01c7c74e
"RefCount"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1782099764-3995341453-1585261633-1007]
"ProfileLoadTimeLow"=dword:fa7edf86
"ProfileLoadTimeHigh"=dword:01c7c74e
"RefCount"=dword:00000005

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"CleanShutdown"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowNetConn_ShouldShow"=dword:00000042

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Devices]
"Microsoft Office Document Image Writer"="winspool,Ne00:"
"Fax"="winspool,Ne01:"
"Dell Color Printer 725"="winspool,Ne02:"

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts]
"Microsoft Office Document Image Writer"="winspool,Ne00:,15,45"
"Fax"="winspool,Ne01:,15,45"
"Dell Color Printer 725"="winspool,Ne02:,15,45"

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"="Fax,winspool,Ne01:"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-16 17:41:05
C:\ComboFix2.txt ... 2007-07-15 22:59
C:\ComboFix3.txt ... 2007-07-15 20:02

--- E O F ---

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users