Tech Support Forum banner
Status
Not open for further replies.

ComboFix reports

2K views 7 replies 3 participants last post by  Goldbird 
#1 ·
Hello,

I hope it is the good place to ask SUBs a question about ComboFix tool.
I found lots of reports showing Firefox extensions and plugins but I cannot obtain the same result now in virtual machine running with W7-32 nor 64.

I can display Firefox start page, but no extensions or plugins, that appear in other rapports, like FRST tool.

Do you know the Reason why ?

Thanks for help.
 
#3 ·
Hello,

I ran Combofix in a VM and the report does't display FF components, extensions or plugins, though these elements are displayed in other reports, like FRST.

But, when I look older CF reports, I find ff components.

You might try in VM, with plugins, like Flash Player or extensions, you cannot anymore display them on CF reports.

Why ?
 
#4 · (Edited)
More information

ComboFix : https://www.cjoint.com/doc/19_11/IKBvcORM38c_ComboFix.txt

ZHPdiag lines for the same system
---\\ FIREFOX, Plugins,Démarrage,Recherche,Extensions (21) - 2s
M0 - MFSP: prefs.js [test - kbtucxsv.default] Google =>.Google Inc.
P2 - EXT FILE: (.Facebook Container.) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\kbtucxsv.default\extensions\@contain-facebook.xpi =>.Facebook Container
P2 - EXT FILE: (.Enhancer for YouTube™.) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\kbtucxsv.default\extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi =>.Enhancer for YouTube™
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.webcompat.com.) -- C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi =>.webcompat.com
P2 - EXT FILE: (.webcompat.com.) -- C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi =>.webcompat.com
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_32_0_0_293.dll =>.Adobe

A CF report with FF components
https://forum.malekal.com/viewtopic.php?t=22846#p190773
FF - ProfilePath - c:\users\PIERRE\AppData\Roaming\Mozilla\Firefox\Profiles\jphl97p9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\users\PIERRE\AppData\Roaming\Mozilla\Firefox\Profiles\jphl97p9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

But I cannot display ff components in my own reports !
Why ?
 
#7 ·
I'm afraid I can't answer why Combofix is giving you unreliable results when run in VM, I can only say that I doubt very much that it was ever designed to be used in that way.

Off hand I can't think of any tool that was.

Now it may be that some of them perform well when used on an OS hosted on a VM, but personally I would need confirmation from a tool's author that the scan results would be reliable when run this way, before I made any decisions based on those scan results.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top