Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COMBOFIX CRASHED


  • Please log in to reply
8 replies to this topic

#1 Genlab

Genlab

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 08 June 2010 - 05:10 AM

Today 8 June 2010 I downloaded combofix from bleepingcomputer as usual.
I run it but after it show the command promt window and the message about '... if is heavy infected it make take easy double time to run..." it become with light color the window ! like when a window is not responding in windows 7 and it appear the known window when a program crash waiting to find solution and then close.
I have also eset internet security but in disable it and also combofix forced it for exit (it asked me to exit from eset)
I copy here what I see in events.
Any help?

Log Name: Application
Source: Windows Error Reporting
Date: 8/6/2010 12:57:53 μμ
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: xxxxxxxx
Description:
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: CF3232.cfxxe
P2: 6.1.7600.16385
P3: 4a5bc19e
P4: ntdll.dll
P5: 6.1.7600.16385
P6: 4a5bdadb
P7: c00000fd
P8: 00046bdf
P9:
P10:

Attached files:
C:\Users\xxxx\AppData\Local\temp\WER83FF.tmp.WERInternalMetadata.xml
C:\Users\xxxx\AppData\Local\temp\WERBA04.tmp.appcompat.txt
C:\Users\xxxx\AppData\Local\temp\WERBB0F.tmp.hdmp
C:\Users\xxxx\AppData\Local\temp\WERBCC5.tmp.mdmp

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_CF3232.cfxxe_9cd13dd3241680206334e8606eb4764bfb7c8_cab_0aeebd11

Analysis symbol:
Rechecking for solution: 0
Report Id: 3e235e8b-72e4-11df-9770-0007e9ac381e
Report Status: 4
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-06-08T09:57:53.000000000Z" />
<EventRecordID>9060</EventRecordID>
<Channel>Application</Channel>
<Computer>xxxxxxxx</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>0</Data>
<Data>APPCRASH</Data>
<Data>Not available</Data>
<Data>0</Data>
<Data>CF3232.cfxxe</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bc19e</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bdadb</Data>
<Data>c00000fd</Data>
<Data>00046bdf</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
C:\Users\xxxx\AppData\Local\temp\WER83FF.tmp.WERInternalMetadata.xml
C:\Users\xxxx\AppData\Local\temp\WERBA04.tmp.appcompat.txt
C:\Users\xxxx\AppData\Local\temp\WERBB0F.tmp.hdmp
C:\Users\xxxx\AppData\Local\temp\WERBCC5.tmp.mdmp</Data>
<Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_CF3232.cfxxe_9cd13dd3241680206334e8606eb4764bfb7c8_cab_0aeebd11</Data>
<Data>
</Data>
<Data>0</Data>
<Data>3e235e8b-72e4-11df-9770-0007e9ac381e</Data>
<Data>4</Data>
</EventData>
</Event>
==========================================

Log Name: Application
Source: Application Error
Date: 8/6/2010 12:57:27 μμ
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxx
Description:
Faulting application name: CF3232.cfxxe, version: 6.1.7600.16385, time stamp: 0x4a5bc19e
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc00000fd
Fault offset: 0x00046bdf
Faulting process id: 0x168
Faulting application start time: 0x01cb06f0cd93092a
Faulting application path: C:\ComboFix\CF3232.cfxxe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 3e235e8b-72e4-11df-9770-0007e9ac381e
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-06-08T09:57:27.000000000Z" />
<EventRecordID>9059</EventRecordID>
<Channel>Application</Channel>
<Computer>xxxxxxxx</Computer>
<Security />
</System>
<EventData>
<Data>CF3232.cfxxe</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bc19e</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bdadb</Data>
<Data>c00000fd</Data>
<Data>00046bdf</Data>
<Data>168</Data>
<Data>01cb06f0cd93092a</Data>
<Data>C:\ComboFix\CF3232.cfxxe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>3e235e8b-72e4-11df-9770-0007e9ac381e</Data>
</EventData>
</Event>

Edited by Genlab, 08 June 2010 - 08:54 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,941 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:20 PM

Posted 08 June 2010 - 09:33 AM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

With that said, what specific issues are you having that requires using ComboFix? Are you using a 64-bit versions of Windows 7?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Genlab

Genlab
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 08 June 2010 - 04:18 PM

Thank you for your reply

I have read this statement about how powerful is combofix.
Is windows 7 for 32bits.
Does anybody else have same problem with me? I mean combofix to crash always with this windows version.
Computer some times was very slow surfing in internet, even in safe sites like hotmail or yahoo.
But I remembered that I had windows 7 32bits in another disconnected hard disk where was isolated from viruses and trojans to use it if my one hard disk have problem.
So I replaced the hard disk with the other one but happened the same thing.
with same exactly pictures I show here.
Photo1

Photo2

Photo3

I made full scan to my hard disk in other computer with NOD32 v4.2 antivirus
and with malwarebytes anti-malware quick scan
and both did not find anything infected.

PS: I see in down left corner a box with only ENGLISH as option. You have plans to add and other language in bleepingcomputer site?

Edited by Genlab, 08 June 2010 - 04:38 PM.


#4 Genlab

Genlab
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 08 June 2010 - 08:48 PM

I downloaded combofix at 9 June 2010 02:24 London time.
I uninstalled ESET SMART SECURITY v.4.2

I ran combofix and worked fine.

Best regards!
Bios!

Edited by Genlab, 08 June 2010 - 08:57 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,941 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:20 PM

Posted 09 June 2010 - 09:22 AM

CF will run on Windows 7 but it's not officially supported yet as it is a beta version meant for compatibility testing. When attempting to use it on that OS, there should be a warning message as such.

You still did not answered what specific issues are you having that requires using ComboFix?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:20 PM

Posted 09 June 2010 - 05:53 PM

PS: I see in down left corner a box with only ENGLISH as option. You have plans to add and other language in bleepingcomputer site?

Since this is a US based forum and we follow US copyright and intellectual property laws as well as all US laws that apply to this site. We unfortunately do not at this time have any plans to have our content translated so that we can incorporate other languages into the site.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#7 Genlab

Genlab
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 09 June 2010 - 06:37 PM

Hello,

As I wrote above
"...Computer some times was very slow surfing in internet, even in safe sites like hotmail or yahoo...."

Last days many times firefox and internet explorer made big delay to respond, especially when i had open 5 pages to each one. In past before almost 2 weeks I did not have this big delay.
The delay to respond reflected to the overall respond of windows WHEN I HAD open 5 or more pages in browsers.
Finally after 1 or 2 minutes computer started to respond.
I scanned the hard disk in other clean computer with NOD32 antivirus v. 4.2 and didn't find anything, nor the anti-malware of malwarebytes.

So TO MAKE BIGGER CLEANING I used and combofix.
Before this I deleted all temporary files.

Combofix quarantined and deleted
these files

2010-06-09 01:34:03 . 2010-06-09 01:34:03 3,705 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-06-09 01:25:59 . 2010-06-09 01:27:48 62 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\Plugins\npqtplugin7.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\Plugins\npqtplugin6.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\Plugins\npqtplugin5.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\Plugins\npqtplugin4.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\Plugins\npqtplugin3.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\Plugins\npqtplugin2.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll.vir
2010-06-09 01:15:47 . 2010-06-09 01:15:47 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll.vir

plugin were part of quicktimeplayer. But it seems computer does not need them since quicktime works fine (version 7.2.0.240)
Is the smallest version that works the codec for last mov files and in acceptable speed in my computer.

I am not sure if the problem was the Eset smart security or not.
I put the new kaspersky security 2011 to give a try and seems all works fine now.

Computer had a small surgery ! 3 capacitors had a... bump !
I replaced those 3 capacitors 3300 microF/6V with 3300 microF/16V
and patient seems is well and stable now :thumbsup:

Edited by Genlab, 09 June 2010 - 11:50 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,941 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:20 PM

Posted 10 June 2010 - 08:15 AM

Glad to hear you resolved your issues. I will advise the creator of CF about those plugins.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,941 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:20 PM

Posted 10 June 2010 - 10:06 AM

sUBs would like to see a sample of those files so he can investigate. Please go to this site and submit (upload) a copy of them as an attachment.
  • You do not need to be a member to upload files as anybody can upload them.
  • Click the New Topic tab.
  • Enter the information and in the Subject box, enter: Files for sUBs
  • Fill in a short message and a link to this topic.
  • Press the Browse button, navigate to and select the files on your computer to upload.
  • For more than 1 file, press the more attachments button for each one, then browse and select them.
  • When all the files are listed in the window press Post to upload the files.
  • You will not be able to view the files that have been uploaded as they only show to the authorized users who can download them.
  • sUBs will be able to collect the file(s) from there and examine them.
Thanks.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users