Gizmo's Freeware Forum

Gizmo's Freeware Forum (
-   General Computer Support (
-   -   cant keep mozilla foxfire why? (

placou 1968 21. May 2012 03:52 PM

why cant i upload or copy and paste the log that is needed for review?
the log i found makes reference to 13.05.2012_10.15.32
this is the numbers i noticed in the dat info i posted.
the same numbers are associated with the file in kaspersky tdsskiller quarantine that holds the captured info. but the log of the scan will not let me provided it to you by any methods i know.
copy and paste had to many characters, imgur wont allow it, now i can copy it, but when i try to paste that is not an option, just delete is option.

at bottom of log it shows no detections, but you have seen them and the date associated.

I allowed for a time difference and checked the day prior and after and nothing is shown detected

the log below is not the one, i was wrong about it.

placou 1968 21. May 2012 04:21 PM

hope its correct one, date,time corrosponding with captures
1 Attachment(s)
thanks i finally hope to have figured out how to get the info to you.

thanks for your patients, i have learned alot so far. in checking other logs of may, i find no mention of threats detected, but the posts have been seen by you, so i guess they exist in here somewhere if kasp. rt.kill doesnt remove.

also, i noted the date 13.05.2012_10.15.32 relates to the captures i listed, and also relates to the items in kasp. quarintine

George.J 22. May 2012 03:10 AM

As you said, there's no indicaton of your PC being infected with rootkits in the above scan log. No items are detected and none quarentined. Interestingly, the short log that you posted earlier had certain detections. From where did you attach that incomplete log.

In your C:\ directory, there should be numerous TDSSKiller logs, since you did scanning more than once. You may attach the other logs here, after zipping them into one file.

What did you do, after Hitman Pro detected threats as in the image you gave in the first post?

placou 1968 22. May 2012 07:04 AM

kasp. rtkit upload sent
C:\TDSSKiller_Quarantine\ should be the zip i uploaded if i did it right. there should be 4 items in quarantine, tsk0000...tsk0001....tsk0002....tsk0003. if i recall correctly, theres 3 folders in each,

the info you ask about in obtaining the short log, i went to run, typed C:\ TDSSKiller. many came up, i narrowed down the date, and sent cut copy paste part of log i thought was important. i was not able to send it all, it was to large. i did not consider zip folder at time, didnt know how then. the rootkit names all had ok by them in the big log, i will try to zip and forward.

hitman, i was using mozilla for possibly 2 weeks(?) I THINK before i ran hitman, when it detected, it was put in quarantine, and i made sure i had it set to stay for 1 month i believe, before removal. i was able to continue use of it. i left, turned my computer on a few days later and it was gone i came here for help then, as best i can recall. it was not in the time frame for hitman to remove it (1month)

i also noted catch me anti malware logs, i never seen them before, dont know how or why their there, are they of any value to you? i didnt open or mess with anything else.

placou 1968 22. May 2012 08:05 AM

i believe this to be the entire log

placou 1968 22. May 2012 08:13 AM

another log i found
1 Attachment(s)
this is in addition to....i located it in c

George.J 22. May 2012 09:33 AM

Allright, placou, I didn't check your log properly. I didn't know that you sent me 4 logs in one notepad file. I thought it was just one. So good news is that, all infected objects in TDSSKiller has been quarantined. The later logs shows no infections.

From your Emnisoft results, there was a spyware toolbar, I believe that was the Ask toolbar. Anyway, it has been deleted and removed from your System Restore folder. Also we used HijackThis to remove it before. Good.

I would like to ask you again. Did you actually run your Mozilla Firefox browser and you were able browse the web with it, atleast once?

Placou, I request you to update your version of Java installed on your computer. Your version is outdated. Make sure you uninstall the old version, after closing all your browsers, and then install the latest one, possibly after a reboot. Download is available here:

Also, if you have your Windows XP disk, insert it and go to Start->Run->type cmd->type sfc/ scannow and wait till it finishes.

George.J 22. May 2012 09:53 AM

I also want you to download and run GMER, save the log file and upload it here.

If you havn't enabled Windows firewall, please enable it, or if you choose to install a new firewall, we have excellent recommendations here: Also turn on "Automatic updates" to keep your Windows updated.

You may also choose to analyse your startup programs, using one of these utilities here: . Lesser the number of programs that initialize on startup, your computer will work faster.
If you wish to, you can download and run Autoruns and save the log as .arn file and upload it here. This is only optional.

If you have any doubt please ask. :)

placou 1968 22. May 2012 02:48 PM

yes i did use the browser, i set it as my default browser. i likley used it 35-40 times, in 2 weeks. it worked fine for that time, actually it worked very well.

i will now attempt the other processes.

i have seen gmer in my computer before, i didnt put it here, but i have seen it.

placou 1968 23. May 2012 05:14 AM

Rootkit quick scan 2012-05-22 23:13:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 WDC_WD1200BB-00RDA0 rev.20.00K20
Running: 173qzr63[1].exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdypob.sys

---- System - GMER 1.0.15 ----

Code F7C39C9C ZwRequestPort
Code F7C39D3C ZwRequestWaitReplyPort
Code F7C39BFC ZwTraceEvent
Code F7C39C9B NtRequestPort
Code F7C39D3B NtRequestWaitReplyPort
Code F7C39BFB NtTraceEvent

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

All times are GMT +1. The time now is 09:00 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.