I'm using Internet Explorer 8
Farbar Service Scanner Version: 14-02-2012
Ran by Hansberry (administrator) on 15-02-2012 at 19:57:14
Running from "C:\Users\Hansberry\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
I hope the following log for gmer is what you needed. It didn't give me a message in the end. It just stopped and did nothing so I clicked the save button.
GMER 1.0.15.15641 -
http://www.gmer.netRootkit scan 2012-02-15 22:25:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000062 ST316081 rev.4.AA
Running: upltoohq.exe; Driver: C:\Users\HANSBE~1\AppData\Local\Temp\fwddquow.sys
---- System - GMER 1.0.15 ----
SSDT 872A9828 ZwAlertResumeThread
SSDT 874B24D0 ZwAlertThread
SSDT 872E9800 ZwAllocateVirtualMemory
SSDT 872B1D10 ZwAlpcConnectPort
SSDT 87056FC0 ZwCreateMutant
SSDT 872A91B8 ZwCreateThread
SSDT 874B80A8 ZwDebugActiveProcess
SSDT 872A8900 ZwFreeVirtualMemory
SSDT 872AE690 ZwImpersonateAnonymousToken
SSDT 872A5E70 ZwImpersonateThread
SSDT 872B1D78 ZwMapViewOfSection
SSDT 87056F40 ZwOpenEvent
SSDT 872B5D68 ZwOpenProcessToken
SSDT 86FE6A60 ZwOpenThreadToken
SSDT 90E82540 ZwResumeThread
SSDT 872E9150 ZwSetContextThread
SSDT 86FE6F90 ZwSetInformationProcess
SSDT 90DFFED0 ZwSetInformationThread
SSDT 874B8008 ZwSuspendProcess
SSDT 871E6798 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x90348640]
SSDT 87082A18 ZwTerminateThread
SSDT 871E60A8 ZwUnmapViewOfSection
SSDT 872A6FC0 ZwWriteVirtualMemory
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. \OpenWithProgids@\1\22\t_auto_file
---- EOF - GMER 1.0.15 ----