Inactive BSOD on start up, possibly conhost.exe?, VISTA

[krinkle]

Whenever I boot up my pc I get BSOD.

Windows comes up with this error message:

Problemsignatur:
Navn på problemhændelse: BlueScreen
OS-version: 6.0.6002.2.2.0.768.3
Landestandard-id: 1030

Flere oplysninger om problemet:
BCCode: 1000007e
BCP1: C0000005
BCP2: 870AC720
BCP3: 8B56FBB8
BCP4: 8B56F8B4
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Filer, der hjælper med til at beskrive problemet:
C:\Windows\Minidump\Mini083011-25.dmp
C:\Users\TheFracker\AppData\Local\Temp\WER-100917-0.sysdata.xml
C:\Users\TheFracker\AppData\Local\Temp\WER1360.tmp.version.txt

When the BSOD comes up it says IRQL_NOT_LESS_OR_EQUAL.

I posted in tech support and was asked to go here and follow the 6-step instructions. Route44 who helped me out suspected that conhost.exe is the problem. Conhost.exe is currently running in taskmanager and keeps starting up again when I close the process. Under the description it says bitcoin-miner. I have searched for conhost.exe on my computer and I can't find it.

All the scans have been done in Safe Mode, because I can't succesfully boot up in normal mode.

Avast scan didn't find anything.

Microsoft Security Essentials found Win32/CoinMaker and deleted it. It also found conhost.exe and couldn't verify wether it was harmful or not and therefore didn't do anything about it.

Microsoft Security Essentials Log:
----------------------------------------------------------------------------------
Command: MpSigStub.exe /program "C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe" ANTIMALWARE /q
Start time: 30-08-2011 15:10 (version 10.3.1781.0)

=================================== ProductSearch ==================================

Microsoft Security Essentials:
Status: Active
Product: 3.0.8402.0
Engine: Not found
Signatures: Not found
NIS Engine: Not found
NIS Signatures: Not found

================================ PackageDiscovery ================================

AM FE: NIS Full:
Engine: 1.1.7604.0 NIS engine: 2.0.5854.0
AS base VDM: 1.111.0.0 NIS base VDM: 9.0.0.0
AV base VDM: 1.111.0.0 NIS full VDM: 9.285.0.0
AS delta VDM: 1.111.1045.0
AV delta VDM: 1.111.1045.0

================================ PatchApplication ================================

Patched nisfull.vdm to 9.285.0.0

================================= MpUpdateEngine =================================

Updated from C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs (0x0)

================================= ValidateUpdate =================================

MpSigStub successfully updated Microsoft Security Essentials using the AM FE package.

Original: Updated to:
Engine: 0.0.0.0 1.1.7604.0
AS base VDM: 0.0.0.0 1.111.0.0
AV base VDM: 0.0.0.0 1.111.0.0
AS delta VDM: 0.0.0.0 1.111.1045.0
AV delta VDM: 0.0.0.0 1.111.1045.0

Set DeltaUpdateFailure to 0
MpSigStub successfully updated Microsoft Security Essentials using the NIS Full package.

Original: Updated to:
NIS engine: 0.0.0.0 2.0.5854.0
NIS base VDM: 0.0.0.0 9.0.0.0
NIS full VDM: 0.0.0.0 9.285.0.0

Set NISDeltaUpdateFailure to 0
Deleted C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs\9.0.0.0_TO_9.285.0.0_NISFULL.VDM_SOURCE_NISBASE.VDM._P
Deleted C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs\MPASBASE.VDM
Deleted C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs\MPASDLTA.VDM
Deleted C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs\MPAVBASE.VDM
Deleted C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs\MPAVDLTA.VDM
Deleted C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs\NISBASE.VDM
Deleted C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs\nisfull.vdm
Deleted C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs\mpengine.dll
Deleted C:\Windows\Temp\FB84A858E00CF7243B12915059191B09-Sigs\GAPAENGINE.DLL
End time: 30-08-2011 15:11
----------------------------------------------------------------------------------



Malwarebytes' Anti-Malware didn't come up with anything. I ran both the quick and full scan.

Malwarebytes' Anti-Malware Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4062

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120

01-09-2011 01:00:47
mbam-log-2011-09-01 (01-00-47).txt

Scan type: Quick scan
Objects scanned: 126315
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I ran GMER.

GMER Log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-01 04:08:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 WDC_WD50 rev.01.0
Running: fn87dlu3.exe; Driver: C:\Users\THEFRA~1\AppData\Local\Temp\uwdiipog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8FE7C884]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8FE9DFA8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8FE97E42]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8FE9826A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8FEA26FE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8FE7D5B4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8FE9FA50]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8FE9F346]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8FE96C26]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8FEA041A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8FEA0658]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8FEA0B0A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8FE7D16C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8FE9A358]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x8FE99F46]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8FEA14E0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8FEA0DD4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8FEA1F40]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8FE83292]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8FE7D9BE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8FEA1A68]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8FE9EA6A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8FE98F66]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x8FE98C96]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8FE986DE]

INT 0x51 ? 84F64BF8
INT 0x52 ? 8645DF00
INT 0x82 ? 84F63BF8
INT 0x92 ? 84F64BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1D9 824E795C 4 Bytes [84, C8, E7, 8F] {TEST AL, CL; OUT 0x8f, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1E9 824E796C 4 Bytes [A8, DF, E9, 8F]
.text ntkrnlpa.exe!KeSetEvent + 209 824E798C 8 Bytes [42, 7E, E9, 8F, 6A, 82, E9, ...]
.text ntkrnlpa.exe!KeSetEvent + 215 824E7998 4 Bytes [FE, 26, EA, 8F]
.text ntkrnlpa.exe!KeSetEvent + 2D1 824E7A54 8 Bytes [B4, D5, E7, 8F, 50, FA, E9, ...]
.text ...
? System32\Drivers\spjj.sys Den angivne sti blev ikke fundet. !
.text USBPORT.SYS!DllUnload 82F9A41B 5 Bytes JMP 8645D4E0
.text aaaq9zd8.SYS 8F1B5000 22 Bytes [82, F3, 40, 82, 6C, F2, 40, ...]
.text aaaq9zd8.SYS 8F1B5017 137 Bytes [00, 32, 37, 7A, 80, 3D, 35, ...]
.text aaaq9zd8.SYS 8F1B50A1 43 Bytes [40, 4E, 82, 74, 36, 48, 82, ...]
.text aaaq9zd8.SYS 8F1B50CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text aaaq9zd8.SYS 8F1B50DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory 774854C4 5 Bytes JMP 00DC000A
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!KiUserExceptionDispatcher 77485BF8 5 Bytes JMP 004C000A
.text C:\Windows\Explorer.EXE[1792] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 01F7000A
.text C:\Windows\Explorer.EXE[1792] ntdll.dll!NtWriteVirtualMemory 774854C4 5 Bytes JMP 0208000A
.text C:\Windows\Explorer.EXE[1792] ntdll.dll!KiUserExceptionDispatcher 77485BF8 5 Bytes JMP 01F6000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069A6D2] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8069A040] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8069A7FC] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8069A0BE] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069A13C] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806AA048] \SystemRoot\System32\Drivers\spjj.sys
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8F1DAFBC] \SystemRoot\System32\Drivers\aaaq9zd8.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortReadPortUshort] 1DAFC8A1
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A8F
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\aaaq9zd8.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85D3A1F8
Device \FileSystem\fastfat \FatCdrom 876231F8
Device \Driver\netbt \Device\NetBT_Tcpip_{7BE1BC0C-7A11-4BFA-9F7A-5F5AD244094F} 8652B1F8
Device \Driver\volmgr \Device\VolMgrControl 85D351F8
Device \Driver\usbohci \Device\USBPDO-0 86478488
Device \Driver\usbehci \Device\USBPDO-1 864791F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\volmgr \Device\HarddiskVolume1 85D351F8
Device \Driver\volmgr \Device\HarddiskVolume2 85D351F8
Device \Driver\cdrom \Device\CdRom0 864831F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85D371F8
Device \Driver\atapi \Device\Ide\IdePort0 85D371F8
Device \Driver\atapi \Device\Ide\IdePort1 85D371F8
Device \Driver\cdrom \Device\CdRom1 864831F8
Device \Driver\volmgr \Device\HarddiskVolume3 85D351F8
Device \Driver\cdrom \Device\CdRom2 864831F8
Device \Driver\volmgr \Device\HarddiskVolume4 85D351F8
Device \Driver\cdrom \Device\CdRom3 864831F8
Device \Driver\volmgr \Device\HarddiskVolume5 85D351F8
Device \Driver\cdrom \Device\CdRom4 864831F8
Device \Driver\volmgr \Device\HarddiskVolume6 85D351F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8652B1F8
Device \Driver\Smb \Device\NetbiosSmb 873C41F8
Device \Driver\USBSTOR \Device\00000079 875EA1F8
Device \Driver\nvstor32 \Device\RaidPort0 85D391F8
Device \Driver\PCI_PNP1416 \Device\0000005c spjj.sys

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\iScsiPrt \Device\RaidPort1 864A5500

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\netbt \Device\NetBT_Tcpip_{65AA5710-5DE1-44FD-88B4-76FAC213BF3E} 8652B1F8
Device \Driver\usbohci \Device\USBFDO-0 86478488
Device \Driver\nvstor32 \Device\0000006c 85D391F8
Device \Driver\USBSTOR \Device\0000007a 875EA1F8
Device \Driver\usbehci \Device\USBFDO-1 864791F8
Device \Driver\USBSTOR \Device\0000007b 875EA1F8
Device \Driver\USBSTOR \Device\0000007c 875EA1F8
Device \Driver\sptd \Device\2506129424 spjj.sys
Device \Driver\USBSTOR \Device\0000007d 875EA1F8
Device \Driver\USBSTOR \Device\0000007e 875EA1F8
Device \Driver\aaaq9zd8 \Device\Scsi\aaaq9zd81Port4Path0Target3Lun0 864A31F8
Device \Driver\aaaq9zd8 \Device\Scsi\aaaq9zd81Port4Path0Target1Lun0 864A31F8
Device \Driver\aaaq9zd8 \Device\Scsi\aaaq9zd81 864A31F8
Device \Driver\aaaq9zd8 \Device\Scsi\aaaq9zd81Port4Path0Target2Lun0 864A31F8
Device \Driver\aaaq9zd8 \Device\Scsi\aaaq9zd81Port4Path0Target0Lun0 864A31F8
Device \FileSystem\fastfat \Fat 876231F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filsystem Filterstyring/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 87BF31F8
Device \Device\0000006a -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AACS-00ZUB#4&2caa503b&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File C:\Minidumps.zip 102526 bytes
File C:\MpSigStub.log 5818 bytes

---- EOF - GMER 1.0.15 ----


I ran Windows Memory Diagnostic to test if there was something wrong with my RAM. It didn't find anything.

I have included a zip with the 5 latest dump files from Windows.

Here's the link to the tech support post: https://www.techspot.com/vb/topic170141.html

I use Windows Vista. I would appreciate any help, please tell me if you additional details.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[krinkle]

I didn't complete step 4 because when I downloaded DDS it was downloaded as a screen saver file, .scr, and when I ran it nothing happened.
I attached the mini dump files because Route44 in the tech forum told me to attach them as a zip file when he was helping me, so I thought they might be of use.

EDIT: ADDITIONAL INFO:
I just booted up my computer and I got BSOD. It said: aswSP.SYS and Technical Information: STOP: 0x000000D4 (0x9070E2D0, 0x000000FF, 0x00000001, 0x824635CD)

EDIT2:
I think that conhost.exe is causing some problems. It keeps running under processes even when I shut it down, and when i go into C:\Windows\Temp and delete it, it keeps reappearing. Microsoft Security Essentials can't remove it either.
I can't get DDS.scr to run. Every time I open it, it pops up momentarily and shuts down. No logs or anything.

I would appreciate any help that you can lend me.

EDIT3: I ran RSIT.exe and here's the log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by TheFracker at 2011-09-01 15:28:23
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 71 GB (16%) free of 456 GB
Total RAM: 3071 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:28:33, on 01-09-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19120)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\TheFracker\Downloads\RSIT.exe
C:\Program Files\trend micro\TheFracker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNjY3NjE1NTMxLUZMMTArMS1ERFQrNDgyNjgtREQxMEYrMQ"&"prod=90"&"ver=10.0.1392
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\TheFracker\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O15 - Trusted Zone: .danid.dk[/url]
O15 - Trusted Zone: .danid.dk[/url] (HKLM)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.64.0.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 4853 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1634227405-2453312934-4266423901-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1634227405-2453312934-4266423901-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\TheFracker\AppData\Roaming\Mozilla\Firefox\Profiles\avjnnam4.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17, david@dkjensen.com:0.0.5"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\ProgramData\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675]
"Description"=6.0.12.1675
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazon-en-GB.xml
answers.xml
bing.xml
chambers-en-GB.xml
creativecommons.xml
eBay-en-GB.xml
google.xml
wikipedia.xml
yahoo-en-GB.xml

C:\Users\TheFracker\AppData\Roaming\Mozilla\Firefox\Profiles\avjnnam4.default\extensions\
david@dkjensen.com
staged
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD79A59-37B1-459B-9097-09F9FAB8A523}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2011-03-18 1043968]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-18 185896]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-unins...ERFQrNDgyNjgtREQxMEYrMQ&prod=90&ver=10.0.1392 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2010-04-16 3872080]
"Google Update"=C:\Users\TheFracker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-05 136176]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, mpqaital.dll, merdmfgf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"vidc.XVID"=xvidvfw.dll
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"VIDC.XFR1"=xfcodec.dll
"msacm.divxa32"=msaud32_divx.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-09-01 15:28:25 ----D---- C:\Program Files\trend micro
2011-09-01 15:28:23 ----D---- C:\rsit
2011-09-01 14:47:04 ----D---- C:\Windows\system32\MpEngineStore
2011-09-01 14:15:12 ----SHD---- C:\Config.Msi
2011-09-01 04:14:02 ----A---- C:\mbam-log-2011-09-01 (01-00-47).txt
2011-09-01 01:31:00 ----A---- C:\fn87dlu3.exe
2011-09-01 01:30:41 ----A---- C:\techspot.txt
2011-09-01 01:01:30 ----D---- C:\ProgramData\AVAST Software
2011-09-01 01:01:30 ----D---- C:\Program Files\AVAST Software
2011-08-31 19:06:00 ----A---- C:\Windows\system32\avgrep.txt
2011-08-30 23:35:14 ----A---- C:\mtinst.exe
2011-08-30 20:00:51 ----A---- C:\Windows\ntbtlog.txt
2011-08-30 17:40:10 ----A---- C:\check.txt
2011-08-30 15:09:25 ----A---- C:\Windows\system32\vsregexp.dll
2011-08-30 15:09:10 ----A---- C:\Windows\system32\zlcommdb.dll
2011-08-30 15:09:10 ----A---- C:\Windows\system32\zlcomm.dll
2011-08-30 15:09:06 ----A---- C:\Windows\system32\vswmi.dll
2011-08-30 15:09:05 ----A---- C:\Windows\system32\zpeng25.dll
2011-08-30 15:09:05 ----A---- C:\Windows\system32\vsxml.dll
2011-08-30 15:09:05 ----A---- C:\Windows\system32\vspubapi.dll
2011-08-30 15:09:05 ----A---- C:\Windows\system32\vsmonapi.dll
2011-08-30 15:09:04 ----A---- C:\Windows\system32\vsdata.dll
2011-08-30 15:08:58 ----D---- C:\Windows\system32\ZoneLabs
2011-08-30 15:08:58 ----A---- C:\Windows\system32\drivers\vsdatant.sys
2011-08-30 15:08:54 ----D---- C:\Program Files\Zone Labs
2011-08-30 15:08:13 ----A---- C:\Windows\system32\vsutil.dll
2011-08-30 15:08:13 ----A---- C:\Windows\system32\vsinit.dll
2011-08-30 15:06:47 ----D---- C:\Program Files\Microsoft Security Client
2011-08-24 17:04:37 ----A---- C:\Windows\system32\tzres.dll
2011-08-24 16:55:38 ----D---- C:\Program Files\LogMeIn Hamachi
2011-08-17 18:43:21 ----D---- C:\Users\TheFracker\AppData\Roaming\LolClient
2011-08-17 17:38:58 ----D---- C:\Riot Games
2011-08-17 15:16:27 ----D---- C:\Program Files\LoL
2011-08-17 14:30:32 ----D---- C:\Users\TheFracker\AppData\Roaming\GRETECH
2011-08-17 14:29:19 ----D---- C:\Program Files\GRETECH
2011-08-10 02:47:11 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 02:46:07 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 02:41:12 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 02:41:12 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 02:41:12 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 02:41:11 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-10 02:41:10 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 02:41:09 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 02:41:09 ----A---- C:\Windows\system32\ie4uinit.exe
2011-08-10 02:41:08 ----A---- C:\Windows\system32\url.dll
2011-08-10 02:41:08 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 02:41:07 ----A---- C:\Windows\system32\occache.dll
2011-08-10 02:41:07 ----A---- C:\Windows\system32\mstime.dll
2011-08-10 02:41:07 ----A---- C:\Windows\system32\ieui.dll
2011-08-10 02:41:07 ----A---- C:\Windows\system32\iesysprep.dll
2011-08-10 02:41:07 ----A---- C:\Windows\system32\iepeers.dll
2011-08-10 02:41:07 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-10 02:41:06 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 02:41:06 ----A---- C:\Windows\system32\msfeedssync.exe
2011-08-10 02:41:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-08-10 02:41:06 ----A---- C:\Windows\system32\licmgr10.dll
2011-08-10 02:41:06 ----A---- C:\Windows\system32\ieUnatt.exe
2011-08-10 02:41:06 ----A---- C:\Windows\system32\iesetup.dll
2011-08-10 02:41:06 ----A---- C:\Windows\system32\iernonce.dll
2011-08-10 02:33:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 02:33:49 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-10 02:32:52 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2011-08-10 02:32:52 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-04 23:29:31 ----D---- C:\Users\TheFracker\AppData\Roaming\FOG Downloader
2011-08-04 23:29:22 ----D---- C:\Program Files\Runes of Magic
2011-08-02 22:08:15 ----D---- C:\Windows\system32\Updates
2011-08-02 22:08:12 ----D---- C:\Windows\system32\Data

======List of files/folders modified in the last 1 month======

2011-09-01 15:28:25 ----RD---- C:\Program Files
2011-09-01 15:28:13 ----D---- C:\Windows\Temp
2011-09-01 15:27:14 ----D---- C:\Windows\Internet Logs
2011-09-01 14:47:04 ----D---- C:\Windows\System32
2011-09-01 14:28:30 ----D---- C:\Program Files\Mozilla Firefox
2011-09-01 14:24:22 ----D---- C:\Program Files\Steam
2011-09-01 14:16:15 ----D---- C:\ProgramData\MFAData
2011-09-01 14:16:11 ----SHD---- C:\Windows\Installer
2011-09-01 14:16:01 ----D---- C:\ProgramData\AVG10
2011-09-01 14:15:39 ----D---- C:\Windows\system32\drivers\AVG
2011-09-01 14:15:29 ----D---- C:\Windows\system32\drivers
2011-09-01 14:12:35 ----D---- C:\Windows
2011-09-01 14:08:01 ----D---- C:\Windows\Minidump
2011-09-01 01:01:37 ----D---- C:\Program Files\Windows Sidebar
2011-09-01 01:01:30 ----HD---- C:\ProgramData
2011-08-31 18:28:51 ----D---- C:\Program Files\PS3 Media Server
2011-08-30 22:25:02 ----D---- C:\Windows\system32\LogFiles
2011-08-30 20:10:52 ----D---- C:\Windows\Prefetch
2011-08-30 19:53:00 ----D---- C:\Windows\system32\catroot2
2011-08-30 17:43:00 ----D---- C:\Users\TheFracker\AppData\Roaming\vlc
2011-08-30 17:29:55 ----RSD---- C:\Windows\assembly
2011-08-30 17:29:55 ----D---- C:\Windows\Microsoft.NET
2011-08-30 16:59:41 ----D---- C:\Windows\rescache
2011-08-30 16:57:11 ----D---- C:\Windows\winsxs
2011-08-30 16:34:59 ----D---- C:\Windows\system32\catroot
2011-08-30 16:29:13 ----D---- C:\Windows\system32\da-DK
2011-08-30 16:29:12 ----D---- C:\Windows\system32\migration
2011-08-30 16:29:12 ----D---- C:\Program Files\Internet Explorer
2011-08-30 16:28:54 ----D---- C:\Windows\inf
2011-08-30 16:08:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-30 03:39:02 ----D---- C:\Users\TheFracker\AppData\Roaming\uTorrent
2011-08-30 00:04:14 ----D---- C:\Program Files\World of Warcraft
2011-08-29 18:49:42 ----D---- C:\Musik
2011-08-26 16:54:06 ----D---- C:\Users\TheFracker\AppData\Roaming\Skype
2011-08-17 21:13:52 ----D---- C:\ProgramData\PMB Files
2011-08-17 17:38:58 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-16 21:11:36 ----D---- C:\Program Files\Heroes of Newerth
2011-08-16 19:59:51 ----D---- C:\Windows\system32\directx
2011-08-16 19:59:46 ----HD---- C:\Windows\msdownld.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-07-09 64288]
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-10-31 115744]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-03-13 717296]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 457304]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
R4 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys []
R4 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys []
R4 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys []
S1 jhqlgxpg;jhqlgxpg; \??\C:\Windows\system32\drivers\jhqlgxpg.sys []
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
S1 MpKsl033028ab;MpKsl033028ab; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKsl033028ab.sys [2011-08-30 28752]
S1 MpKsl095d3fc7;MpKsl095d3fc7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKsl095d3fc7.sys [2011-08-30 28752]
S1 MpKsl3d105157;MpKsl3d105157; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0EF5E96-8297-4D80-9FD5-3DB6319C266D}\MpKsl3d105157.sys []
S1 MpKsl55c019c8;MpKsl55c019c8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2976BEB-1ADB-4473-8E4E-CC6C54CC07E0}\MpKsl55c019c8.sys []
S1 MpKsl58a1a83e;MpKsl58a1a83e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKsl58a1a83e.sys [2011-08-31 28752]
S1 MpKsl6849a32a;MpKsl6849a32a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKsl6849a32a.sys [2011-08-30 28752]
S1 MpKsl81616e7e;MpKsl81616e7e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKsl81616e7e.sys []
S1 MpKsl997801e2;MpKsl997801e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKsl997801e2.sys [2011-08-30 28752]
S1 MpKslbd378a8f;MpKslbd378a8f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKslbd378a8f.sys [2011-08-30 28752]
S1 MpKslcbfb3f94;MpKslcbfb3f94; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKslcbfb3f94.sys [2011-08-30 28752]
S1 MpKslcdb7aa43;MpKslcdb7aa43; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKslcdb7aa43.sys [2011-08-31 28752]
S1 MpKsld1861ecb;MpKsld1861ecb; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKsld1861ecb.sys [2011-08-31 28752]
S1 MpKsld3d46160;MpKsld3d46160; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB5D89C-FAF4-427E-A9D0-0C7CBCBAE65F}\MpKsld3d46160.sys []
S1 unjybqhl;unjybqhl; \??\C:\Windows\system32\drivers\unjybqhl.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2010-05-31 47640]
S3 afj5qeok;afj5qeok; C:\Windows\system32\drivers\afj5qeok.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FETNDIS;Tjenesten VIA Rhine-Family Fast Ethernet-netværkskortdriver; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\THEFRA~1\AppData\Local\Temp\YKF18BB.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-funktionsdriver til High Definition Audio-tjeneste; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-09-28 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-09-28 101248]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-11-14 2016920]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2010-05-31 10144]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 MSKSSRV;Serviceproxy til Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Kvalitetsstyringsproxy til Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Tee/Sink-to-Sink-konverteringsprogram til Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys []
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-14 8244320]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 usbaudio;USB-lyddriver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB-scannerdriver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2011-03-18 2435592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-20 1355968]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-01-18 75136]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S3 aspnet_state;ASP.NET-tilstandstjeneste; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-06-02 403240]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.