ChemicalX

Ok this is what's happening. I'm using a Windows XP laptop with SP3 a few days ago my computer suddenly started Leaking Memory i thought reinstalling windows would allow me to use my computer again. so i did. I started installing the software that i use including the latest version of Comodo Firewall. When the firewall was running it detected that x.exe was trying to make a directory which i then blocked from happening. I google x.exe and learned that it was a problem so in installed malwarebytes anit-malware to find it and remove it. during the mbam scan i detected backdoor.bot and removed it. then my comodo firewall started getting a warning that svchost.exe has tried to execute shellcode as a result of buffer overflow attack. i thought another reformat would solve it and my computer better now that backdoor.bot was gone and that i was going to be more careful this time and set up my computer defenses quickly but now svchost.exe is acting up again.Now my internet connection is not working properly while my pc is slow. I also noticed my taskbar keeps on changing. at first it's supposed to look like the WinXP taskbar but now it's Classic Windows Taskbar without even changing it and other things i notice.
Then i extract gmer to the desktop i get this warning, This page has unspecified potential security flaw so i just extracted gmer to my documents and run it from there. i'm not sure if that makes any difference.
Thanks for taking the time to read this.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Calvin at 12:10:05.04 on Fri 08/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1534 [GMT 8:00]

AV: avast! antivirus 4.8.1335 [VPS 090707-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Calvin\Desktop\dds.pif

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [Google Update] "c:\documents and settings\calvin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\calvin\applic~1\mozilla\firefox\profiles\onj9mp3u.default\
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\calvin\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-14 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-11 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-11 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-14 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-8-11 707152]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-14 352920]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-8-12 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-8-12 3072]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

=============== Created Last 30 ================

2009-08-14 11:38 <DIR> --d-h--- c:\windows\PIF
2009-08-13 11:26 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-12 13:58 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-08-12 13:58 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-08-12 13:58 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-08-12 13:58 75,264 a------- c:\windows\system32\unacev2.dll
2009-08-12 13:58 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-08-12 13:58 <DIR> --d----- c:\program files\Trojan Remover
2009-08-12 13:58 <DIR> --d----- c:\docume~1\calvin\applic~1\Simply Super Software
2009-08-12 13:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-08-12 12:23 <DIR> --d----- c:\windows\pss
2009-08-12 12:18 <DIR> --d----- c:\program files\CCleaner
2009-08-12 11:13 <DIR> --d----- c:\program files\Trend Micro
2009-08-12 05:04 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-08-12 05:04 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-08-12 05:03 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-08-12 05:03 74,240 a------- c:\windows\system32\usbui.dll
2009-08-12 05:03 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-08-12 05:03 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-08-12 05:03 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-08-12 05:03 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-08-12 05:02 <DIR> --d----- c:\program files\common files\ODBC
2009-08-12 05:02 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-08-12 05:02 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-08-12 05:01 <DIR> --d----- C:\Documents and Settings
2009-08-12 05:01 261 a------- c:\windows\system32\$winnt$.inf
2009-08-12 02:59 <DIR> --d----- c:\program files\Tracker Software
2009-08-12 02:56 <DIR> --d--r-- c:\program files\Skype
2009-08-12 02:45 <DIR> --d----- c:\program files\Yahoo!
2009-08-12 02:18 <DIR> --d----- c:\program files\EASEUS
2009-08-12 01:59 <DIR> --d----- c:\program files\DiskCheckup
2009-08-12 01:56 <DIR> --d----- c:\program files\CPUID
2009-08-12 01:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-12 01:27 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-12 01:27 <DIR> --d----- c:\docume~1\calvin\applic~1\SUPERAntiSpyware.com
2009-08-12 01:27 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-12 01:09 <DIR> --d----- c:\docume~1\calvin\applic~1\IObit
2009-08-12 01:09 <DIR> --d----- c:\program files\IObit
2009-08-12 00:37 <DIR> --d----- c:\docume~1\calvin\applic~1\Malwarebytes
2009-08-12 00:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-12 00:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 00:10 <DIR> --d----- c:\program files\MagicDisc
2009-08-11 22:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-08-11 22:00 <DIR> --d----- c:\program files\COMODO
2009-08-11 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpeedBit
2009-08-11 21:49 <DIR> --d----- c:\program files\DAP
2009-08-11 21:37 <DIR> --ds---- c:\documents and settings\calvin\UserData
2009-08-11 21:34 <DIR> --d----- c:\program files\CONEXANT
2009-08-11 21:34 <DIR> --d----- c:\program files\SigmaTel
2009-08-11 21:26 <DIR> --d----- c:\program files\Broadcom
2009-08-11 21:20 <DIR> --d----- c:\program files\Dell
2009-08-11 21:12 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-08-11 21:12 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-11 21:11 <DIR> --d----- c:\program files\common files\MSSoap
2009-08-11 21:10 <DIR> --d----- c:\program files\Online Services
2009-08-11 21:10 <DIR> --d----- c:\program files\Messenger
2009-08-11 21:10 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-08-11 21:09 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-08-12 01:52 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-12 00:39 681,536 a------- c:\windows\system32\drivers\sfi.dat
2009-08-12 00:24 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-11 22:00 179,792 a------- c:\windows\system32\guard32.dll
2009-08-11 22:00 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-11 22:00 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-11 21:49 50,688 a------- c:\windows\system32\wbhelp2.dll
2009-08-11 21:31 27,430 a------- c:\windows\system32\nvModes.dat
2009-08-11 21:10 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-28 16:33 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-13 19:54 1,663,488 a------- c:\windows\system32\BootMan.exe

============= FINISH: 12:10:27.96 ===============

Attached Files

Attach.zip (2.2 KB, 1 views)

ChemicalX

BUMP, please.