PDA

View Full Version : Click.GiftLoad won't go away!


myblueyzz
2011-05-10, 08:34
Hello. I would very much appreciate your help. SpyBot detects Click.GiftLoad but after trying time and time again, it doesn't remove it. The computer is I am running a legitimate Dell D620 with XP Professional.

The

The SpyBot log is showing as too long to input into this post. Therefore, I have added it as an attachment.

Edit
--- Search result list ---
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

Right Media: Tracking cookie (Internet Explorer: winikm1) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---



I have also included the ASWMBR log as well.

Thank you very much for your help!!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by winikm1 at 18:19:14.56 on Mon 05/09/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.470 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec Client Security\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Symantec Client Security\SNAC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Reflection\rtsserv.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Rtvscan.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec Client Security\SmcGui.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\stsystra.exe
C:\WINNT\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\svchost.exe -k HTTPFilter
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\winikm1\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SetCNameUSR] REGEDIT /S c:\winnt\setcnameusr.reg
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\winnt\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uExplorerRun: [1] wscript \\ent.core.medtronic.com\NETLOGON\SMS_Std\S_smslogon.vbs //B
StartupFolder: c:\docume~1\winikm1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: adp.com\netsecure
Trusted Zone: concureworkplace.com\myprod
Trusted Zone: icims.com\kyphon
Trusted Zone: kyphon.com\smartdev
Trusted Zone: medtronic.com\geprod
Trusted Zone: medtronic.com\getest
Trusted Zone: peopleclick.com\careers
Trusted Zone: peopleclick.com\my
Trusted Zone: peopleclick.com\my43
Trusted Zone: peopleclick.com\twa
Trusted Zone: peopleclick.com\webi
Trusted Zone: Trackwise
Trusted Zone: Trackwise-dev
Trusted Zone: Trackwise-stage
Trusted Zone: adp.com\netsecure
Trusted Zone: concureworkplace.com\myprod
Trusted Zone: icims.com\kyphon
Trusted Zone: kyphon.com\smartdev
Trusted Zone: medtronic.com\geprod
Trusted Zone: medtronic.com\getest
Trusted Zone: medtronic.com\laxm1261.corp
Trusted Zone: medtronic.com\laxm1361.corp
Trusted Zone: peopleclick.com\careers
Trusted Zone: peopleclick.com\my
Trusted Zone: peopleclick.com\my43
Trusted Zone: peopleclick.com\twa
Trusted Zone: peopleclick.com\Webi
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
mASetup: {006569E3-0002-4972-807B-85C2D83C0697} - c:\winnt\system32\cmd.exe /c xcopy "c:\winnt\activesetup\qtconf\quicktime.qtp" "%userprofile%\local settings\application data\apple computer\quicktime\" /y
mASetup: {26E76762-7F20-4694-AD06-CC3A9B547A71} - c:\winnt\system32\msiexec.exe /fu {26E76762-7F20-4694-AD06-CC3A9B547A71}
Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\winikm1\applic~1\mozilla\firefox\profiles\9f37r9vq.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 a320raid;a320raid;c:\winnt\system32\drivers\a320raid.sys [2010-5-18 251194]
R0 aarich;aarich;c:\winnt\system32\drivers\aarich.sys [2010-5-18 241815]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2009-3-2 124200]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec client security\Rtvscan.exe [2009-2-1 2440120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-21 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110509.019\NAVENG.SYS [2011-5-9 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110509.019\NAVEX15.SYS [2011-5-9 1393144]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 136176]
S3 COH_Mon;COH_Mon;c:\winnt\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 136176]
.
=============== Created Last 30 ================
.
2011-05-10 01:19:13 98816 ----a-w- c:\temp\30.tmp\SED.DAT
2011-05-10 01:19:13 89088 ----a-w- c:\temp\30.tmp\MBR.DAT
2011-05-10 01:19:13 518144 ----a-w- c:\temp\30.tmp\SWREG.DAT
2011-05-10 01:19:13 256512 ----a-w- c:\temp\30.tmp\PEV.DAT
2011-05-10 00:12:21 -------- d-----w- c:\winnt\system32\appmgmt
2011-05-09 19:04:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-09 19:04:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-05-09 17:53:36 54016 ----a-w- c:\winnt\system32\drivers\nhwqg.sys
2011-05-09 17:45:26 -------- d-----w- c:\docume~1\winikm1\applic~1\Malwarebytes
2011-05-09 17:45:22 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2011-05-09 17:45:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-09 17:45:18 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-05-09 17:45:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-09 17:39:39 0 ----a-w- c:\winnt\Mhipo.bin
2011-05-09 17:39:38 -------- d-----w- c:\docume~1\winikm1\locals~1\applic~1\{00619B20-26CD-4D80-91A0-8808E135A0B3}
2011-05-04 22:08:00 -------- d-----w- c:\docume~1\winikm1\locals~1\applic~1\Temp
2011-05-04 22:03:51 -------- d-----w- c:\docume~1\winikm1\locals~1\applic~1\Google
2011-05-04 20:46:53 25856 -c--a-w- c:\winnt\system32\dllcache\usbprint.sys
2011-05-04 20:46:53 25856 ----a-w- c:\winnt\system32\drivers\usbprint.sys
2011-05-04 20:46:42 303104 ----a-w- c:\winnt\system32\CNC560L.dll
2011-05-04 20:46:42 110592 ----a-w- c:\winnt\system32\CNC560I.dll
2011-05-04 20:46:42 106496 ----a-w- c:\winnt\system32\CNC560U.dll
2011-05-04 20:46:41 15872 ----a-w- c:\winnt\system32\CNHMCA.dll
2011-05-04 20:46:41 15104 -c--a-w- c:\winnt\system32\dllcache\usbscan.sys
2011-05-04 20:46:41 15104 ----a-w- c:\winnt\system32\drivers\usbscan.sys
2011-05-04 20:46:41 1310720 ----a-w- c:\winnt\system32\CNC560C.dll
2011-05-04 20:45:23 70656 ----a-w- c:\winnt\system32\spool\prtprocs\w32x86\CNMPPA0.DLL
2011-05-04 20:45:23 27648 ----a-w- c:\winnt\system32\spool\prtprocs\w32x86\CNMPDA0.DLL
2011-05-04 20:45:22 272384 ----a-w- c:\winnt\system32\CNMLMA0.DLL
2011-05-04 20:45:05 90112 ----a-w- c:\winnt\system32\CNC560O.dll
2011-05-04 20:45:05 178176 ----a-w- c:\winnt\system32\CNMIUA0.DLL
2011-05-04 20:36:33 -------- d-----w- c:\docume~1\winikm1\locals~1\applic~1\Adobe
2011-05-04 19:06:39 -------- d-sh--w- c:\documents and settings\winikm1\PrivacIE
2011-05-04 18:33:14 -------- d-sh--w- c:\documents and settings\winikm1\IETldCache
2011-05-04 18:28:17 81920 ----a-w- c:\winnt\system32\ieencode.dll
2011-05-04 18:28:17 81920 ----a-w- c:\winnt\system32\dllcache\ieencode.dll
.
==================== Find3M ====================
.
.
============= FINISH: 18:19:59.17 ===============
ken545
2011-05-17, 01:43
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)
ken545
2011-05-21, 17:29
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.