Click.Giftload, Virtumonde and Antivirus Antispyware OH MY...

[Mommazon]

Hello wonderful SpyBot support team!

I have read through the Before you Post bit and have done all that has been suggested with the ERUNT, DDS and attach.txt. My only reservation is how to get that info to this forum. I am on another computer in our network and I used a jump drive to download files and transfer them to the infected computer. (I had to disconnect the other from the home network to keep it's cooties to itself.) I fired it up in safe mode (I will get to how I finally achieved even that in a moment) I opened ERUNT and ran it, saved and exited, then ran DDS, saved and exited. as well I have the Spybot results copied and pasted.

My gut tells me that the wee txt files saved onto the jump drive would be fine to plug in and transfer what is necessary to the forum for sufficient assistance. However, I don't 100% know how devious these beasties are in getting onto my jumper and spreading their disease. I will wait for further instruction on how to proceed.

real quick I am running Windows XP svc pack3

Here's the low down of what started this "storm" of troubles and what I have done to remedy the situation. (thankfully I have read in the past that ComboFix is not for the unsavvy....so I have avoided that thus far until I have advisement to do so)

1- IE pop ups began randomly appearing...I recognized this and did not open anything. I went into Task Manager and ended any IE processes so that I could stop and run SpyBot, Malwarebytes and the MSE (Microsoft Security Essentials) that were already on the computer. (I have had better success with AVG, but it won't load with MSE on board)

2-Ran Spybot and it found several minor infections including click.giftload I fixed and removed them all.

3- Tried to restart computer...explorer.exe would not shut itself down, nor would it shut down the computer. did a hard shut down (held power down for 10 seconds until shut down)

4- restarted computer and no explorer.exe at all...would fire up and go to the use profile...but no icons, no start menu...nada. hard shut down again (yes I cringe each time I have to do it...I know it's not good...but...)

5- The next morning I came out to try round 2, everything started up just fine....even explorer....I ran spybot again and it only found click.giftload....YAY Progress!

6...to make a long story short, I have run Spybot, then malwarebytes (after a few fights with Antivirus Antispyware 2011 now popping up) and it removed another fistfull of infections. Couldn't get AA2011 though...I ran Rkill, THEN malwarebytes and knocked it out...ran Spybot again and now it is finding the click.giftload, Virtumonde.prx and Microsoft.WindowsSecurityCenter_disabled...I fix them and it says they are all removed, but then they restart the computer, they are back again.

So...here I am...

I appreciate any assistance you can give.

S

edit...I have also run MSE, but it repeatedly says no infections found...
when I had no explorer I clicked Control/alt/delete to get task manager to open and clicked File -> New task "explorer.exe" then run....it took a few tries to get that to work, but it did and once I was able to successfully shut down the computer...I was able to reopen in Safe Mode as Administrator.