Hello,
I have recently discovered an issue on my computer with Click.GiftLoad. I noticed the effects of it after I restored my computer to the factory settings due to what I believe was a virus. After I realized what the problem was, I downloaded Spybot and attempted to use that to fix it. When it kept coming back, I restored my computer again. Obviously, that didn't work either... So, I've come here for help. I read the post about what to do prior to creating a thread and need to mention some of those thing as well. First, I attempted to turn Spybot's TeaTimer off, but I never got any prompts to OK. I rebooted the computer anyway and, when I checked the TeaTimer, it was turned back on. Also, I downloaded, installed, and ran ERUNT, but, after my computer rebooted, I got a message saying that the save failed and any restores would have to be done using the OS boot disk. I have no idea what's going on with my computer and would really appreciate any help that can be given.

DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Rain at 0:06:51.05 on Wed 03/30/2011
Internet Explorer: 7.0.6000.16473
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1013.225 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\Rain\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\ALaunch\ALaunch.exe
C:\Windows\ery.exe
C:\Windows\ery.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\Temp\bye166C.tmp\Disk1\CheckD2DSystem.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rain\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://en.us.acer.yahoo.com
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [Acer Tour] c:\acer\acertour\AcerTour.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SetPanel] c:\acer\apanel\APanel.cmd
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [eRecoveryService]
StartupFolder: c:\users\rain\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: Free YouTube to MP3 Converter - c:\users\rain\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: eNetHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rain\appdata\roaming\mozilla\firefox\profiles\mqgmut40.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-25 64512]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20110322.001\IDSvix86.sys [2011-3-25 287792]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-9-3 50688]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-22 1405384]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-25 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-9-3 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-9-3 102760]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2011-3-25 1251720]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-8-3 38448]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-22 15232]
.
=============== Created Last 30 ================
.
2011-03-29 22:13:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-27 00:58:28 -------- d-----w- c:\program files\CCleaner
2011-03-26 07:06:26 -------- d-----w- c:\users\rain\appdata\local\Adobe
2011-03-26 03:38:20 -------- d-----w- c:\users\rain\appdata\roaming\DVDVideoSoftIEHelpers
2011-03-26 03:36:52 -------- d-----w- c:\program files\DVDVideoSoft
2011-03-26 03:36:52 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-03-26 02:44:04 -------- d-----w- c:\program files\FreeTime
2011-03-26 02:17:35 -------- d-----w- C:\My Zip Files
2011-03-26 02:17:23 -------- d-----w- c:\program files\CoffeeCup Software
2011-03-26 02:12:50 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-26 00:25:14 3 ----a-w- c:\windows\AFirst.cmd
2011-03-26 00:25:13 16437832 ----a-w- c:\windows\eRy.exe
2011-03-26 00:25:07 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-03-26 00:25:07 100358 ----a-w- c:\windows\system32\Vxdif.dll
2011-03-26 00:25:06 154624 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-03-26 00:24:56 336 ----a-w- c:\windows\ACERTOURREMINDERRUN.REG
2011-03-26 00:24:53 55808 ----a-w- c:\windows\devcon.exe
2011-03-26 00:24:53 23 ----a-w- c:\windows\system32\$Acer$.cmd
2011-03-26 00:24:53 23 ----a-w- c:\progra~2\microsoft\crypto\rsa\machinekeys\$Acer$.cmd
2011-03-26 00:24:53 1550 ----a-w- c:\windows\CLEANUP.CMD
2011-03-25 23:30:44 -------- d-----w- c:\users\rain\appdata\local\Mozilla
2011-03-25 21:47:37 -------- d--h--w- c:\windows\PIF
2011-03-25 21:07:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-25 21:07:14 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-25 20:57:40 -------- d-----w- c:\users\rain\appdata\roaming\Acer
2011-03-25 20:52:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-25 20:51:29 -------- dc-h--w- c:\progra~2\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
2011-03-25 20:50:51 -------- d-----w- c:\program files\Lavasoft
2011-03-25 20:49:50 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
2011-03-25 20:49:50 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
2011-03-25 20:49:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-03-25 20:49:49 368640 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-03-25 20:47:23 -------- d-----w- c:\program files\Apoint2K
2011-03-25 20:46:05 -------- d-----w- c:\program files\Acer Assist
2011-03-25 20:46:04 -------- d-----w- c:\program files\Acer Registration
2011-03-25 20:43:50 -------- d-----w- c:\program files\Launch Manager
2011-03-25 20:43:07 -------- d--h--w- c:\users\rain\appdata\local\acer eNM
2011-03-25 20:42:12 -------- d-----w- c:\users\rain\appdata\local\Acer Arcade
2011-03-25 20:41:42 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-25 20:41:21 -------- d-----w- c:\users\rain\appdata\local\VirtualStore
2011-03-25 20:41:09 83554304 ----a-w- c:\windows\system32\acer.scr
2011-03-25 20:41:03 40368034 ----a-w- c:\windows\system32\acer.exe
2011-03-25 20:41:00 -------- d-----w- c:\program files\Acer Inc
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: Hitachi_HTS541680J9SA00 rev.SB2OC70P -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85B64439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85b6a7d0]; MOV EAX, [0x85b6a84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x81C67C65] -> \Device\Harddisk0\DR0[0x854C5180]
3 nt[0x81CA811D] -> nt!IofCallDriver[0x81C67C65] -> [0x84FCE968]
5 acpi[0x8047B32A] -> nt!IofCallDriver[0x81C67C65] -> [0x85008BB0]
\Driver\atapi[0x85B49E38] -> IRP_MJ_CREATE -> 0x85B64439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC70P#5&33632e6b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 0:08:10.78 ===============


Spybot Log:

Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe