Click.giftload keeps coming back, Google search results redirect

**Blottedisk** · 2011-04-09, 15:11

Hi,

Yes the Choose an Operative System thing has to do with the Recovery Console. Just choose your Operative System when you turn on the machine. Shall a problem arise in the future in whereas you can't log in to Windows, the recovery console will be of hand.

The log says I have an AVG firewall. I uninstalled AVG. What's up with that?

It may be a bug, if you uninstalled AVG then it's fine.

Avast does not provide a Firewall. When we finish, I'll recommend you some standalone firewalls.

Please follow these steps:

Step 1 | Please download CCleaner (freeware)

Run the installer.
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Next: click Options (in the left panel) and click the Advanced button.
Uncheck: "Only delete files in Windows Temp folders older than 24 hours."
Go back to Cleaner (in the left panel) and click the Run Cleaner button (bottom right). Then exit CCleaner.

Step 2 | Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

Step 3 | Let's perform an ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Now click on: (Selecting Uninstall application on close if you so wish)

**felix_phillips** · 2011-04-09, 23:14

Hi Blottedisk;

Good to know!

Already had CCleaner and Malwarebytes' Anti-Malware. Made sure to update them both before running scans.

Here are the logs.

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6320

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/9/2011 11:22:48 AM
mbam-log-2011-04-09 (11-22-48).txt

Scan type: Quick scan
Objects scanned: 173216
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=963694f96bc4024fabb0072351411f33
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-09 09:07:43
# local_time=2011-04-09 03:07:43 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 16919011 16919011 0 0
# compatibility_mode=1029 16777214 0 1 13998227 13998227 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=228704
# found=3
# cleaned=0
# scan_time=12617
C:\Documents and Settings\All Users\Application Data\ReviverSoft\RegistryReviver\InstallCache\{63E13B95-3168-481C-A8DF-FBE0DCDF5699}\Registry Reviver.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ben\Application Data\OpenCandy\OpenCandy_23F393C78FB64604A1048455F473E285\PPIRegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ben\Application Data\OpenCandy\OpenCandy_23F393C78FB64604A1048455F473E285\PPIRegistryReviver_p21v1.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I

**Blottedisk** · 2011-04-10, 02:38

Hi felix_phillips,

Please do the following:

ComboFix - CFScript

WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

Code:

Folder::
C:\Documents and Settings\All Users\Application Data\ReviverSoft
C:\Documents and Settings\Ben\Application Data\OpenCandy

Save it to your desktop as CFScript.txt
Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

**felix_phillips** · 2011-04-10, 09:18

Hi Blottedisk;

Here's the log

ComboFix 11-04-04.01 - Ben 04/10/2011 0:40.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1151 [GMT -6:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ReviverSoft
c:\documents and settings\All Users\Application Data\ReviverSoft\RegistryReviver\Backup\Backup_December_14_10_14_04_29.reg
c:\documents and settings\All Users\Application Data\ReviverSoft\RegistryReviver\InstallCache\{63E13B95-3168-481C-A8DF-FBE0DCDF5699}\1033.MST
c:\documents and settings\All Users\Application Data\ReviverSoft\RegistryReviver\InstallCache\{63E13B95-3168-481C-A8DF-FBE0DCDF5699}\Registry Reviver.msi
c:\documents and settings\All Users\Application Data\ReviverSoft\RegistryReviver\LOGS\LOGS_12_14_2010_13_51_33_PM.log
c:\documents and settings\All Users\Application Data\ReviverSoft\RegistryReviver\TipofDay_EN.xml
c:\documents and settings\All Users\Application Data\ReviverSoft\RegistryReviver\wxfdata.wxf
c:\documents and settings\Ben\Application Data\OpenCandy
c:\documents and settings\Ben\Application Data\OpenCandy\OpenCandy_23F393C78FB64604A1048455F473E285\DLMgr_3_1.6.87.exe
c:\documents and settings\Ben\Application Data\OpenCandy\OpenCandy_23F393C78FB64604A1048455F473E285\PPIRegistryReviver_p21v1.exe
c:\documents and settings\Ben\Application Data\OpenCandy\OpenCandy_23F393C78FB64604A1048455F473E285\PPIRegistryReviverSetup.exe
c:\documents and settings\Ben\Application Data\OpenCandy\OpenCandy_23F393C78FB64604A1048455F473E285\RevStarter.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-09 02:02 . 2011-04-09 02:02 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\{3225C812-5FB8-41CE-B15F-997F80151000}
2011-04-08 23:23 . 2011-03-23 16:11 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{07C94D25-B1E9-423A-A699-148C2A81A280}\mpengine.dll
2011-04-06 04:59 . 2011-04-06 04:59 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-04-06 00:21 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-06 00:21 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-06 00:21 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-06 00:21 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-06 00:21 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-06 00:21 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-06 00:21 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-06 00:21 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-06 00:21 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-06 00:21 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-06 00:20 . 2011-04-06 00:20 -------- d-----w- c:\program files\AVAST Software
2011-04-06 00:20 . 2011-04-06 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-03 05:58 . 2011-04-03 05:58 -------- d-----w- c:\program files\ERUNT
2011-03-30 19:03 . 2011-03-30 19:03 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-03-26 19:09 . 2011-03-26 19:09 -------- d-----w- C:\317bb37b7087d03d9fb4
2011-03-26 19:08 . 2011-03-26 19:08 -------- d-----w- C:\c412b583335e06bfc5d36f7ea4
2011-03-14 04:29 . 2011-03-14 04:29 -------- d-----w- C:\9f4842b56dc6715b1987c669f9712195
2011-03-14 04:28 . 2011-03-14 04:28 -------- d-----w- C:\dda3748e091980e003ec6d2272b9
2011-03-12 04:59 . 2011-04-09 17:08 -------- d-----w- c:\program files\CCleaner
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 00:21 . 2010-11-19 20:31 1409 ----a-w- c:\windows\QTFont.for
2011-03-23 16:11 . 2009-10-17 14:04 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-13 00:05 . 2010-05-25 21:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-13 00:05 . 2009-09-01 16:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-05 20:59 . 2011-03-05 20:59 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-04 08:20 . 2011-03-05 20:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-04 08:20 . 2011-03-05 21:37 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-11 02:30 . 2011-02-11 02:30 40960 ----a-r- c:\documents and settings\Ben\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-02-11 02:30 . 2011-02-11 02:30 40960 ----a-r- c:\documents and settings\Ben\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-02-09 13:53 . 2008-04-14 04:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 04:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 00:11 . 2009-10-17 14:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2008-04-14 04:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-04-14 04:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 04:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-05_19.42.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2010-04-25 22:53 . 2010-04-25 22:53 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2011-04-10 06:23 . 2011-04-10 06:23 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2011-04-10 06:23 . 2011-04-10 06:23 16384 c:\windows\Temp\Perflib_Perfdata_574.dat
- 2010-06-05 04:39 . 2010-12-17 08:58 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-05 04:39 . 2011-04-06 05:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2008-04-14 04:00 . 2008-04-14 04:00 135168 c:\windows\system32\shsvcs.dll
+ 2008-04-14 04:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
+ 2008-04-14 04:00 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
- 2008-04-14 04:00 . 2008-04-14 04:00 135168 c:\windows\system32\dllcache\shsvcs.dll
- 2008-04-14 04:00 . 2008-04-14 04:00 270848 c:\windows\system32\dllcache\sbe.dll
+ 2008-04-14 04:00 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
- 2008-04-14 04:00 . 2008-04-14 04:00 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2008-04-14 04:00 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2008-04-14 04:00 . 2008-04-14 04:00 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-04-14 04:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-04-10 05:52 . 2011-04-10 05:52 817152 c:\windows\Installer\134683b.msi
+ 2008-04-14 04:00 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2009-09-01 14:56 . 2011-04-07 00:34 37943240 c:\windows\system32\MRT.exe
+ 2011-04-06 04:58 . 2011-04-06 04:58 20308992 c:\windows\Installer\e5251d.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 68856]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-24 159744]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-29 16805888]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-09 466944]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-08 864576]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-10-28 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Ben\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Ben\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Documents and Settings\\Ben\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\Tqit.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\help.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57738:TCP"= 57738:TCP:Pando Media Booster
"57738:UDP"= 57738:UDP:Pando Media Booster
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [3/7/2008 10:24 PM 176136]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/5/2011 2:59 PM 64512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/15/2010 9:59 PM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/5/2011 6:21 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/5/2011 6:21 PM 301528]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/13/2008 10:00 PM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/5/2011 6:21 PM 19544]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 2:11 PM 16384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/28/2011 3:41 PM 1242504]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/25/2008 10:36 PM 45056]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [5/13/2008 1:49 PM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [6/12/2008 10:30 AM 43608]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [5/28/2008 6:54 PM 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2009 5:25 PM 135664]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/25/2008 10:36 PM 131072]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/4/2011 2:20 AM 1753048]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [3/4/2011 2:20 AM 15232]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [12/25/2007 11:23 PM 17968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\Ad-Aware Scan (Regular).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-04 07:58]
.
2011-04-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-04 07:58]
.
2011-04-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-ACER-A3FE35D430-Ben.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-18 09:44]
.
2011-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-01 02:36]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f16350793a6.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 23:25]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cb6f1636e2079c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 23:25]
.
2011-04-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\c67mdut8.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 01:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-04-10 01:11:38
ComboFix-quarantined-files.txt 2011-04-10 07:11
ComboFix2.txt 2011-04-09 00:10
ComboFix3.txt 2011-04-06 02:07
ComboFix4.txt 2011-04-05 19:50
.
Pre-Run: 23,519,834,112 bytes free
Post-Run: 23,460,466,688 bytes free
.
- - End Of File - - 4F8B2A3DF39548DC1A24029700538A3D

**Blottedisk** · 2011-04-10, 17:03

Hi felix_phillips,

Congratulations, we are done. Please follow these last set of instructions:

Step 1 | Delete ComboFix and Clean Up

The following will implement some cleanup procedures as well as reset System Restore points. Click Start > Run and copy/paste the following underlined text into the Run box and click OK:

ComboFix /Uninstall

Please advise if this step is missed for any reason as it performs some important actions.

Step 2 | Please download OTC by OldTimer to your desktop and run it

Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Also, please delete manually the following files in your desktop (move the files to the bin or right-click the files and choose "Send to recycle bin"):
- mbr.exe
- aswMBR.exe
- MBR.dat
- The logfile genereted by aswMBR

Step 3 | Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

Download the latest version of Adobe Reader Version X. and save it to your desktop.
Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered.
Click the download button at the bottom.
If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
If you are unsure of how to use Add or Remove Programs, the please see this tutorial: How To Remove An Installed Program From Your Computer
Then from your desktop double-click on Adobe Reader to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the "Adobe Setup - Welcome" window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
Click on Help and select Check for Updates.
A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
In the window that opens click Install.
Once the update is done click Close.
Your Adobe Reader is updated now.

Step 4 | I don't see any evidence of a 3rd Party Firewall installed on your computer. If you have one installed, make sure it's functioning properly. As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access from the outside world. Firewalls protect against hackers and malicious intruders.

If you do not have a firewall installed...
I strongly recommend you download a free (for personal use) firewall NOW that monitors traffic in both directions... from one of these vendors:

Comodo (Is now bundled with AV software, toolbar and search provider. Opt to install only the firewall software... uncheck the rest)
Online Armor Free (Free version at bottom of page (XP/Vista/W7 (32bit).) 64bit version not available yet. Some reported conflicts with Avira AntiVir.
ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
Ashampoo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a very basic firewall. This (XP) firewall is NO replacement for a dedicated software solution. Remember to install and have active, only one firewall at the same time. If you install one of these firewalls, remember to turn off Windows' firewall.

Step 5 | You are also operating your computer with multiple Anti Virus programs running in memory at once:

avast! Antivirus
Lavasoft Ad-Watch Live! Anti-Virus

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having more than one program running at the same time can cause your computer to run very slow, become unstable, conflicts, errors, false positives, etc...

Please go to Start --> Run and type appwiz.cpl and press enter. Uninstall either avast! or Lavasoft's Ad-Watch.

Last Step | Now, in order to avoid future infections, please take time to read the following article:

So how did I get infected in the first place?

Thank you for your patience, and performing all of the procedures requested. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed

**felix_phillips** · 2011-04-10, 20:11

Hi Blottedisk;

Well great! Thanks for all your help!

Cleaned up, updated Adobe Reader, installed ZoneAlarm, uninstalled Ad-Watch, installed SpywareBlaster and used the immunize feature of Spybot S&D.

Just the one question: I noticed on another topic that after someone had removed click.giftload, it showed up one last time in a Spybot S&D scan. But, it was just a case of the registry file not being deleted, not a case of reinfection. If it pops up next time I run Spybot S&D, but doesn't show up after that, can I assume that that was the case?

**Blottedisk** · 2011-04-10, 20:57

Hi felix_phillips,

You are correct. If you run Spybot S&D now, and it detects Click.Giftload, just remove it. It's not a reinfection, it's just the key that hasn't been removed during the malware removal process.

**felix_phillips** · 2011-04-10, 23:29

Hi Blottedisk;

Great! Then I have no more questions! Thanks for all your help! Hopefully I won't be back again. :P I'll try to be more careful about what sites I visit and what I download in the future. I'll be sure to recommended this forum to anyone I know experiencing malware problems.

Thanks again!

**Blottedisk** · 2011-04-11, 14:41

You are welcome

Kind Regards,
Blottedisk.

Since this issue appears to be resolved, this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

**Blottedisk** · 2011-04-11, 18:55

Topic reopened by request of topic starter

Hi felix_phillips,

Can you please describe the new symptoms?

Thread: Click.giftload keeps coming back, Google search results redirect

Thread Tools

Display

Posting Permissions