CLick.Giftloader Re-appearing and possible rootkit infection.

**super.duper** · 2011-04-28, 03:02

Originally Posted by ken545

What I am trying to say is that I could be wrong but it sounds like your system may not be a candidate for Win7, it may not have the requirements.

You can try this tool
http://windows.microsoft.com/upgradeadvisor

On eBay, you can buy an the actual Windows XP CD legally, with the newer operating systems out now , Vista and Win7, the XP CDs are going for a song, this is not the recovery disk I am talking about, its the full windows CD that is brand new still in the box.

Remember, most of your programs are infected, not a good idea to back them up and reinstall them

Yeah the disk came with that compatinilty feature. I ran it everything seemed okay. I was just mentionin it. I will go search for the new windows Xp package then, hopefully i can find myself a good deal.

**super.duper** · 2011-04-28, 04:22

i just wann amek sure i have your blessings before i do anything

**ken545** · 2011-04-28, 10:38

Look for OEM for XP, it will still be shrinkwraped

**super.duper** · 2011-04-29, 02:13

So problem solved? Get the disk pop it in reformat and wallah!?
Thread closed?
Thanks once again for all your help truly appreciated and i realize, as i hope everyone else does too, that you guys use your own time to do this and do it out of the kindness of your hearts. Thanks.

Just outta curiosity, lets say i where to upgrade to windows 7, and download Spybot, Malware Bytes and the complementary Microsoft security essentials, then run a scan on files from "old windows" and if they appeared to be "clean" while some show up as infected. Could the "un-infected" programs be brought up, and have the rest of the "old windows" files deleted? The new Windows 7 Os being clean inn itself finding threats only in the old.windows, file.

Just hypothetically speaking, i don't wanna take up anymore of your time

Xp disk, install from disk, reformat partitions and drive C.
Or use the Dell re-boot disk option, ill talk to them and see what they say the guys at WTT wanted some info. on that so i will post it there when i get it.

**ken545** · 2011-04-29, 12:15

I dont know if I am understanding what your trying to do with old windows, outside of your data like word documents and pictures , I would just bite the bullet on the rest and do clean downloads and installs on the programs that you want to install.

Have you tried the Win 7 upgrade adviser to see if you system will accept win7 ?

If you get the Recovery Disks from Dell, that will bring your computer back to factory defaults, you should be ok and then again a format and reinstall is a good option also, you can do either or..

Which ever path you take, when your up and running you need to re evaluate your surfing habits, look at all the trouble your having with letting your guard down like you have. Stay away from any illegal software, stay away from any File Sharing like the Torrents or sites like Limewire, get an email from someone you dont know, dont even open it, send it right to the trash

Good luck with you new endeavor

Ken

**super.duper** · 2011-04-30, 06:18

It was "Leapyear" the movie

1st amd last time?
Decent movie.
Im against torentting and P2P and anything not legal.

If your curious, ...read the following

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Computer at 20:42:36.35 on Fri 04/29/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1263 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\dotNetFx40_Client_x86.exe
C:\Users\Computer\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\7b08b4b8f5958fb7ad47bd9d\Setup.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\rpd3zuol.default\
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslbee3a9ea;MpKslbee3a9ea;c:\programdata\microsoft\microsoft antimalware\definition updates\{486670b3-9f08-4774-b4fa-9d274c9444ef}\MpKslbee3a9ea.sys [2011-4-29 28752]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 qic157;qic157;c:\windows\system32\drivers\qic157.sys [2009-7-13 8192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-29 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
.
=============== Created Last 30 ================
.
2011-04-30 03:42:24 -------- d-----w- C:\7b08b4b8f5958fb7ad47bd9d
2011-04-30 03:26:52 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{486670b3-9f08-4774-b4fa-9d274c9444ef}\MpKslbee3a9ea.sys
2011-04-30 02:43:33 -------- d-----w- c:\windows\system32\SPReview
2011-04-30 02:43:05 -------- d-----w- c:\windows\system32\EventProviders
2011-04-30 02:42:26 -------- d-----w- c:\users\computer\appdata\roaming\Malwarebytes
2011-04-30 02:42:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 02:42:19 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-30 02:42:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 02:42:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 02:12:21 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-30 02:12:21 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-30 02:12:21 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-30 02:12:14 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-04-30 01:40:14 469256 ----a-w- c:\program files\common files\windows live\.cache\8b83b94e1cc06d743\InstallManager_WLE_WLE.exe
2011-04-30 01:35:25 15712 ----a-w- c:\program files\common files\windows live\.cache\e0de49a01cc06d637\MeshBetaRemover.exe
2011-04-30 01:28:45 525656 ----a-w- c:\program files\common files\windows live\.cache\f1bb40431cc06d529\DXSETUP.exe
2011-04-30 01:28:45 1691480 ----a-w- c:\program files\common files\windows live\.cache\f1bb40431cc06d529\dsetup32.dll
2011-04-30 01:28:44 94040 ----a-w- c:\program files\common files\windows live\.cache\f1bb40431cc06d529\DSETUP.dll
2011-04-30 01:28:33 94040 ----a-w- c:\program files\common files\windows live\.cache\ea0250601cc06d528\DSETUP.dll
2011-04-30 01:28:33 525656 ----a-w- c:\program files\common files\windows live\.cache\ea0250601cc06d528\DXSETUP.exe
2011-04-30 01:28:33 1691480 ----a-w- c:\program files\common files\windows live\.cache\ea0250601cc06d528\dsetup32.dll
2011-04-30 01:14:37 6260088 ----a-w- c:\program files\common files\windows live\.cache\f7b427bb1cc06d315\Silverlight.4.0.exe
2011-04-30 01:03:32 -------- d-----w- c:\users\computer\appdata\local\Windows Live
2011-04-30 01:03:29 -------- d-----w- c:\program files\common files\Windows Live
2011-04-30 01:02:05 -------- d-----w- c:\windows\system32\Wat
2011-04-30 00:54:59 584192 ----a-w- c:\windows\system32\gpprefcl.dll
2011-04-30 00:53:59 828928 ----a-w- c:\windows\system32\fontext.dll
2011-04-30 00:52:59 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-04-30 00:51:45 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-30 00:51:35 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-30 00:51:35 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-30 00:50:43 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-30 00:50:43 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-30 00:01:05 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-30 00:01:05 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-30 00:01:02 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-30 00:01:01 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-30 00:01:00 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-29 23:31:50 -------- d-----w- c:\users\computer\appdata\local\Mozilla
2011-04-29 23:31:08 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{a93ae193-f615-4b67-abaa-ccc98faaaacd}\gapaengine.dll
2011-04-29 23:29:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-29 23:29:34 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-29 23:29:33 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{486670b3-9f08-4774-b4fa-9d274c9444ef}\mpengine.dll
2011-04-29 09:07:15 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-04-29 09:07:11 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{dee5f568-3c2e-45e4-8293-f0010a9ee07c}\mpengine.dll
2011-04-29 05:02:29 -------- d-sh--w- c:\windows\Installer
2011-04-29 05:02:29 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-29 04:52:53 -------- d-----w- c:\windows\Panther
2011-04-29 04:46:13 -------- d-----w- C:\Windows.old
2011-04-29 04:37:06 1699328 ----a-w- c:\windows\system32\esent.dll
2011-04-29 04:37:06 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-29 04:37:06 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-29 04:37:05 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-29 04:37:05 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-29 04:37:05 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-29 04:37:04 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-29 04:37:04 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-29 04:37:04 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-29 04:36:51 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-29 04:36:48 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-29 04:36:09 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-29 04:34:56 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-29 04:34:56 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-29 04:34:11 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 04:31:43 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-29 04:27:42 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-29 04:27:42 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-29 04:27:42 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-29 04:27:41 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-29 04:27:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-29 04:25:23 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 04:25:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-29 04:25:23 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 04:25:23 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-29 04:06:28 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-29 02:59:28 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-04-30 03:15:43 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 05:30:54 2616320 ----a-w- c:\windows\explorer.exe
2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-12 05:35:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
.
============= FINISH: 20:45:25.13 ===============

Would it be safe to acces my bank account? It provides a free 1 yr subscription of McAfee. and rapport. You have an opinion on McAfee? Thanks

**ken545** · 2011-04-30, 08:29

Until your totally clean after the reinstall of windows I would do banking from another clean computer

**super.duper** · 2011-04-30, 18:41

So im not clean? I did a clean install. I booted from the CD/DVD and deleted the partitions. THe current "old.windows" you see is due to an accidental twice installed Windows 7, after the Clean Install.

**ken545** · 2011-04-30, 19:33

I linked you to the windows forum for help in reinstalling windows, at this point I have no idea what your doing on your own. After you format your drive and do a clean install of windows post back and we can go from there,

**super.duper** · 2011-04-30, 20:00

well basically what i did was deleted all the old partition in the HDD, then just installed Windows 7. I deleted the Partitions from the Old Windows Xp, along wiht all the other partitions, before i installed this one, so I thought deleting the partitions would be = to re-formatting. Basically my system is Windows 7 now it doesn't have any programs from my old OS, .If i need to reformat then Ill do it.

Thread: CLick.Giftloader Re-appearing and possible rootkit infection.

Thread Tools

Display

Tags for this Thread

Posting Permissions