Results 1 to 2 of 2

Thread: Click.GiftLoad Attack-Please help!

  1. #1
    Junior Member 6czr407's Avatar
    Join Date
    Apr 2011
    Posts
    1

    Default Click.GiftLoad Attack-Please help!

    My laptop is running on Windows Vista Business and I started experiencing problems with the browser. It started redirecting me to unwanted pages. I downloaded SpybotS&D and I found that I have a Hijaker called Click.GiftLoad.

    Unfortunately, every time I remove it using SpybotS&D, it comes back. It has caused malfunction of my laptop as it now won't shut down and keeps restarting at all times and is giving me a Blue Screen. The last time Spybot refused to remove it because I don't have Administrator level and I am signed in as Administrator!

    Below are the DDS and SpybotS&D reports.

    I would greatly appreciate your help in solving this problem.


    DDS (Ver_11-03-05.01) - NTFSx86
    Run by User at 22:55:30.74 on Fri 04/29/2011
    Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_19
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.830 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-

    1B136EB04637}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-

    206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Protector Suite QL\upeksvr.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\prevhost.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Pablo Pinedo\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://www.sony.com/b2bvaio/
    mDefault_Page_URL = hxxp://www.sony.com/b2bvaio/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!

    \companion\installs\cpn0\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} -

    c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!

    \companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1

    \SDHelper.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!

    \common\yiesrvc.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

    files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common

    files\mcafee\systemcore\ScriptSn.20110114105431.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

    files\google\googletoolbar2.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1

    \mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

    files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!

    \companion\installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!

    \companion\installs\cpn0\yt.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1

    \mcafee\sitead~1\mcieplg.dll
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    dRun: [20090604] c:\program files\broderbund\mavis beacon deluxe - 25th anniversary

    edition\regapp\encore_reg.exe /r "c:\program files\broderbund\mavis beacon deluxe - 25th anniversary

    edition\regapp\encore_reg.rpd"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

    c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

    c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: prdsforms.com\www
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

    hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-

    9ac6be844f99/OGAControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19

    -windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

    hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

    1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

    1_6_0_19-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

    hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1

    \McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1

    \McIEPlg.dll
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program

    files\mimectl.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - c:\program files\protector suite ql\psqlpwd.dll
    Notify: VESWinlogon - VESWinlogon.dll
    LSA: Notification Packages = scecli psqlpwd c:\program files\protector suite ql\psqlpwd.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\pablop~1\appdata\roaming\mozilla\firefox\profiles\8hvlz4ix.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-8 64160]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-17 386840]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-17 64304]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-14 164840]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-17 55840]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-17 152960]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-17 52104]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-17 313288]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32

    Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-7-29 4232704]
    R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-7-24 9472]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-17 84264]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys

    [2006-11-7 92160]
    S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-17 84072]
    .
    =============== Created Last 30 ================
    .
    2011-04-29 19:29:27 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition

    updates\{4222e1f5-8dea-4a90-bc26-ca657ca44e1d}\mpengine.dll
    2011-04-29 05:47:19 -------- d-----w- c:\users\pablop~1\appdata\local\Microsoft Corporation
    2011-04-29 05:43:36 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-04-29 01:53:51 -------- d-----w- c:\windows\LMIB8A5.tmp
    2011-04-26 22:58:47 -------- d-----w- c:\program files\Trend Micro
    2011-04-25 17:19:18 -------- d-----w- c:\users\pablop~1\appdata\local\Sunbelt Software
    2011-04-25 17:15:24 -------- dc-h--w- c:\progra~2\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
    2011-04-13 18:22:54 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-13 18:22:51 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-13 18:22:48 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-04-13 18:22:44 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    .
    ==================== Find3M ====================
    .
    2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-03 01:11:20 222080 ----a-w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 23:03:24.40 ===============

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Is this a company computer ? Read Post #5 in Before you post
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •