Hi,

Spybot detected Click.GiftLoad.
Can someone help to remove this beast ?

thanks in advance

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Patrick at 11:56:48,62 on za 14/05/2011
Internet Explorer: 7.0.5730.13
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrick\Bureaublad\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.euro.dell.com/
uWindow Title =
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [JDK5SWFMZY] c:\docume~1\patrick\locals~1\temp\Adl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [BuildBU] c:\dell\bldbubg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [A9YA3MI1CF] c:\windows\temp\Adl.exe
dRun: [KCSCPW1HKH] c:\windows\temp\Adk.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll,, mnrnmuxs.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\patrick\applic~1\mozilla\firefox\profiles\gsdxxua1.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R? ccfc;ccfc
R? GHTJJGIN;GHTJJGIN
R? gupdate;Google Updateservice (gupdate)
R? gupdatem;Google Update-service (gupdatem)
R? Hou85;Hou85
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? msvsmon80;Visual Studio 2005 Remote Debugger
R? Pxf87;Pxf87
R? srv830;srv830
S? DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1)
S? DB2NTSECSERVER_DB2COPY1;DB2 Security Server (DB2COPY1)
S? FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance
S? FirebirdServerDefaultInstance;Firebird Server - DefaultInstance
S? GTIPCI21;GTIPCI21
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
.
=============== File Associations ===============
.
inifile=c:\program files\boxer text editor\b.exe "%1"
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-05-10 17:58:45 -------- d-----w- C:\screening
2011-05-01 12:17:33 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2011-05-14 09:01:28 0 ----a-w- c:\windows\system32\tmp.tmp
2011-02-15 18:29:29 31744 ----a-w- c:\windows\system32\mnrnmuxs.dll
2001-05-24 10:59:30 162304 ----a-w- c:\program files\UNWISE.EXE
1999-05-23 23:17:58 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS726060M9AT00 rev.MH4OA6EA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86E87EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85d4d872; SUB DWORD [EBP-0x4], 0x85d4d12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86F92AB8]
3 CLASSPNP[0xF75DBFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86EFC4D8]
[0x86F5C330] -> IRP_MJ_CREATE -> 0x86E87EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS726060M9AT00_________________________MH4OA6EA#5&36c68b59&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86E87AEA
user & kernel MBR OK
sectors 117210238 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:03:15,80 ===============