PC #1 - Click.Giftload - Please please help! Thanks

[Macattak1]

Avira:

Is up to date including manual update of VDF files which helped me, I believe, to find a whole lot more infections then hours or day previous.

23 of them!

~~~~~~~~~~~~~~~~

MWB quick scan:

No reboot requested.

~~~~~~~~~~~~~~~~~~~~~~

Defogger:

Downloaded, run, NO errors or pops. Rebooted.

~~~~~~~~~~~~~~~~~~~~~~

DDS scan:

*** It might be nice if DDS directions stated YOU MUST save to your desktop (because you wont be able to find the file as it gets

deleted???) *** And the compressed zipped folder is going to throw many off.

=============== Created Last 30 ================

2011-04-05 13:55:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-05 13:54:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-05 13:54:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-03 21:01:34 -------- d-----w- c:\program files\RegistryCleanerFree

2011-04-03 20:36:05 -------- d-----w- c:\docume~1\tim\applic~1\RegistryCleanerFree

2011-04-03 20:36:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegistryCleanerFree

2011-04-03 20:23:10 -------- d-----w- c:\program files\Microsoft Security Client

2011-04-03 19:55:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-04-03 19:55:02 -------- d-----w- c:\program files\IObit

2011-04-03 18:18:42 21768 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS

2011-04-03 18:15:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2011-04-02 15:34:28 54016 ----a-w- c:\windows\system32\drivers\ncppr.sys

2011-04-02 14:36:28 -------- d-----w- c:\docume~1\tim\applic~1\Malwarebytes

2011-04-02 14:36:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-02 01:16:07 -------- d-----w- c:\program files\ESET

==================== Find3M ====================

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3320613AS rev.CC2F -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-12

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B28B439]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b2917d0]; MOV EAX, [0x8b29184c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk1\DR1[0x8B302AB8]

3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B2601F8]

\Driver\atapi[0x8B32BB08] -> IRP_MJ_CREATE -> 0x8B28B439

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP5T0L0-1f -> \??\IDE#DiskST3320613AS_____________________________CC2F____#5&bff6d34&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8B28B27F

user != kernel MBR !!!

sectors 625142446 (+190): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 13:54:33.65 ===============

Attach.zip

[Mainard]

Hello, and welcome to Malwarebytes.org

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

You can follow the directions below and someone will assist you with running scans on your system to see if they can detect anything.

Please print out, read and follow the Directions HERE, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Thank you very much.

[Macattak1]

Oh my gosh, after all that I put it in the wrong forum. So sorry and thanks.

You can wait 30 min and delete if you like?

Regards,

Mac

[LDTate]

Replied in the Malware Forum