Google Redirect / Win32 Services error

[wet]

hey everyone,

i've signed up out of dire desperation. it seems my computer has been infected with something pretty bad; on the plus side it looks like i'm not alone and some other people may have solved this issue - so hopefully this won't be too traumatic.

while using google search, i'll be redirected to various sites, they're usually blank. also, if i leave the computer on for 30-60 minutes i'll get a notice saying, "Generic Host Process for Win32 Services has encountered a problem and needs to close..." this turns off my audio and adjusts my desktop settings slightly. aside from that, it's not much of an issue. i can run MBAM without a problem, though it comes up with no infections. the same goes for my AVG, SuperAntispyware, TojanRemover, and Combofix. the problem persists and just now, i've done a non-destructive system recovery and it still will not go away!

any help will be appreciated, and i'll do whatever i can on my end to get the issue resolved. i'm pretty sure you're going to need a few logs, so i'll get the ball rolling with my hijackthis log. i'm currently awaiting GMER to finish scanning, i'll post that log when it's finished.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:09:25 PM, on 10/19/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ehome\ehtray.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\HP_Administrator\Desktop\Antivirus Utilities\91fzye4b.exe

C:\Documents and Settings\HP_Administrator\Desktop\Antivirus Utilities\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\RunOnce: [AddRAID] c:\windows\regedit.exe /s c:\hp\bin\Add_RAID\AddRAID3.reg

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 10175 bytes

[wet]

I have this same issue going on. First time I have EVER had a problem I could not clear up with a few runs of anti-virus software. And I have been online since 1995.

Anyone have any suggestions? Specific ones that WORK?

Agreed. Same here and I consider myself semi-computer savvy. I wouldn't waste your time doing a non-destructive recovery, as that just created more of a headache and didn't solve the original problem. Sorry to hear we're in the same boat, but at the same time I'm somewhat relieved I'm not the only one with this issue...apparently it's a recent viral epidemic.

To anyone else, I'm still awaiting the results from my GMER scan. I'll post it as soon as it's finished.

[LDTate]

OyTheBillybumble...

Stop posting in others topics. Start your own.

We look for post with 0 replies, so when you posted to this log, we assume the user is already being helped.

[LDTate]

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• It doesn't take long to run, once it is finished move onto the next step
  

Next:

Please read carefully and follow these steps.

• Please download

TDSSKiller.zip

• Extract it to your desktop
  
• Double click TDSSKiller.exe
  
• Press Start Scan
  
• Only if Malicious objects are found then ensure Cure is selected
  
• Then click Continue > Reboot now
  

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

[wet]

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• It doesn't take long to run, once it is finished move onto the next step
  

Next:

Please read carefully and follow these steps.

• Please download

TDSSKiller.zip

• Extract it to your desktop
  
• Double click TDSSKiller.exe
  
• Press Start Scan
  
• Only if Malicious objects are found then ensure Cure is selected
  
• Then click Continue > Reboot now
  

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Thanks for your response. I'm proceeding with the GooredFix, do you want me to abort GMER or wait until it's finished before I begin the TDSSKiller which would involve a reboot?

[LDTate]

abort GMER

No need to quote what I post

[wet]

Both scans have finished, here are the logs:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 01:19 on 20/10/2010 (HP_Administrator)

Firefox version [unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{3112ca9c-de6d-4884-a869-9855de68056c} [13:45 14/01/2008]

{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:45 14/01/2008]

{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [20:36 16/06/2009]

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [17:49 09/01/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [16:52 04/09/2010]

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [19:59 18/10/2010]

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2n7lz0dx.default\extensions\

toolbar@ask.com [04:48 10/01/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

(Key not found)

---------- Old Logs ----------

GooredFix[05.18.56_20-10-2010].txt

-=E.O.F=-

2010/10/20 01:21:59.0531 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/20 01:21:59.0531 ================================================================================

2010/10/20 01:21:59.0531 SystemInfo:

2010/10/20 01:21:59.0531

2010/10/20 01:21:59.0531 OS Version: 5.1.2600 ServicePack: 2.0

2010/10/20 01:21:59.0531 Product type: Workstation

2010/10/20 01:21:59.0531 ComputerName: MIKESDESKTOP

2010/10/20 01:21:59.0531 UserName: HP_Administrator

2010/10/20 01:21:59.0531 Windows directory: C:\WINDOWS

2010/10/20 01:21:59.0531 System windows directory: C:\WINDOWS

2010/10/20 01:21:59.0531 Processor architecture: Intel x86

2010/10/20 01:21:59.0531 Number of processors: 2

2010/10/20 01:21:59.0531 Page size: 0x1000

2010/10/20 01:21:59.0531 Boot type: Safe boot

2010/10/20 01:21:59.0531 ================================================================================

2010/10/20 01:21:59.0781 Initialize success

2010/10/20 01:22:54.0812 ================================================================================

2010/10/20 01:22:54.0812 Scan started

2010/10/20 01:22:54.0812 Mode: Manual;

2010/10/20 01:22:54.0812 ================================================================================

2010/10/20 01:22:58.0140 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/20 01:22:59.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/20 01:23:01.0015 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2010/10/20 01:23:02.0000 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2010/10/20 01:23:07.0515 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/20 01:23:11.0250 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/20 01:23:12.0234 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/20 01:23:14.0234 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/20 01:23:15.0203 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/20 01:23:16.0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/20 01:23:17.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/20 01:23:18.0171 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/20 01:23:20.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/20 01:23:21.0015 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/20 01:23:21.0984 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/20 01:23:25.0718 ctac32k (f0189fe0881f386c59c76121f96d4b68) C:\WINDOWS\system32\drivers\ctac32k.sys

2010/10/20 01:23:26.0687 ctaud2k (9d69b933efee201106a07bdfe7eeffae) C:\WINDOWS\system32\drivers\ctaud2k.sys

2010/10/20 01:23:27.0656 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys

2010/10/20 01:23:28.0609 ctprxy2k (e62a08fce18808cc20765301e3231d82) C:\WINDOWS\system32\drivers\ctprxy2k.sys

2010/10/20 01:23:29.0562 ctsfm2k (819a7e041ef86e1210df7defaa056cb4) C:\WINDOWS\system32\drivers\ctsfm2k.sys

2010/10/20 01:23:32.0328 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/20 01:23:33.0359 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/20 01:23:34.0312 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/20 01:23:35.0234 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/20 01:23:36.0203 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/20 01:23:38.0062 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/20 01:23:39.0046 e1express (b0ababbbe2e61fc916a21182ac2ceff1) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2010/10/20 01:23:40.0000 emupia (8f41ad708fd2c3f0849d9196e083d6fd) C:\WINDOWS\system32\drivers\emupia2k.sys

2010/10/20 01:23:40.0968 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/20 01:23:41.0937 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/20 01:23:42.0890 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/20 01:23:44.0093 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/20 01:23:45.0093 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/10/20 01:23:46.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/20 01:23:47.0078 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/20 01:23:48.0062 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/20 01:23:49.0078 ha10kx2k (cf16453bfeebe1c9fc9be7988da5beab) C:\WINDOWS\system32\drivers\ha10kx2k.sys

2010/10/20 01:23:50.0078 hap16v2k (88ed4798326fd1e4eec46746163796d9) C:\WINDOWS\system32\drivers\hap16v2k.sys

2010/10/20 01:23:51.0062 hap17v2k (9196cac7ca1ecb694566ff9a5fbc9780) C:\WINDOWS\system32\drivers\hap17v2k.sys

2010/10/20 01:23:52.0062 hcwPP2 (55e4da7c8cbba1f2d71720fca7a5c086) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys

2010/10/20 01:23:53.0078 HidIr (07577916997e89563ed508c2ab6ff415) C:\WINDOWS\system32\DRIVERS\hidir.sys

2010/10/20 01:23:54.0062 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/20 01:23:56.0031 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/20 01:23:58.0984 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/20 01:24:00.0000 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iastor.sys

2010/10/20 01:24:01.0000 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/20 01:24:02.0984 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/20 01:24:03.0968 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/20 01:24:04.0937 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/10/20 01:24:05.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/20 01:24:06.0890 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/20 01:24:07.0875 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/20 01:24:08.0843 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/20 01:24:09.0812 IrBus (0461e205fa8870f9020ffe7c64721e75) C:\WINDOWS\system32\DRIVERS\IrBus.sys

2010/10/20 01:24:10.0796 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/20 01:24:11.0765 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/20 01:24:12.0750 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/20 01:24:13.0750 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/20 01:24:14.0734 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/20 01:24:15.0687 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/20 01:24:17.0687 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2010/10/20 01:24:18.0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/20 01:24:19.0656 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/20 01:24:20.0625 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/20 01:24:21.0625 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/20 01:24:22.0562 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/20 01:24:24.0437 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/20 01:24:25.0406 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/20 01:24:26.0375 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/20 01:24:27.0359 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/20 01:24:28.0328 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/20 01:24:29.0359 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/20 01:24:30.0296 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/20 01:24:31.0265 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/20 01:24:32.0218 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/20 01:24:33.0171 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/20 01:24:33.0390 NAVENG (0f4c87f9594787b4fc2928d381a3d801) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060908.041\NAVENG.SYS

2010/10/20 01:24:33.0484 NAVEX15 (acd6d7ecbd38b3b1a573d97148d3c907) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060908.041\NAVEX15.SYS

2010/10/20 01:24:34.0437 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/20 01:24:35.0375 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/20 01:24:36.0296 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/20 01:24:37.0281 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/20 01:24:38.0218 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/20 01:24:39.0156 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/20 01:24:40.0125 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/20 01:24:41.0046 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/20 01:24:42.0000 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/20 01:24:42.0953 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/20 01:24:43.0906 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/20 01:24:44.0859 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/20 01:24:45.0890 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/20 01:24:46.0875 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/20 01:24:47.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/20 01:24:48.0781 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/20 01:24:49.0750 ossrv (64cfbe6c62c19fb66483e8f6dd9a2586) C:\WINDOWS\system32\drivers\ctoss2k.sys

2010/10/20 01:24:50.0703 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/20 01:24:51.0625 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/20 01:24:52.0515 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/20 01:24:53.0437 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/20 01:24:55.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/20 01:24:56.0218 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/20 01:25:02.0703 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/20 01:25:03.0671 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

2010/10/20 01:25:04.0625 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/20 01:25:05.0531 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/20 01:25:06.0468 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/20 01:25:11.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/20 01:25:12.0796 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/20 01:25:13.0687 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/20 01:25:14.0562 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/20 01:25:15.0468 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/20 01:25:16.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/20 01:25:17.0343 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/20 01:25:18.0250 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/20 01:25:19.0171 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/20 01:25:20.0093 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/10/20 01:25:21.0000 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/20 01:25:21.0937 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

2010/10/20 01:25:22.0859 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/20 01:25:24.0656 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/20 01:25:25.0687 SPBBCDrv (286ae4ae9b10f92e97e51a1ab684b432) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/10/20 01:25:26.0578 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/20 01:25:27.0515 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/20 01:25:28.0390 SRTSP (c5d0757b3543b49ff1f3bad472bc059f) C:\WINDOWS\system32\Drivers\SRTSP.SYS

2010/10/20 01:25:29.0312 SRTSPL (e00c821433601e6fc14693a6df919972) C:\WINDOWS\system32\Drivers\SRTSPL.SYS

2010/10/20 01:25:30.0234 SRTSPX (8f46dbcd1b61d096f011bdd126b82817) C:\WINDOWS\system32\Drivers\SRTSPX.SYS

2010/10/20 01:25:31.0140 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/20 01:25:32.0062 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/20 01:25:32.0984 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/20 01:25:33.0921 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/20 01:25:35.0843 SymEvent (46908bd52789f85abb0207c553857fdf) C:\Program Files\Symantec\SYMEVENT.SYS

2010/10/20 01:25:36.0031 SYMIDSCO (e9d69811c57a4e36ba14c5f71b6741b2) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060901.084\SymIDSCo.sys

2010/10/20 01:25:37.0031 SYMREDRV (8d663525791eb438a71df7d96227b398) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2010/10/20 01:25:37.0906 SYMTDI (4a294bf8a1a11485da5cb79216e3291b) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2010/10/20 01:25:40.0546 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/20 01:25:41.0453 Tcpip (0e66b538096a6529d1ac66e78eb0d5c8) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/20 01:25:42.0343 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/20 01:25:43.0265 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/20 01:25:44.0140 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/20 01:25:45.0953 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/20 01:25:47.0734 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/20 01:25:48.0640 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/20 01:25:49.0515 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/20 01:25:50.0390 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/20 01:25:51.0265 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/20 01:25:52.0171 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/20 01:25:53.0046 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/20 01:25:53.0953 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/10/20 01:25:54.0843 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/20 01:25:55.0734 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/20 01:25:56.0656 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/20 01:25:58.0390 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/20 01:25:59.0296 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/20 01:25:59.0406 {22D78859-9CE9-4b77-BF18-AC83E81A9263} (7b012309260f7e013e24f8458e382fad) C:\Program Files\HP\DVDPlay\000.fcl

2010/10/20 01:25:59.0468 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/20 01:25:59.0468 ================================================================================

2010/10/20 01:25:59.0468 Scan finished

2010/10/20 01:25:59.0468 ================================================================================

2010/10/20 01:25:59.0484 Detected object count: 1

2010/10/20 01:27:16.0859 \HardDisk0\MBR - will be cured after reboot

2010/10/20 01:27:16.0859 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/20 01:27:27.0015 Deinitialize success

[LDTate]

Hows it running now?

[wet]

So far, so good

I've used Google for about 5-10 minutes, no redirect and the pc has been on 9:30ish and no Win32 Services failure. Only one error came up in the second program you had me run, I "cured" it as instructed so hopefully it's been resolved.

Thanks a million for the help. Maybe it's paranoia, but I'll be at the computer for most of the night - if the problem picks back up, I'll respond to this thread rather than create a new one if that's all right. But, if we're home free...thanks again!

[LDTate]

Great

Yes I'll leave your topic open for a few days. If it comes back, post it here.

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.