PDA

View Full Version : Click.Giftload almost out of the woods...



RyanV
2011-05-16, 20:16
Hi, I recently acquired this malware and have used spybot S&D, TDSS Killer, Malwarebytes anti-malware, and symantec's backdoor.tidserv removal tool (because in Norton the malware showed up as backdoor.tidserv) to try and take out this malware. One of those must have worked because I have run spybot and Malwarebytes Anti-Malware scans and it is saying no infection detected. However I do still get the occasional redirect to a website I wasn't intending to go to, especially on google. Here is the DDS logs:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Valued Customer at 10:05:41.10 on Mon 05/16/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.1211 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
C:\Program Files\Program DJ\Program DJ\PdjAssistant.exe
C:\Program Files\Program DJ\Green Charger\GCTray.exe
C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\WSZ.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alarm Clock\alarmclock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Valued Customer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_Plugin.exe -update plugin
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WLSS] c:\program files\program dj\wireless switch\WLSS.exe
mRun: [PdjAssistant] c:\program files\program dj\program dj\PdjAssistant.exe
mRun: [GCTray] c:\program files\program dj\green charger\GCTray.exe
mRun: [Wow Video&Audio] c:\program files\program dj\wow video&audio\WVAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Protector Suite QL] c:\program files\protector suite ql\psqltray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\valued customer\start menu\programs\startup\WSZ.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{28e0f0a8-e555-4077-a6e1-63dbf2b29d32}\Icon6560581611.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WSZ.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {498B6563-F313-4B03-8323-E79AD21537D3} = 208.67.220.220,208.67.222.222
Filter: text/html - {26111323-9a71-4861-b8a8-f7a2130e31ac} -
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: PGPmapih.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\a3uaen4i.default\
FF - prefs.js: network.proxy.ftp - 217.194.213.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 217.194.213.31
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 217.194.213.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 217.194.213.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 217.194.213.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\valued customer\local settings\application data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Save Session: savesession@noasobi.net - %profile%\extensions\savesession@noasobi.net
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-23 9856]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2009-12-17 136312]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2009-12-17 13432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 DualView Server;DualView Server Service;c:\program files\program dj\dualview server\dualviewsvc.exe [2008-5-23 126976]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\program dj\smart watchdog\SWDsvc.exe [2008-4-14 208896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [2008-5-6 20352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-13 81296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110516.002\NAVENG.SYS [2011-5-16 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110516.002\NAVEX15.SYS [2011-5-16 1393144]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-6-19 38304]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-5-2 1251720]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-11-21 23096]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2011-3-10 26930]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-12-31 42112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-11-21 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-11-21 3768]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-11-21 200704]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-13 07:44:51 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{18241f7f-a6ff-4296-a8d0-beed1c13fee2}\mpengine.dll
2011-05-11 04:39:28 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
2011-05-06 03:32:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-05 00:22:17 0 ----a-w- c:\windows\Npodowohonevo.bin
2011-05-05 00:22:15 -------- d-----w- c:\docume~1\valued~1\locals~1\applic~1\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
2011-05-02 23:47:50 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-05-02 23:47:02 -------- d-----w- c:\program files\common files\xing shared
2011-05-02 23:46:35 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-05-02 23:46:03 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
.
==================== Find3M ====================
.
2011-05-02 23:45:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-02 23:45:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-10 01:03:37 816 ----a-w- c:\windows\system32\ker.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 10:08:01.39 ===============

ken545
2011-05-19, 01:29
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.







REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-




Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg







OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

ken545
2011-05-23, 14:00
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

tashi
2011-06-02, 07:13
http://forums.spybot.info/showthread.php?t=62810