help needed ! I have a similar problem to a previous post - redirecting to ecata.info

[paulthelondoner]

Kind expert needed - I think I need a little helping hand with this ! I redirect to ecata.info when I google, and slow to get to any page... I have combofix installed - but just not sure of myself as to what to do when I get log report... what do I do after I get the log from combofix? this is what I log:

ComboFix 09-01-13.04 - Owner 2009-01-16 1:34:16.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.625 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 00:42 . 2009-01-16 00:42 <DIR> d-------- c:\program files\Lavasoft
2009-01-16 00:42 . 2009-01-16 00:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-16 00:30 . 2009-01-16 00:30 <DIR> d-------- c:\program files\CCleaner
2009-01-15 23:47 . 2009-01-15 23:47 <DIR> d-------- c:\program files\Trend Micro
2009-01-08 20:01 . 2009-01-08 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\UDL
2009-01-08 19:57 . 2007-12-07 02:08 86,528 --a------ c:\windows\system32\E_FLBEFE.DLL
2009-01-08 19:57 . 2007-12-07 02:01 78,848 --a------ c:\windows\system32\E_FD4BEFE.DLL
2009-01-08 19:57 . 2004-08-04 06:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-08 19:57 . 2004-08-04 06:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-08 19:57 . 2007-04-10 01:06 8,192 --a------ c:\windows\system32\E_DCINST.DLL
2009-01-08 19:54 . 2009-01-08 19:54 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-08 19:54 . 2009-01-08 20:01 <DIR> d-------- c:\program files\epson
2009-01-08 19:54 . 2009-01-08 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\EPSON
2009-01-08 19:54 . 2007-07-13 00:00 71,680 --a------ c:\windows\system32\escwiad.dll
2009-01-08 19:53 . 2009-01-08 19:53 25 --a------ c:\windows\CDE SX200EXPORT.ini
2009-01-06 20:20 . 2009-01-06 20:25 <DIR> d--h----- C:\LG3G
2009-01-06 20:18 . 2009-01-06 20:18 <DIR> d-------- c:\documents and settings\Owner\Application Data\LG Electronics
2009-01-06 20:16 . 2009-01-06 20:16 <DIR> d-------- c:\program files\LG Electronics
2009-01-06 20:16 . 2007-07-11 10:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2009-01-06 20:16 . 2007-07-11 15:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2009-01-06 20:16 . 2007-07-11 10:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys
2009-01-06 20:14 . 2009-01-06 20:15 <DIR> d-------- c:\program files\LG PC Suite 2
2009-01-06 20:13 . 2009-01-06 20:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\InstallShield
2009-01-06 18:53 . 2009-01-06 18:53 <DIR> d-------- c:\program files\Real
2009-01-06 18:53 . 2009-01-06 18:53 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-04 11:57 . 2009-01-14 02:02 30,976 --a------ c:\windows\rascntrl.dll
2009-01-04 11:57 . 2009-01-14 02:02 23,104 --a------ c:\windows\system32\svcprmpt.dll
2008-12-28 11:24 . 2008-12-29 22:03 0 --a------ c:\windows\vpd.properties
2008-12-25 14:02 . 2008-12-25 14:02 <DIR> d-------- c:\documents and settings\Owner\Application Data\funkitron
2008-12-25 13:57 . 2008-12-25 13:57 <DIR> d-------- c:\program files\GameHouse
2008-12-22 17:59 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-22 17:59 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-22 17:59 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-22 17:59 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-22 17:59 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-22 17:59 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-22 17:59 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-22 17:58 . 2008-12-22 17:58 <DIR> d-------- c:\windows\Logs
2008-12-21 00:45 . 2008-12-21 00:45 <DIR> d-------- c:\windows\Virtual Villagers 3 - The Secret City Fixed
2008-12-18 23:03 . 2008-12-18 23:03 <DIR> d-------- c:\program files\AC3Filter
2008-12-18 23:03 . 2008-07-09 08:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2008-12-18 22:45 . 2008-12-18 22:56 <DIR> d-------- C:\divx
2008-12-18 22:31 . 2008-12-18 22:31 <DIR> d-------- c:\documents and settings\Owner\Application Data\Media Player Classic
2008-12-16 18:19 . 2008-12-16 18:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 18:19 . 2008-12-16 18:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-16 18:19 . 2008-12-16 18:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 18:19 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-16 18:19 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 00:48 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-01-16 00:42 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-16 00:33 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-16 00:20 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2009-01-16 00:00 --------- d-----w c:\documents and settings\Owner\Application Data\skypePM
2009-01-15 18:14 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-09 18:58 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-09 18:58 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-09 18:58 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-09 18:58 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-09 18:58 --------- d-----w c:\program files\Symantec
2009-01-08 20:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 18:53 --------- d-----w c:\program files\Common Files\Real
2008-12-31 17:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-29 22:19 --------- d-----w c:\program files\Oberon Media
2008-12-29 22:05 --------- d-----w c:\program files\Pogo UK
2008-12-22 19:23 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-22 18:35 --------- d-----w c:\documents and settings\Owner\Application Data\Pogo Games
2008-12-21 11:12 --------- d-----w c:\documents and settings\Owner\Application Data\Canon
2008-12-21 02:09 --------- d-----w c:\documents and settings\Owner\Application Data\DivX
2008-12-19 21:39 --------- d-----w c:\program files\Boggle
2008-12-18 22:40 --------- d-----w c:\program files\DivX
2008-12-14 20:57 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-13 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-13 19:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-13 15:25 --------- d-----w c:\program files\Norton AntiVirus
2008-12-13 12:57 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-13 12:56 --------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2008-12-12 16:23 --------- d-----w c:\program files\Common Files\Adobe
2008-12-12 16:05 --------- d-----w c:\program files\QuickTime
2008-12-12 15:28 --------- d-----w c:\program files\Windows Installer Clean Up
2008-12-12 15:28 --------- d-----w c:\program files\MSECACHE
2008-12-10 09:01 --------- d-----w c:\program files\Indesign
2008-12-08 22:23 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-08 22:23 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-08 22:22 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-08 22:22 --------- d-----w c:\program files\Java
2008-12-01 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\iWin Games
2008-11-30 22:04 --------- d-----w c:\documents and settings\Owner\Application Data\iWin
2008-11-30 22:03 --------- d-----w c:\program files\ReflexiveArcade
2008-11-30 21:25 --------- d-----w c:\program files\iWin.com
2008-11-30 21:23 --------- d-----w c:\documents and settings\Owner\Application Data\iWinArcade
2008-11-24 22:49 --------- d-----w c:\program files\Common Files\Java
2008-11-24 18:28 --------- d-----w c:\program files\MagicISO
2008-11-23 11:31 --------- d-----w c:\program files\Skype
2008-11-23 11:31 --------- d-----w c:\program files\Common Files\Skype
2008-11-23 11:31 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-23 10:13 --------- d-----w c:\program files\ToGo Game
2008-11-23 10:12 --------- d-----w c:\program files\Pogo To Go
2008-11-23 09:16 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-23 00:34 --------- d-----w c:\program files\uTorrent
2008-11-22 23:54 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-22 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\ALM
2008-11-22 22:59 --------- d-----w c:\program files\Bonjour
2008-11-22 22:52 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-22 22:48 --------- d-----w c:\program files\MagicDisc
2008-11-22 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-22 17:16 155,995 ----a-w c:\windows\java\Packages\53JTJTNH.ZIP
2008-11-22 17:05 --------- d-----w c:\program files\CONEXANT
2008-11-22 16:59 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-22 16:55 --------- d-----w c:\program files\UIU
2008-11-22 16:27 --------- d-----w c:\program files\Creative
2008-11-22 16:19 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-11-13 2105176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-24 714608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-06 185896]
"CARPService"="carpserv.exe" [2001-12-24 c:\windows\system32\carpserv.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-11-22 575488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-12-12 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hkxbjd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3679:UDP"= 3679:UDP:Windows Media Format SDK (firefox.exe)
"3678:UDP"= 3678:UDP:Windows Media Format SDK (firefox.exe)

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-13 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-13 99376]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-13 7408]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-24 149352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-05-13 8944]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AAWSERVICE
*NewlyCreated* - RKREVEAL150
*Deregistered* - RKREVEAL150
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {6E301FC7-DF53-4EAC-B45A-5A3BF94C2B0F} = 208.67.220.220,208.67.222.222

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zdhlebv1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - www.pogo.co.uk
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 01:35:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxnpppqdta.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1326574676-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Juan\JKWL\SARAH+COONOR+CHRONICLES+OFFICIAL]
@DACL=(02 0000)
"LU"="www.google.co.uk/search?hl=en&q=SARAH+COONOR+CHRONICLES+OFFICIAL&btnG=Google+Search&meta="
"CT"=dword:00000001
"LT"=hex:58,15,10,96,bd,63,c9,01
.
Completion time: 2009-01-16 1:35:59
ComboFix-quarantined-files.txt 2009-01-16 01:35:57
ComboFix2.txt 2009-01-16 01:33:04
ComboFix3.txt 2009-01-15 22:55:56

Pre-Run: 103,845,691,392 bytes free
Post-Run: 103,832,723,456 bytes free

254 --- E O F --- 2008-12-18 21:04:21

I attached it as an - er - attachment if it helps...

Paul

[amateur]

Hello and welcome to TSF.

Apologies for the delayed response.

First of all, ComboFix is not a tool which should be used in an unsupervised environment, and it says so in the disclaimer you had to see before it ran.

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.