Hi!
I am trying to help a close friend whose computer has been invaded by adware and popups entitled fp.pc-on-internet.com. The popups only appear when on-line. He is based in UK using Windows XP Home(still on dial-up). I found an earlier thread connecting this infection to Navipromo. I have followed the instructions given by Shaba in Finland and have downloaded GMER and BFU. But I cannot find the same filename of C:\WINDOWS\system32\kdgubtic.exe. But below is the latest scan by GMER. Can anyone throw some light on the offending files please. Many Thanks! Mike C.

Here is the first half of latest GMER scan. I will have to post the other half separately because of size.GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-17 21:46:20
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT 83C09FD0 ZwAlertResumeThread
SSDT 83FC4168 ZwAlertThread
SSDT 83FC7748 ZwAllocateVirtualMemory
SSDT 83FFDFB0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 83C09D40 ZwCreateMutant
SSDT 83FC4BA8 ZwCreateThread
SSDT 83C099C0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 83FC49C8 ZwFreeVirtualMemory
SSDT 83C09E30 ZwImpersonateAnonymousToken
SSDT 83C09F10 ZwImpersonateThread
SSDT 83FC48C8 ZwMapViewOfSection
SSDT 83C09C60 ZwOpenEvent
SSDT 83FE3E18 ZwOpenProcessToken
SSDT 83C09AA0 ZwOpenSection
SSDT 83FC4640 ZwOpenThreadToken
SSDT 83FE3D40 ZwResumeThread
SSDT 83FC4560 ZwSetContextThread
SSDT 83FC4730 ZwSetInformationProcess
SSDT 83FC4470 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 83C09B80 ZwSuspendProcess
SSDT 83FC42B0 ZwSuspendThread
SSDT 83FE3CD0 ZwTerminateProcess
SSDT 83FC4390 ZwTerminateThread
SSDT 83FE0CE8 ZwUnmapViewOfSection
SSDT 83FC4AB8 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[360] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D9200E
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[360] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D91DAF
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[360] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D91CF2
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[360] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D9191B
.text C:\WINDOWS\SOUNDMAN.EXE[460] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00BE200E
.text C:\WINDOWS\SOUNDMAN.EXE[460] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00BE1DAF
.text C:\WINDOWS\SOUNDMAN.EXE[460] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00BE1CF2
.text C:\WINDOWS\SOUNDMAN.EXE[460] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00BE191B
.text C:\WINDOWS\sm56hlpr.exe[492] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00C7200E
.text C:\WINDOWS\sm56hlpr.exe[492] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C71DAF
.text C:\WINDOWS\sm56hlpr.exe[492] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C71CF2
.text C:\WINDOWS\sm56hlpr.exe[492] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00C7191B
.text C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe[520] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe[520] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe[520] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe[520] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[532] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00FC200E
.text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[532] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00FC1DAF
.text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[532] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00FC1CF2
.text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[532] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00FC191B
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[536] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0098200E
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[536] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00981DAF
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[536] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00981CF2
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[536] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0098191B
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[560] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0099200E
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[560] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00991DAF
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[560] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00991CF2
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[560] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0099191B
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[580] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00EB200E
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[580] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00EB1DAF
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[580] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00EB1CF2
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[580] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00EB191B
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[620] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0097200E
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[620] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00971DAF
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[620] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00971CF2
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE[620] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0097191B
.text C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe[672] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01AA200E
.text C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe[672] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01AA1DAF
.text C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe[672] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01AA1CF2
.text C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe[672] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01AA191B
.text C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe[708] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 009A200E
.text C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe[708] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009A1DAF
.text C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe[708] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009A1CF2
.text C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe[708] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 009A191B
.text C:\WINDOWS\system32\csrss.exe[720] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[720] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[720] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[720] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\windows\system32\kamkuz.exe[1352] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0166200E
.text C:\windows\system32\kamkuz.exe[1352] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01661DAF
.text C:\windows\system32\kamkuz.exe[1352] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01661CF2
.text C:\windows\system32\kamkuz.exe[1352] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0166191B
.text C:\Program Files\Messenger\msmsgs.exe[1508] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D7200E
.text C:\Program Files\Messenger\msmsgs.exe[1508] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D71DAF
.text C:\Program Files\Messenger\msmsgs.exe[1508] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D71CF2
.text C:\Program Files\Messenger\msmsgs.exe[1508] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D7191B
.text C:\WINDOWS\system32\spoolsv.exe[1632] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\spoolsv.exe[1632] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\spoolsv.exe[1632] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\spoolsv.exe[1632] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[1664] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A5200E
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[1664] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A51DAF
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[1664] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A51CF2
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[1664] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A5191B
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00BB200E
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00BB1DAF
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00BB1CF2
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00BB191B
.text C:\WINDOWS\system32\sistray.exe[1868] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00BA200E
.text C:\WINDOWS\system32\sistray.exe[1868] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00BA1DAF
.text C:\WINDOWS\system32\sistray.exe[1868] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00BA1CF2
.text C:\WINDOWS\system32\sistray.exe[1868] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00BA191B
.text C:\WINDOWS\system32\rundll32.exe[3072] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00AE200E
.text C:\WINDOWS\system32\rundll32.exe[3072] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00AE1DAF
.text C:\WINDOWS\system32\rundll32.exe[3072] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00AE1CF2
.text C:\WINDOWS\system32\rundll32.exe[3072] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00AE191B
.text C:\WINDOWS\system32\wuauclt.exe[3236] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\wuauclt.exe[3236] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\wuauclt.exe[3236] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\wuauclt.exe[3236] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Documents and Settings\dads accounts\Desktop\gmer.exe[3460] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D6200E
.text C:\Documents and Settings\dads accounts\Desktop\gmer.exe[3460] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D61DAF
.text C:\Documents and Settings\dads accounts\Desktop\gmer.exe[3460] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D61CF2
.text C:\Documents and Settings\dads accounts\Desktop\gmer.exe[3460] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D6191B

Here is the rest of GMER scan
Device \FatCdrom IRP_MJ_CREATE [F7414C8A] Fastfat.sys
Device \FatCdrom IRP_MJ_CLOSE [F74117C8] Fastfat.sys
Device \FatCdrom IRP_MJ_READ [F740D60A] Fastfat.sys
Device \FatCdrom IRP_MJ_WRITE [F740DAED] Fastfat.sys
Device \FatCdrom IRP_MJ_QUERY_INFORMATION [F7418958] Fastfat.sys
Device \FatCdrom IRP_MJ_SET_INFORMATION [F741B821] Fastfat.sys
Device \FatCdrom IRP_MJ_QUERY_EA [F742438A] Fastfat.sys
Device \FatCdrom IRP_MJ_SET_EA [F7423D49] Fastfat.sys
Device \FatCdrom IRP_MJ_FLUSH_BUFFERS [F741DBBE] Fastfat.sys
Device \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION [F741E331] Fastfat.sys
Device \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION [F742C4F4] Fastfat.sys
Device \FatCdrom IRP_MJ_DIRECTORY_CONTROL [F7414B37] Fastfat.sys
Device \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL [F7410948] Fastfat.sys
Device \FatCdrom IRP_MJ_DEVICE_CONTROL [F741A46B] Fastfat.sys
Device \FatCdrom IRP_MJ_SHUTDOWN [F742B79D] Fastfat.sys
Device \FatCdrom IRP_MJ_LOCK_CONTROL [F742AC4A] Fastfat.sys
Device \FatCdrom IRP_MJ_CLEANUP [F74112FD] Fastfat.sys
Device \FatCdrom IRP_MJ_PNP [F742B1DB] Fastfat.sys
Device \FatCdrom FastIoCheckIfPossible [F74261F9] Fastfat.sys
Device \FatCdrom FastIoQueryBasicInfo [F7415646] Fastfat.sys
Device \FatCdrom FastIoQueryStandardInfo [F7415405] Fastfat.sys
Device \FatCdrom FastIoLock [F741B9F3] Fastfat.sys
Device \FatCdrom FastIoUnlockSingle [F741E518] Fastfat.sys
Device \FatCdrom FastIoUnlockAll [F742A929] Fastfat.sys
Device \FatCdrom FastIoUnlockAllByKey [F742AA21] Fastfat.sys
Device \FatCdrom FastIoQueryNetworkOpenInfo [F742628E] Fastfat.sys
Device \FatCdrom AcquireForCcFlush [F742B4A6] Fastfat.sys
Device \FatCdrom ReleaseForCcFlush [F742B51F] Fastfat.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [B5F13DF0] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [B5F13DF0] SYMTDI.SYS

Device \Device\LanmanRedirector IRP_MJ_CREATE [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CLOSE [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_READ [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_WRITE [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_INFORMATION [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_EA [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_EA [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SHUTDOWN [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CLEANUP [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_SECURITY [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_POWER [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_SET_QUOTA [B5D4A189] mrxsmb.sys
Device \Device\LanmanRedirector IRP_MJ_PNP [B5D4A189] mrxsmb.sys
Device \Fat IRP_MJ_CREATE [F7414C8A] Fastfat.sys
Device \Fat IRP_MJ_CLOSE [F74117C8] Fastfat.sys
Device \Fat IRP_MJ_READ [F740D60A] Fastfat.sys
Device \Fat IRP_MJ_WRITE [F740DAED] Fastfat.sys
Device \Fat IRP_MJ_QUERY_INFORMATION [F7418958] Fastfat.sys
Device \Fat IRP_MJ_SET_INFORMATION [F741B821] Fastfat.sys
Device \Fat IRP_MJ_QUERY_EA [F742438A] Fastfat.sys
Device \Fat IRP_MJ_SET_EA [F7423D49] Fastfat.sys
Device \Fat IRP_MJ_FLUSH_BUFFERS [F741DBBE] Fastfat.sys
Device \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F741E331] Fastfat.sys
Device \Fat IRP_MJ_SET_VOLUME_INFORMATION [F742C4F4] Fastfat.sys
Device \Fat IRP_MJ_DIRECTORY_CONTROL [F7414B37] Fastfat.sys
Device \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7410948] Fastfat.sys
Device \Fat IRP_MJ_DEVICE_CONTROL [F741A46B] Fastfat.sys
Device \Fat IRP_MJ_SHUTDOWN [F742B79D] Fastfat.sys
Device \Fat IRP_MJ_LOCK_CONTROL [F742AC4A] Fastfat.sys
Device \Fat IRP_MJ_CLEANUP [F74112FD] Fastfat.sys
Device \Fat IRP_MJ_PNP [F742B1DB] Fastfat.sys
Device \Fat FastIoCheckIfPossible [F74261F9] Fastfat.sys
Device \Fat FastIoQueryBasicInfo [F7415646] Fastfat.sys
Device \Fat FastIoQueryStandardInfo [F7415405] Fastfat.sys
Device \Fat FastIoLock [F741B9F3] Fastfat.sys
Device \Fat FastIoUnlockSingle [F741E518] Fastfat.sys
Device \Fat FastIoUnlockAll [F742A929] Fastfat.sys
Device \Fat FastIoUnlockAllByKey [F742AA21] Fastfat.sys
Device \Fat FastIoQueryNetworkOpenInfo [F742628E] Fastfat.sys
Device \Fat AcquireForCcFlush [F742B4A6] Fastfat.sys
Device \Fat ReleaseForCcFlush [F742B51F] Fastfat.sys

AttachedDevice \Fat IRP_MJ_CREATE [F74521DE] fltMgr.sys
AttachedDevice \Fat IRP_MJ_CREATE_NAMED_PIPE [F74521DE] fltMgr.sys
AttachedDevice \Fat IRP_MJ_CLOSE [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_READ [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_WRITE [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_INFORMATION [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_INFORMATION [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_EA [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_EA [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_FLUSH_BUFFERS [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_DIRECTORY_CONTROL [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7452454] fltMgr.sys
AttachedDevice \Fat IRP_MJ_DEVICE_CONTROL [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SHUTDOWN [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_LOCK_CONTROL [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_CLEANUP [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_CREATE_MAILSLOT [F74521DE] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_SECURITY [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_SECURITY [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_POWER [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SYSTEM_CONTROL [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_DEVICE_CHANGE [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_QUERY_QUOTA [F7445F4C] fltMgr.sys
AttachedDevice \Fat IRP_MJ_SET_QUOTA [F7445F4C] fltMgr.sys

---- Processes - GMER 1.0.13 ----

Process C:\windows\system32\kamkuz.exe (*** hidden *** ) 1352
Library C:\windows\system32\kamkuz.exe (*** hidden *** ) @ C:\windows\system32\kamkuz.exe [1352] 0x00400000

---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@kamkuz c:\windows\system32\kamkuz.exe kamkuz
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@kamkuz c:\windows\system32\kamkuz.exe kamkuz

---- Files - GMER 1.0.13 ----

Hello.

Looks like you missed our sticky topics. ;)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Start with ONLY the Two Logs We Ask For in Our Sticky Topic, NOT CF etc (http://forums.spybot.info/showthread.php?t=16806)

You might want to start over, as the forum is very busy and helpers look for zero response.

Then I would close this thread.

Regards. :)

Point taken. Thanks - I am new to your board and was keen to get the problem fixed. Should have read the page properly before I started!
Will re-submit. How do I close this thread?
Mike