Windows cannot find 'resycled\ntldr

Dell / Dimension 2350
February 21, 2009 at 08:43:17
Specs: Windows XP Home Edition 2002 sp3, Intel Pentium 4 2.00 GHz/1.00 GB
I've been trying yo clean my computer and got to "Windows cannot find 'resycled\ntldr.com'. Make sure you typed the name correctly, and try again.
To search for a file, click the Start button, and then click Search." since that I've ran Autorun eater and Malwarebytes Anti-malware and have the mbam log file like in the can not access drives post by Zunos on Jan 17 09. I also had no TDSSserv.sys in device mgr. Am I close enough for some further help?

See More: Windows cannot find resycled\ntldr

Report •


#1
February 21, 2009 at 17:25:27
Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#2
February 21, 2009 at 21:18:49
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:20 PM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
D:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE
D:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\EMBARQ Online Security\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
D:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE
D:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\hkcmd.exe
D:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Documents and Settings\Owner.BZ-HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
D:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe
D:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
D:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
D:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe
D:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
H:\Downloads\Software Downloads\autorun eater\Hijack This\tools.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://psprintcw.sprint.motive.com/wizlet/EMBARQHSI/welcomePrepare.do?locale=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BitPump] "D:\Program Files\AnalogX\BitPump\bitpump.exe" /VerifySettings
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [PC-Checkup] "D:\Program Files\PC Check-up\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.BZ-HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Open with BitPump - D:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Run PC Digital Safe - {92780B25-18CC-41C8-B9BE-3C9C571A1818} - D:\Program Files\PC Digital Safe\PcDigitalSafe.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {9CE19FF4-783B-49DD-8158-3B8B5C02B9A4} - D:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofi...
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11775 bytes


Report •

#3
February 21, 2009 at 21:36:53
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your F-Secure antivirus, and any other antispyware that you may have.
2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.


Report •

Related Solutions

#4
February 21, 2009 at 22:47:44
Please forgive me. I was impatient first, so I continued with the instructions in another thread. In short, after creating the Hijackthis-log, I downloaded combofix, but did not rename to toolb.exe. I ran combofix.exe with f-secure unloaded and created the combofix-log which I have. It took a while and restarted and ran chkdsk on all drives I think and created the log file. It seemed to make it all better. I really appreciate this, so once more, please forgive me. I'm going to go ahead and post the combofix.log I have in another post in case it will expedite things and free your time up. I feel like an assss.

Report •

#5
February 21, 2009 at 22:48:39
ComboFix 09-02-19.01 - Owner 2009-02-21 13:34:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.711 [GMT -8:00]
Running from: h:\downloads\Software Downloads\autorun eater\ComboFix\ComboFix.exe
AV: EMBARQ Online Security 7.00 *On-access scanning disabled* (Updated)
FW: EMBARQ Online Security 7.00 *disabled*
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.BZ-HOME\Application Data\inst.exe
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\-=mininova.org=- Norton_SystemWorks_2007_Premier_FULL_CD.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\[pc Multi16] The Sims Pet Stories[colombo-bt Org] - {{{- SeedPeer.Com -}}}.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\101.gif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\102.gif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\103.gif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\104.gif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\105.gif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\106.gif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\1click Dvd Copy Pro 3 1 0 7 - ^^^- SeedPeer.Com -^^^.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\26dc2c33437f8bf7c459a26fb8b4d8e0624744e7
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Anydvd & Anydvd Hd V6 4 0 0 - Final -(new-with Serial Key) - (((- SeedPeer.Com -))).torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Bigfish_Games___Build_a_lot___Precracked___Indianboy2007.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Billy_Ray_Cyrus___Wanna_Be_Your_Joe__2006_256kbps_.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Breathtaking_Blonde_Supermodel_Nicole_Sheridan_Takes_Cock_In_Her_p--sy_XXX_Sex_Porn.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Bsplayer Pro Multilang 2 26 Build 956 - (((- SeedPeer.Com -))).torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\details_318289.html
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Game Jackal Pro - [[[- SeedPeer.Com -]]].torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Golden Hawk Cdrwin 4 0f Unicode - [[[- SeedPeer.Com -]]].torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Golden Hawk Cdrwin 4 0f Unicode - {{{- SeedPeer.Com -}}}.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Hannah Montana 2 Meet Miley Cyrus 2cd 2007 Btl - (((- SeedPeer.Com -))).torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Hannah_Montana_2___Meet_Miley_Cyrus_2CD_2007_BTL.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Jenna_Jameson__Kylie_Ireland__Felecia_FFFM_foursome_avi.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\member
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Monsterofcock___Violet_Blue_Anal__xxx_adult_sex_tits_ass_p--sy_porn__HD_.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Nicole_Sheridan___Ass_f---.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Pc The Sims Pet Stories [www Pepedivx Com] - [[[- SeedPeer.Com -]]].torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Pirates_Super_Copy_Powerpack_AIO_rar.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\pre_search.php
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Slysoft Anydvd 6 3 0 0 Clonecd 5 3 1 0 Clonedvd 2 9 1 2 Clonedvd Mobile 1 1 6 0 Game Jackal 2 9 18 - {{{- SeedPeer.Com -}}}.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Slysoft Game Jackal Pro V2 9 18 545 - [[[- SeedPeer.Com -]]].torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Slysoft Game Jackal Pro V2 9 18 545 - ^^^- SeedPeer.Com -^^^.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Slysoft Game Jackal Pro V2 9 18 545 - {{{- SeedPeer.Com -}}}.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Slysoft Game Jackal Pro V3 0 1 0 Multilingual Incl Keygen And Patch-brd [nt - Nemesyz Com] - {{{- SeedPeer.Com -}}}.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\SlySoft.Game.Jackal.Pro.v3.0.0.5-YAG [myBittorrent.com].torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\SlySoft.Game.Jackal.Pro.v3.0.0.5.Keygen.and.Patch.Only-BRD [myBittorrent.com].torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\SlySoft.Game.Jackal.Pro.v3.0.1.0.Multilingual.Incl.Keygen.and.Patch-BRD [myBittorrent.com].torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Taylor_Rain___her_best_ANAL_scene_EVER.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\The_Sims_2_Seasons_RELOADED_MULTI_15.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\VA_Hannah_Montana_2_Meet_Miley_Cyrus_OST_2007_SAW.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Virginie Gervais FHM France Winner 2005 Sex Tape.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\VIRGINIE_GERVAIS_SEX_TAPE_MOVIE_FILM.3874697.TPB.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Vivid Women In Uniform Film - ^^^- SeedPeer.Com -^^^.torrent
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Vivid___Women_in_Uniform__Nina_Mercedez__Violet_Blue__Rebecca_Love__Ashley_Long__Nicole_Sheridan__As.torrent
c:\program files\INSTALL.LOG
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\gaopdxarnqgoyv.sys
c:\windows\system32\drivers\gaopdxbepaawnn.sys
c:\windows\system32\drivers\gaopdxrdupkduc.sys
c:\windows\system32\gaopdxdqjunjir.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 07:31 . 2009-02-21 07:31 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 07:31 . 2009-02-21 07:31 <DIR> d----c--- c:\documents and settings\Owner.BZ-HOME\Application Data\Malwarebytes
2009-02-21 07:31 . 2009-02-21 07:31 <DIR> d----c--- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-02-21 07:31 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-21 07:31 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-02-21 06:37 . 2009-02-21 07:09 <DIR> d----c--- c:\program files\Autorun Eater
2009-02-07 08:28 . 2009-02-07 08:28 <DIR> d----c--- c:\program files\Microsoft IntelliPoint
2009-02-07 08:28 . 2007-08-21 01:13 21,760 --a--c--- c:\windows\system32\drivers\point32.sys
2009-02-02 20:00 . 2009-02-05 18:27 34 --a--c--- c:\documents and settings\Owner.BZ-HOME\jagex_runescape_preferences.dat
2009-01-31 16:30 . 2009-01-31 16:43 <DIR> d----c--- c:\documents and settings\Owner.BZ-HOME\dodian.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 20:29 --------- dc----w c:\program files\Lx_cats
2009-01-24 04:45 --------- dc----w c:\program files\Paradise Pet Salon
2009-01-20 00:01 --------- dc----w c:\documents and settings\All Users.WINDOWS\Application Data\Trymedia
2009-01-04 10:21 --------- dc----w c:\program files\JoshMadison
2009-01-04 08:12 --------- dc----w c:\documents and settings\All Users.WINDOWS\Application Data\HipSoft
2009-01-04 00:23 --------- dc----w c:\program files\Maxis
2009-01-04 00:05 --------- dc----w c:\program files\Sim File Maid 2
2008-12-15 05:22 410,984 -c--a-w c:\windows\system32\deploytk.dll
2008-08-24 23:02 47,360 -c--a-w c:\documents and settings\Owner.BZ-HOME\Application Data\pcouffin.sys
2008-04-05 16:38 47,360 -c--a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2008-03-06 04:24 774,144 -c--a-w c:\program files\RngInterstitial.dll
2005-09-14 15:24 33,280 -c--a-w c:\program files\EndProcess.exe
2008-04-10 22:06 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 39,792 2007-10-11 02:51:55 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
-c--a-w 39,792 2008-10-15 09:04:34 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

-c--a-w 176,177 2007-04-26 11:43:26 c:\program files\EMBARQ Online Security\Common\bak\FSM32.EXE
-c--a-w 184,800 2008-02-13 10:38:54 c:\program files\EMBARQ Online Security\Common\FSM32.EXE

-c--a-w 733,184 2007-04-26 11:41:54 c:\program files\EMBARQ Online Security\FSGUI\bak\TNBUtil.exe
-c--a-w 741,800 2008-02-13 10:38:44 c:\program files\EMBARQ Online Security\FSGUI\tnbutil.exe

-c--a-w 3,739,648 2007-01-01 21:22:02 c:\program files\Google\Google Talk\bak\googletalk.exe
-c--a-w 3,739,648 2007-01-01 21:22:02 c:\program files\Google\Google Talk\googletalk.exe

-c--a-w 267,048 2008-01-15 11:22:56 c:\program files\iTunes\bak\iTunesHelper.exe

-c--a-w 132,496 2007-09-25 08:11:35 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe

-c--a-w 53,248 2002-02-05 06:32:10 c:\program files\REGSHAVE\bak\REGSHAVE.EXE

-c--a-w 385,024 2008-01-10 23:27:36 d:\program files\QuickTime Alternative\bak\QTTask.exe

-c--a-w 850,432 2008-01-23 06:05:20 d:\program files\WxEx\bak\WxEx.exe

-c--a-w 256 2008-09-05 04:33:37 g:\games\BAK\Mis3-9lives\MP.cdf

-c--a-w 2,048 2008-10-03 04:37:28 g:\games\BAK\Mis3-9lives\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\games\BAK\Mis4-12lives\MP.cdf

-c--a-w 2,048 2008-10-03 05:21:32 g:\games\BAK\Mis4-12lives\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\games\BAK\Mis5-11lives\MP.cdf

-c--a-w 2,048 2008-10-04 05:03:37 g:\games\BAK\Mis5-11lives\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\games\BAK\Mis6-11lives\MP.cdf

-c--a-w 2,048 2008-10-05 02:10:57 g:\games\BAK\Mis6-11lives\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis10-13lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-12-13 22:27:41 g:\program files\Alien Sky\BAK\Mis10-13lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis10-17lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\BAK\Mis10-17lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2005-09-06 06:19:40 g:\program files\Alien Sky\BAK\Mis10-2lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2005-10-20 01:42:36 g:\program files\Alien Sky\BAK\Mis10-2lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2006-01-26 08:26:00 g:\program files\Alien Sky\BAK\Mis10-42lives\MP.CDF
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2006-01-26 08:28:00 g:\program files\Alien Sky\BAK\Mis10-42lives\SAVE.CDF
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis2-8lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-10 00:20:33 g:\program files\Alien Sky\BAK\Mis2-8lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis3-12lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-16 07:04:18 g:\program files\Alien Sky\BAK\Mis3-12lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis3-9lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-03 04:37:28 g:\program files\Alien Sky\BAK\Mis3-9lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis4-12lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-03 05:21:32 g:\program files\Alien Sky\BAK\Mis4-12lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis4-14lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-19 09:34:21 g:\program files\Alien Sky\BAK\Mis4-14lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis5-11lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-04 05:03:37 g:\program files\Alien Sky\BAK\Mis5-11lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis5-13lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-20 05:10:23 g:\program files\Alien Sky\BAK\Mis5-13lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis6-11lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-05 02:10:57 g:\program files\Alien Sky\BAK\Mis6-11lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis7-10lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-28 07:12:03 g:\program files\Alien Sky\BAK\Mis7-10lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis7-6lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-18 05:27:52 g:\program files\Alien Sky\BAK\Mis7-6lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis7-8lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-10-23 12:06:19 g:\program files\Alien Sky\BAK\Mis7-8lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis8-10lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-11-27 09:39:40 g:\program files\Alien Sky\BAK\Mis8-10lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis9-17lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-12-13 22:10:58 g:\program files\Alien Sky\BAK\Mis9-17lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\BAK\Mis9-6lives\MP.cdf
-c--a-w 256 2008-09-05 04:33:37 g:\program files\Alien Sky\MP.cdf

-c--a-w 2,048 2008-11-27 16:59:20 g:\program files\Alien Sky\BAK\Mis9-6lives\Save.cdf
-c--a-w 2,048 2008-12-14 02:23:26 g:\program files\Alien Sky\Save.cdf

-c-ha-w 4,348 2005-12-17 06:26:56 h:\my music\License Backup\bak\drmv1key.bak
-c-ha-w 4,348 2005-06-09 01:42:06 h:\my music\License Backup\drmv1key.bak

-c-ha-w 20 2005-12-19 03:12:48 h:\my music\License Backup\bak\drmv1lic.bak
-c-ha-w 20 2005-07-11 15:51:00 h:\my music\License Backup\drmv1lic.bak

-csha-w 312 2005-12-17 06:26:40 h:\my music\License Backup\bak\drmv2key.bak
-c-ha-w 312 2005-06-09 01:42:04 h:\my music\License Backup\drmv2key.bak

-c--a-w 0 2005-12-19 03:12:48 h:\my music\License Backup\bak\drmv2lic.bak
-c-ha-w 1,536 2005-07-11 15:51:01 h:\my music\License Backup\drmv2lic.bak

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-04-07 4608]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [N/A]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [N/A]
"Google Update"="c:\documents and settings\Owner.BZ-HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"F-Secure Manager"="d:\program files\EMBARQ Online Security\Common\FSM32.EXE" [2007-04-26 176177]
"F-Secure TNB"="d:\program files\EMBARQ Online Security\FSGUI\TNBUtil.exe" [2007-04-26 733184]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2008-04-07 438359]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]
"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"BitPump"="d:\program files\AnalogX\BitPump\bitpump.exe" [2008-04-25 536576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-09-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-03 455168]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"PC-Checkup"="d:\program files\PC Check-up\PCCheckUp.exe" [N/A]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [N/A]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"Trickler"="" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.RUD0"= Rududu.dll
"MSACM.IMC"= IMC32.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\[u]0[/u]autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\AnalogX\\BitPump\\bitpump.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\app4r.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Downloads\\utorrent\\utorrent-1.8-beta-9704.upx.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-04-06 51104]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-04-24 38448]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;d:\program files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2008-04-06 52736]
S3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2008-04-30 508544]
S3 DrmRVideo32;DrmRVideo32;c:\windows\system32\drivers\DrmRVideo32.sys [2008-04-30 3768]
S3 MaplomL;MaplomL; [x]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-04-25 2688]
S4 F-Secure Filter;F-Secure File System Filter;d:\program files\EMBARQ Online Security\Anti-Virus\win2k\fsfilter.sys [2008-04-06 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;d:\program files\EMBARQ Online Security\Anti-Virus\win2k\fsrec.sys [2008-04-06 18432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - N:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49a5aea9-0616-11dd-9485-000bdb124b34}]
\Shell\AutoRun\command - M:\setup.exe
\Shell\dxsetup\command - m:\directx\dxsetup.exe
\Shell\setup\command - M:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1993962763-839522115-1003.job
- c:\documents and settings\Owner.BZ-HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-20 02:23]

2009-02-21 c:\windows\Tasks\Scheduled scanning task.job
- d:\progra~1\EMBARQ~2\ANTI-V~1\fsav.exe [2007-04-26 03:42]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = https://psprintcw.sprint.motive.com/wizlet/EMBARQHSI/welcomePrepare.do?locale=en
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Open with BitPump - d:\program files\AnalogX\BitPump\ieint.htm
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A1818} - d:\program files\PC Digital Safe\PcDigitalSafe.exe
IE: {{9CE19FF4-783B-49DD-8158-3B8B5C02B9A4} - d:\program files\FreshDevices\FreshDownload\fd.exe
LSP: d:\program files\EMBARQ Online Security\FSPS\program\fslsp.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - d:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - d:\progra~1\COPERN~1\COPERN~1.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Owner.BZ-HOME\Application Data\Mozilla\Firefox\Profiles\gpsukuf3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Owner.BZ-HOME\Application Data\Mozilla\Firefox\Profiles\gpsukuf3.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\documents and settings\Owner.BZ-HOME\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 13:40:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1993962763-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(652)
d:\program files\EMBARQ Online Security\FSPS\program\fslsp.dll
.
Completion time: 2009-02-21 13:49:29
ComboFix-quarantined-files.txt 2009-02-21 21:49:23

Pre-Run: 1,596,481,536 bytes free
Post-Run: 2,369,499,136 bytes free

338 --- E O F --- 2009-01-14 22:57:18


Report •

#6
February 22, 2009 at 07:51:49
Makw sure your g: and h: drive are connected to the computer.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
AWF::
c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
c:\program files\EMBARQ Online Security\Common\bak\FSM32.EXE
c:\program files\EMBARQ Online Security\FSGUI\bak\TNBUtil.exe
c:\program files\Google\Google Talk\bak\googletalk.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe
c:\program files\REGSHAVE\bak\REGSHAVE.EXE
d:\program files\QuickTime Alternative\bak\QTTask.exe
d:\program files\WxEx\bak\WxEx.exe
g:\games\BAK\Mis3-9lives\MP.cdf
g:\games\BAK\Mis3-9lives\Save.cdf
g:\games\BAK\Mis4-12lives\MP.cdf
g:\games\BAK\Mis4-12lives\Save.cdf
g:\games\BAK\Mis5-11lives\MP.cdf
g:\games\BAK\Mis5-11lives\Save.cdf
g:\games\BAK\Mis6-11lives\MP.cdf
g:\games\BAK\Mis6-11lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis10-13lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis10-13lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis10-17lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis10-17lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis10-2lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis10-2lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis10-42lives\MP.CDF
g:\program files\Alien Sky\BAK\Mis10-42lives\SAVE.CDF
g:\program files\Alien Sky\BAK\Mis2-8lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis2-8lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis3-12lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis3-12lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis3-9lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis3-9lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis4-12lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis4-12lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis4-14lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis4-14lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis5-11lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis5-11lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis5-13lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis5-13lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis6-11lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis6-11lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis7-10lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis7-10lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis7-6lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis7-6lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis7-8lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis7-8lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis8-10lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis8-10lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis9-17lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis9-17lives\Save.cdf
g:\program files\Alien Sky\BAK\Mis9-6lives\MP.cdf
g:\program files\Alien Sky\BAK\Mis9-6lives\Save.cdf
h:\my music\License Backup\bak\drmv1key.bak
h:\my music\License Backup\bak\drmv1lic.bak
h:\my music\License Backup\bak\drmv2key.bak
h:\my music\License Backup\bak\drmv2lic.bak

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#7
February 22, 2009 at 14:58:51
I should have waited. I think I need to back up to before I ran combofix.exe without renaming it to toolb.exe. Combofix starts when I drag the CFScript.txt onto it, but the computer locks up. Please, I won't do anything else until you say so. I'm sorry.

Report •

#8
February 22, 2009 at 16:10:40
Go to start> run type in combofix /u (note the space after combofix is needed) then press ok> run. Give it a minute to run. This will uninstall Combofix.

Download combofix again and run the script in response #6.


Report •

#9
February 24, 2009 at 11:24:20
ComboFix 09-02-19.01 - Owner 2009-02-24 11:07:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.667 [GMT -8:00]
Running from: h:\downloads\Software Downloads\autorun eater\ComboFix\toolb.exe
Command switches used :: h:\downloads\Software Downloads\autorun eater\ComboFix\CFScript.txt
AV: EMBARQ Online Security 7.00 *On-access scanning enabled* (Updated)
FW: EMBARQ Online Security 7.00 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2009-02-24 11:00 . 2009-02-24 11:00 <DIR> d----c--- C:\32788R22FWJFW
2009-02-22 20:14 . 2009-02-22 20:15 <DIR> d----c--- c:\temp\cf
2009-02-22 11:40 . 2009-02-22 14:10 <DIR> d----c--- C:\ComboFix
2009-02-21 16:52 . 2009-02-21 16:52 <DIR> d--hsc--- c:\documents and settings\Owner.BZ-HOME\IECompatCache
2009-02-21 16:51 . 2009-02-21 16:51 <DIR> d--hsc--- c:\documents and settings\Owner.BZ-HOME\PrivacIE
2009-02-21 16:51 . 2009-02-21 16:51 <DIR> d--hsc--- c:\documents and settings\Owner.BZ-HOME\IETldCache
2009-02-21 16:13 . 2009-02-21 16:16 <DIR> d--h-c--- c:\windows\ie8
2009-02-21 07:31 . 2009-02-21 07:31 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 07:31 . 2009-02-21 07:31 <DIR> d----c--- c:\documents and settings\Owner.BZ-HOME\Application Data\Malwarebytes
2009-02-21 07:31 . 2009-02-21 07:31 <DIR> d----c--- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-02-21 07:31 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-21 07:31 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-02-21 06:37 . 2009-02-21 07:09 <DIR> d----c--- c:\program files\Autorun Eater
2009-02-07 08:28 . 2009-02-07 08:28 <DIR> d----c--- c:\program files\Microsoft IntelliPoint
2009-02-07 08:28 . 2007-08-21 01:13 21,760 --a--c--- c:\windows\system32\drivers\point32.sys
2009-02-02 20:00 . 2009-02-05 18:27 34 --a--c--- c:\documents and settings\Owner.BZ-HOME\jagex_runescape_preferences.dat
2009-01-31 16:30 . 2009-01-31 16:43 <DIR> d----c--- c:\documents and settings\Owner.BZ-HOME\dodian.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 19:12 --------- dc----w c:\program files\Lx_cats
2009-02-24 19:07 --------- dc----w c:\program files\REGSHAVE
2009-02-24 19:07 --------- dc----w c:\program files\iTunes
2009-02-22 01:46 --------- dc----w c:\program files\Virtual Earth 3D
2009-01-24 04:45 --------- dc----w c:\program files\Paradise Pet Salon
2009-01-20 00:01 --------- dc----w c:\documents and settings\All Users.WINDOWS\Application Data\Trymedia
2009-01-15 10:05 911,872 -c--a-w c:\windows\system32\wininet.dll
2009-01-15 10:05 43,008 -c--a-w c:\windows\system32\licmgr10.dll
2009-01-15 10:04 18,944 -c--a-w c:\windows\system32\corpol.dll
2009-01-15 10:03 72,704 -c--a-w c:\windows\system32\admparse.dll
2009-01-15 10:03 71,680 -c--a-w c:\windows\system32\iesetup.dll
2009-01-15 10:03 420,352 -c--a-w c:\windows\system32\vbscript.dll
2009-01-15 10:01 34,304 -c--a-w c:\windows\system32\imgutil.dll
2009-01-15 10:00 48,128 -c--a-w c:\windows\system32\mshtmler.dll
2009-01-15 10:00 45,568 -c--a-w c:\windows\system32\mshta.exe
2009-01-15 09:50 156,160 -c--a-w c:\windows\system32\msls31.dll
2009-01-04 10:21 --------- dc----w c:\program files\JoshMadison
2009-01-04 08:12 --------- dc----w c:\documents and settings\All Users.WINDOWS\Application Data\HipSoft
2009-01-04 00:23 --------- dc----w c:\program files\Maxis
2009-01-04 00:05 --------- dc----w c:\program files\Sim File Maid 2
2008-12-15 05:22 410,984 -c--a-w c:\windows\system32\deploytk.dll
2008-08-24 23:02 47,360 -c--a-w c:\documents and settings\Owner.BZ-HOME\Application Data\pcouffin.sys
2008-04-05 16:38 47,360 -c--a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2008-03-06 04:24 774,144 -c--a-w c:\program files\RngInterstitial.dll
2005-09-14 15:24 33,280 -c--a-w c:\program files\EndProcess.exe
2008-04-10 22:06 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-04-07 4608]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Google Update"="c:\documents and settings\Owner.BZ-HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"F-Secure Manager"="d:\program files\EMBARQ Online Security\Common\FSM32.EXE" [2007-04-26 176177]
"F-Secure TNB"="d:\program files\EMBARQ Online Security\FSGUI\TNBUtil.exe" [2007-04-26 733184]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2008-04-07 438359]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 20480]
"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"BitPump"="d:\program files\AnalogX\BitPump\bitpump.exe" [2008-04-25 536576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-09-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-03 455168]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.RUD0"= Rududu.dll
"MSACM.IMC"= IMC32.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\[u]0[/u]autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\AnalogX\\BitPump\\bitpump.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\app4r.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Downloads\\utorrent\\utorrent-1.8-beta-9704.upx.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-04-06 51104]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-04-24 38448]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;d:\program files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2008-04-06 52736]
S3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2008-04-30 508544]
S3 DrmRVideo32;DrmRVideo32;c:\windows\system32\drivers\DrmRVideo32.sys [2008-04-30 3768]
S3 MaplomL;MaplomL; [x]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-04-25 2688]
S4 F-Secure Filter;F-Secure File System Filter;d:\program files\EMBARQ Online Security\Anti-Virus\win2k\fsfilter.sys [2008-04-06 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;d:\program files\EMBARQ Online Security\Anti-Virus\win2k\fsrec.sys [2008-04-06 18432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49a5aea9-0616-11dd-9485-000bdb124b34}]
\Shell\AutoRun\command - M:\setup.exe
\Shell\dxsetup\command - m:\directx\dxsetup.exe
\Shell\setup\command - M:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1993962763-839522115-1003.job
- c:\documents and settings\Owner.BZ-HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-20 02:23]

2009-02-24 c:\windows\Tasks\Scheduled scanning task.job
- d:\progra~1\EMBARQ~2\ANTI-V~1\fsav.exe [2007-04-26 03:42]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-PC-Checkup - d:\program files\PC Check-up\PCCheckUp.exe
HKLM-Run-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-Trickler - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = https://psprintcw.sprint.motive.com/wizlet/EMBARQHSI/welcomePrepare.do?locale=en
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Open with BitPump - d:\program files\AnalogX\BitPump\ieint.htm
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A1818} - d:\program files\PC Digital Safe\PcDigitalSafe.exe
IE: {{9CE19FF4-783B-49DD-8158-3B8B5C02B9A4} - d:\program files\FreshDevices\FreshDownload\fd.exe
LSP: d:\program files\EMBARQ Online Security\FSPS\program\fslsp.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - d:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - d:\progra~1\COPERN~1\COPERN~1.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Owner.BZ-HOME\Application Data\Mozilla\Firefox\Profiles\gpsukuf3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Owner.BZ-HOME\Application Data\Mozilla\Firefox\Profiles\gpsukuf3.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\documents and settings\Owner.BZ-HOME\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 11:12:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1993962763-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(856)
d:\program files\EMBARQ Online Security\FSPS\program\fslsp.dll
.
r Running Proce
.
d:\program files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
d:\program files\EMBARQ Online Security\Anti-Virus\fsgk32.exe
d:\program files\EMBARQ Online Security\Common\FSMA32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdccoms.exe
d:\program files\EMBARQ Online Security\Common\FSMB32.EXE
d:\program files\RAXCO\PerfectDisk\PDAgent.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\program files\EMBARQ Online Security\Common\FCH32.EXE
d:\program files\EMBARQ Online Security\Common\FAMEH32.EXE
d:\program files\EMBARQ Online Security\Anti-Virus\fsqh.exe
d:\program files\EMBARQ Online Security\Anti-Virus\fssm32.exe
d:\program files\EMBARQ Online Security\FSAUA\program\fsaua.exe
d:\program files\EMBARQ Online Security\FWES\program\fsdfwd.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
d:\program files\EMBARQ Online Security\FSGUI\fsguidll.exe
d:\program files\EMBARQ Online Security\FSAUA\program\fsus.exe
d:\program files\EMBARQ Online Security\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2009-02-24 11:21:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-24 19:20:57
ComboFix2.txt 2009-02-21 21:49:32

Pre-Run: 3,169,755,136 bytes free
Post-Run: 3,212,034,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

227 --- E O F --- 2009-02-21 23:35:29


Report •

#10
February 24, 2009 at 18:02:57
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#11
February 26, 2009 at 19:30:33
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, February 26, 2009
Operating System: Microsoft Windows XP Home Edition Service
Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 25, 2009
23:39:34
Records in database: 1844985
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan statistics:
Files scanned: 283238
Threat name: 23
Infected objects: 39
Suspicious objects: 4
Duration of the scan: 26:36:07


File name / Threat name / Threats count
C:\Documents and Settings\Owner.BZ-HOME\Shared\01 Track
1.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Owner.BZ-HOME\Shared\06 Track
6.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Owner.BZ-HOME\Shared\energy
noncrisis.mpg Infected: Trojan-Downloader.WMA.GetCodec.c
1
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.0xe
Infected: Trojan.Win32.KillAV.oh 1
C:\Program Files\Google\Google Talk\googletalk.0xe Infected:
Trojan.Win32.KillAV.oh 1
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.0xe
Infected: Trojan.Win32.KillAV.oh 1
C:\Program Files\iTunes\iTunesHelper.0xe Infected:
Trojan.Win32.KillAV.oh 1
C:\Program Files\Java\jre1.6.0_03\bin\jusched.0xe Infected:
Trojan.Win32.KillAV.oh 1
C:\Program Files\REGSHAVE\REGSHAVE.0XE Infected:
Trojan.Win32.KillAV.oh 1
D:\Documents and Settings\JD
Blankenship\Desktop\Backups\BackupOE(20041126)\emails\shirly.
dbx Infected: Email-Worm.Win32.Mydoom.l 1
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Deleted Items.dbx
Suspicious: Trojan-Spy.HTML.Fraud.gen 2
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Deleted Items.dbx
Infected: Trojan-Spy.HTML.Bankfraud.fn 2
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Norton AntiSpam
Folder.dbx Infected: Trojan-Spy.HTML.Bankfraud.ga 1
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Norton AntiSpam
Folder.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Norton AntiSpam
Folder.dbx Infected: Trojan-Spy.HTML.Bankfraud.ci 4
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Norton AntiSpam
Folder.dbx Infected: Trojan-Downloader.JS.Iframe.a 4
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Microsoft\Outlook\Outlook.pst
Infected: Trojan-Spy.HTML.Bayfraud.ac 1
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Microsoft\Outlook\Outlook.pst
Infected: Trojan-Spy.HTML.Sunfraud.ax 1
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Microsoft\Outlook\Outlook.pst
Infected: Trojan-Spy.HTML.Bankfraud.w 2
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Microsoft\Outlook\Outlook.pst
Infected: Trojan-Spy.HTML.Bankfraud.br 1
D:\Documents and Settings\JD Blankenship\My Documents\My
Documents\Identities\{54199AD4-0CA2-4ABA-99F0-
F906BB94D10B}\spike.dbx Infected: Email-Worm.Win32.Sober.x
1
D:\Documents and Settings\JD Blankenship\My Documents\My
Documents\Identities\{FABD6929-FA19-48F9-88A5-
BBDFBBA3061B}\spike.dbx Infected: Email-Worm.Win32.Sober.x
1
D:\Downloads\torrent\Windows Genuine Advantage Validation 1 7
69 1\bgj3010a\SetupGameJackal3010.0xe Infected:
Backdoor.Win32.Agent.tyf 1
D:\Program Files\LimeWire\Downloads\jason marks.mp3
Infected: Trojan-Downloader.WMA.GetCodec.r 1
D:\Program Files\LimeWire\Downloads\Programs\Google Earth
Pro Map (Full Cracked).0ar Infected: Trojan-
Clicker.Win32.VB.ib 1
D:\Program Files\LimeWire\Downloads\[b0nZy] poster printer.ace
Infected: Trojan-Downloader.Win32.IstBar.nj 1
D:\Program Files\Mozilla Firefox\components\iamfamous.0ll
Infected: Trojan.Win32.Agent.avjo 1
D:\Program Files\Mozilla Firefox\components\iamfamous.1ll
Infected: Packed.Win32.Tdss.c 1
D:\Program Files\QuickTime Alternative\QTTask.0xe Infected:
Trojan.Win32.KillAV.oh 1
D:\RECYCLER\S-1-5-21-2025429265-1482476501-682003330-
1003\Dd611\GoogleEarthPro.0xe Infected: Trojan-
Clicker.Win32.VB.ib 1
F:\Torrent\bitdownload\BitDownload-3.4.0.0-setup-0596.0xe
Infected: Trojan.Win32.Obfuscated.en 1
F:\Torrent\bitdownload\BSPlayer PRO 2.21.950 Vista Ready +
keygen\Keygen_ICU.0xe Infected: Trojan.Win32.Genome.wwl
1
H:\Downloads\Software
Downloads\Norton.Antivirus.2005+Keygen-TMG.0ip Infected:
Trojan-Dropper.Win32.Delf.fd 1

The selected area was scanned.


Report •

#12
February 26, 2009 at 19:56:53
All of the infected files found by Kaspersky need to be deleted.

I'm not up to date on outlook but you have infected files there and they need to be removed. You should do a google search to find out how to remove those types of outlook files.


Report •

#13
February 26, 2009 at 21:14:05
These infected files;
C:\Documents and Settings\Owner.BZ-HOME\Shared\01 Track
1.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Owner.BZ-HOME\Shared\06 Track
6.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Owner.BZ-HOME\Shared\energy
noncrisis.mpg Infected: Trojan-Downloader.WMA.GetCodec.c
1
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.0xe
Infected: Trojan.Win32.KillAV.oh 1
C:\Program Files\Google\Google Talk\googletalk.0xe Infected:
Trojan.Win32.KillAV.oh 1
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.0xe
Infected: Trojan.Win32.KillAV.oh 1
C:\Program Files\iTunes\iTunesHelper.0xe Infected:
Trojan.Win32.KillAV.oh 1
C:\Program Files\Java\jre1.6.0_03\bin\jusched.0xe Infected:
Trojan.Win32.KillAV.oh 1
C:\Program Files\REGSHAVE\REGSHAVE.0XE Infected:
Trojan.Win32.KillAV.oh 1
D:\Documents and Settings\JD
Blankenship\Desktop\Backups\BackupOE(20041126)\emails\shirly.
dbx Infected: Email-Worm.Win32.Mydoom.l 1
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Deleted Items.dbx
Infected: Trojan-Spy.HTML.Bankfraud.fn 2
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Norton AntiSpam
Folder.dbx Infected: Trojan-Spy.HTML.Bankfraud.ga 1
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Norton AntiSpam
Folder.dbx Infected: Trojan-Spy.HTML.Bankfraud.ci 4
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Norton AntiSpam
Folder.dbx Infected: Trojan-Downloader.JS.Iframe.a 4
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Microsoft\Outlook\Outlook.pst
Infected: Trojan-Spy.HTML.Bayfraud.ac 1
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Microsoft\Outlook\Outlook.pst
Infected: Trojan-Spy.HTML.Sunfraud.ax 1
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Microsoft\Outlook\Outlook.pst
Infected: Trojan-Spy.HTML.Bankfraud.w 2
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Microsoft\Outlook\Outlook.pst
Infected: Trojan-Spy.HTML.Bankfraud.br 1
D:\Documents and Settings\JD Blankenship\My Documents\My
Documents\Identities\{54199AD4-0CA2-4ABA-99F0-
F906BB94D10B}\spike.dbx Infected: Email-Worm.Win32.Sober.x
1
D:\Documents and Settings\JD Blankenship\My Documents\My
Documents\Identities\{FABD6929-FA19-48F9-88A5-
BBDFBBA3061B}\spike.dbx Infected: Email-Worm.Win32.Sober.x
1
D:\Downloads\torrent\Windows Genuine Advantage Validation 1 7
69 1\bgj3010a\SetupGameJackal3010.0xe Infected:
Backdoor.Win32.Agent.tyf 1
D:\Program Files\LimeWire\Downloads\jason marks.mp3
Infected: Trojan-Downloader.WMA.GetCodec.r 1
D:\Program Files\LimeWire\Downloads\Programs\Google Earth
Pro Map (Full Cracked).0ar Infected: Trojan-
Clicker.Win32.VB.ib 1
D:\Program Files\LimeWire\Downloads\[b0nZy] poster printer.ace
Infected: Trojan-Downloader.Win32.IstBar.nj 1
D:\Program Files\Mozilla Firefox\components\iamfamous.0ll
Infected: Trojan.Win32.Agent.avjo 1
D:\Program Files\Mozilla Firefox\components\iamfamous.1ll
Infected: Packed.Win32.Tdss.c 1
D:\Program Files\QuickTime Alternative\QTTask.0xe Infected:
Trojan.Win32.KillAV.oh 1
D:\RECYCLER\S-1-5-21-2025429265-1482476501-682003330-
1003\Dd611\GoogleEarthPro.0xe Infected: Trojan-
Clicker.Win32.VB.ib 1
F:\Torrent\bitdownload\BitDownload-3.4.0.0-setup-0596.0xe
Infected: Trojan.Win32.Obfuscated.en 1
F:\Torrent\bitdownload\BSPlayer PRO 2.21.950 Vista Ready +
keygen\Keygen_ICU.0xe Infected: Trojan.Win32.Genome.wwl
1
H:\Downloads\Software
Downloads\Norton.Antivirus.2005+Keygen-TMG.0ip Infected:
Trojan-Dropper.Win32.Delf.fd 1

is that correct?

And the Suspicious files;
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Deleted Items.dbx
Suspicious: Trojan-Spy.HTML.Fraud.gen 2
D:\Documents and Settings\JD Blankenship\Local
Settings\Application Data\Identities\{40D27CAD-0D1E-4541-9602-
C5AAF720811F}\Microsoft\Outlook Express\Norton AntiSpam
Folder.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2

should I delete them too?

The Outlook I got away from some time ago and anything there
can be sacrificed. If I uninstall Outlook and delete those files, do
you think that might do?


Report •

#14
February 28, 2009 at 11:04:55
I hope I'm not being impatient. I still have more to do and/or need
to rescan, don't I?

Report •

#15
February 28, 2009 at 11:15:04
If you deleted those files you should be clean.

Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes

Kaspersky

You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •

#16
February 28, 2009 at 16:09:39
I cannot express my true appreciation for this help, but please
know that I do appreciate it so. OK, I've done all that. How's it
runnin'? Well, let me post that response in a couple days after the
test drive. It has always started out seeming to work great and
then after varying amounts of time and users just "sludged-up" if
you can catch my meaning. Thanks again and I'll post more follow
up.

Report •

#17
February 28, 2009 at 16:39:14
Ok, thanks for the follow up.

Report •


Ask Question