Infected with PUP.bundleoffers.iiq trojan

[mkruzel]

I have one computer infected with this trojan and I scanned the computer with Malwarebytes and it only found 1. I clicked the remove option and restarted the pc after scanning and it didn't remove the mysearchresults.com search engine and the home page was pointing still to myfreeze.com home page still. Can Malwarebytes remove this or should I just reinstall Windows 7 to remove the infection?

[jeffce]

Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The fixes are specific to your problem and should only be used for the issues on this machine.
  
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  
• It's often worth reading through these instructions and printing them for ease of reference.
  
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  
• Please reply to this thread. Do not start a new topic.
  

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

• Disable any script blocking protection
  
• Right-click and Run as Administrator dds to run the tool.
  
• When done, two DDS.txt's will open.
  
• Save both reports to your desktop.
  

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt

----------

Please download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
  
• Click the Scan button to start scan.
  
• If you are asked to update the Avast Virus database please allow it to do so.
  
• When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

Click the image to enlarge it

----------

[mkruzel]

I will try this tomorrow and get back to you.

[jeffce]

Ok

[mkruzel]

I'm logged in with a different account and don't see the mysearchresults.com search engine. Should I be logged in with the infected user's account?

Here is the dds file:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.7600.17115

Run by zelda01 at 8:49:12 on 2012-11-20

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2003.966 [GMT -6:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ================

.

C:\WINDOWS\system32\wininit.exe

C:\WINDOWS\system32\lsm.exe

C:\WINDOWS\system32\atiesrxx.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Users\KPurcell\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\CCM\CcmExec.exe

C:\WINDOWS\system32\atieclxx.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\taskhost.exe

C:\WINDOWS\system32\taskeng.exe

C:\WINDOWS\system32\Dwm.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\conhost.exe

C:\WINDOWS\system32\net.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe

C:\WINDOWS\system32\sppsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\WmiApSrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\servicing\TrustedInstaller.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskhost.exe

C:\WINDOWS\system32\conhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.saintpaul.edu

uDefault_Page_URL = hxxp://www.saintpaul.edu

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} - <orphaned>

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\kpurcell\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll

BHO: Playtopus Games: {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} - c:\users\kpurcell\appdata\local\playtopus\Playtopus.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: legalnoticecaption = Saint Paul College Acceptable Use Policy

mPolicies-Windows\System: UserPolicyMode = dword:1

mPolicies-Windows\System: DeleteRoamingCache = dword:1

mPolicies-Windows\System: SlowLinkDetectEnabled = dword:0

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 10.1.14.61 10.1.14.19

TCP: Interfaces\{387E119E-02D1-455D-891E-E52BBCFC4FB4}\C696E6B6379737 : DHCPNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{8676C854-A2F9-44E5-8611-32DE661E604A} : DHCPNameServer = 10.1.14.61 10.1.14.19

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\kpurcell\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-11-13 107520]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-2-23 1839776]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-23 106656]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\clt-inst\vpremote.exe [2011-4-25 142240]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-26 1343400]

.

=============== Created Last 30 ================

.

2012-11-20 14:44:44 -------- d-----w- c:\users\zelda01\appdata\local\Google

2012-11-19 20:18:04 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-11-19 20:15:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-11-19 20:15:33 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-19 19:12:37 -------- d-----w- c:\programdata\Malwarebytes

2012-11-13 23:51:41 -------- d-----w- c:\program files\Freeze.com

2012-11-13 23:51:20 -------- d-----w- c:\program files\Yahoo!

2012-10-29 18:48:13 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-29 18:47:44 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-29 18:47:41 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-29 18:47:30 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-29 18:44:14 541184 ----a-w- c:\windows\system32\kerberos.dll

2012-10-29 18:43:41 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-29 18:43:41 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-29 18:43:40 1157632 ----a-w- c:\windows\system32\crypt32.dll

2012-10-29 18:43:02 172544 ----a-w- c:\windows\system32\wintrust.dll

.

==================== Find3M ====================

.

2012-08-24 17:10:47 981504 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 17:08:47 44544 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-24 16:01:45 386048 ----a-w- c:\windows\system32\html.iec

2012-08-24 15:27:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 8:50:08.24 ===============

Here is attach.txt file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 12/3/2010 3:20:36 PM

System Uptime: 11/20/2012 8:42:47 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0DW635

Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2401/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 197.3 GiB free.

D: is CDROM (UDF)

P: is NetworkDisk (NTFS) - 600 GiB total, 68.306 GiB free.

R: is NetworkDisk (NTFS) - 200 GiB total, 185.737 GiB free.

S: is NetworkDisk (NTFS) - 600 GiB total, 68.306 GiB free.

U: is NetworkDisk (NTFS) - 10 GiB total, 4.128 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP104: 9/11/2012 3:53:21 PM - Scheduled Checkpoint

RP105: 9/19/2012 8:06:55 AM - Scheduled Checkpoint

RP106: 9/24/2012 3:41:21 PM - Windows Update

RP107: 10/9/2012 3:48:15 PM - Scheduled Checkpoint

RP108: 10/17/2012 8:03:35 AM - Scheduled Checkpoint

RP109: 10/24/2012 8:15:37 AM - Scheduled Checkpoint

RP110: 10/29/2012 1:42:23 PM - Windows Update

RP111: 11/6/2012 8:47:34 PM - Scheduled Checkpoint

RP112: 11/14/2012 8:19:34 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader X

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Camtasia Studio 7

Configuration Manager Client

DefaultTab

Google Toolbar for Internet Explorer

Google Update Helper

iTunes

Java Auto Updater

Java 6 Update 27

LiveUpdate 3.3 (Symantec Corporation)

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

MobileMe Control Panel

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

NetAssistant

Notepad++ version 6.1.2

OGA Notifier 2.0.0048.0

QuickTime

Respondus 3.5 Campus-Wide

RICOH R5U8xx Media Driver ver.3.62.02

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

SoundMAX

SUPERAntiSpyware

Symantec Endpoint Protection

TestGen

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2536413)

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

11/20/2012 8:46:19 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/19/2012 7:17:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/19/2012 7:15:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

11/19/2012 10:08:41 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

11/19/2012 10:08:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

11/14/2012 1:07:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.

.

==== End Of File ===========================

[mkruzel]

One thing I found is that this laptop doesn't have Windows 7 sp1 installed.

[mkruzel]

How big are the avast virus definition files? They are taking a long time to download.

[mkruzel]

I think I'm just going to back this persons's data up and install Windows 7 sp1 which I'm sure will remove the rootkit/s and pup.bundlieoffers.iiq.

[jeffce]

Hi,

Well do you mean you are going to format the hard drive completely and reinstall the operating system? I think that what I was seeing earlier that is a bit drastic but its really up to you. Let me know what you want to do.

[mkruzel]

I was a little pressed for time so I backed up her data and scanned her data on a separate drive to remove any viruses & then reinstalled Windows 7 via SCCM. How large are the virus definition files usually on the Avast utility? It was taking longer than an hour to download the virus definitions.

[mkruzel]

Actually I did another test with downloading virus definitions with aswMBR and it downloaded faster on my machine. We recently upgraded our phone system to VoIP and the download was really slow.

Jeff, thanks for all your help1

[jeffce]

Ok....since you seem to have everything taken care of...have a happy Thanksgiving.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!