Jump to content

FBI Moneypak removed but computer reaching out repeatedly to IP Address


Recommended Posts

Computer was infected with FBI Moneypak Virus. Malwarebytes seems to have detected and removed it when I ran in Safe Mode. Computer now running ok. However:

1. When performing an automatic update of Adobe Flash, the virus re-emerged. Was able to kill it in Safe Mode with Malwarebytes and get back up and running.

2. My computer seems to be automatically reacing out to an IP Address, and Malwarebytes is blocking it. This happens about once every 10 minutes: "Malwarebytes successfully blocked access to a potentially malicious website. 46.254.16.76 (Type: outgoing)" Records of these attempts are shown in the "Protection Logs"

Any assistance appreciated in addressing Item #2. Let me know what you need.

Link to post
Share on other sites

Welcome to the forum, see if you can do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL logfile created on: 1/21/2013 11:57:51 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.85% Memory free

3.85 Gb Paging File | 2.87 Gb Available in Paging File | 74.76% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 6.37 Gb Free Space | 4.27% Space Free | Partition Type: NTFS

Drive D: | 0.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive P: | 1716.00 Gb Total Space | 1590.77 Gb Free Space | 92.70% Space Free | Partition Type: NTFS

Drive Z: | 1716.00 Gb Total Space | 1590.77 Gb Free Space | 92.70% Space Free | Partition Type: NTFS

Computer Name: ANZARCH-1 | User Name: janzalone | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/21 11:56:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe

PRC - [2012/12/26 22:50:24 | 006,859,264 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe

PRC - [2012/12/21 22:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\janzalone\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/11/06 12:38:34 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012/10/17 13:55:24 | 000,840,112 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe

PRC - [2012/09/10 15:30:06 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2012/09/10 15:30:06 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2012/09/10 15:30:06 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2012/09/10 15:30:06 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2012/09/10 15:30:04 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2012/07/30 14:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2012/04/24 16:05:14 | 012,660,072 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe

PRC - [2012/01/12 23:00:04 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe

PRC - [2011/12/09 19:47:42 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe

PRC - [2010/07/02 13:25:48 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe

PRC - [2010/07/02 13:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe

PRC - [2009/12/04 01:49:40 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe

PRC - [2009/11/20 14:14:02 | 000,245,760 | ---- | M] (Marvell) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe

PRC - [2009/10/15 11:13:50 | 000,136,192 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/09 03:14:39 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll

MOD - [2013/01/09 03:14:30 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll

MOD - [2013/01/09 03:14:21 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll

MOD - [2013/01/09 03:13:22 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll

MOD - [2013/01/09 03:11:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll

MOD - [2013/01/09 03:10:04 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll

MOD - [2013/01/09 03:09:56 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll

MOD - [2013/01/09 03:08:47 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2012/12/26 08:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll

MOD - [2012/12/26 08:11:36 | 000,105,984 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmumsp.dll

MOD - [2012/04/24 16:41:14 | 001,087,336 | ---- | M] () -- C:\Program Files\Ralink\Common\RaWLAPI.dll

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/06/29 10:34:56 | 000,480,608 | ---- | M] () -- C:\WINDOWS\system32\DiagFunc.dll

MOD - [2009/11/20 13:42:08 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\HPM1210LM.DLL

MOD - [2009/11/20 13:42:08 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPM1210PP.dll

MOD - [2009/11/20 08:48:58 | 000,176,128 | R--- | M] () -- C:\WINDOWS\system32\m1210nwia.dll

MOD - [2009/10/15 11:13:48 | 000,964,096 | ---- | M] () -- C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll

MOD - [2009/10/15 11:13:46 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\HPLaserJetService\HPTools.dll

MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU

MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2013/01/16 09:29:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/08 22:47:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/06 12:38:34 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/09/10 15:30:06 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2012/09/10 15:30:06 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2012/09/10 15:30:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2012/09/10 15:30:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2012/09/10 15:30:04 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2012/01/12 23:00:04 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)

SRV - [2012/01/11 16:11:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/01/10 19:49:08 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2012/01/10 18:15:28 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)

SRV - [2011/12/09 19:47:42 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)

SRV - [2011/08/18 17:53:38 | 000,625,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)

SRV - [2009/12/04 01:49:40 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)

SRV - [2009/11/20 14:14:02 | 000,245,760 | ---- | M] (Marvell) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)

SRV - [2009/10/15 11:13:50 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)

SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2013/01/18 17:37:20 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SMR311.SYS -- (SMR311)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/09/11 11:57:13 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012/09/11 00:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120911.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/09/11 00:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/09/11 00:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/09/11 00:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120911.002\NAVENG.SYS -- (NAVENG)

DRV - [2012/09/10 15:30:08 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2012/09/10 15:30:08 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2012/09/10 15:30:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2012/09/10 15:30:04 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)

DRV - [2012/09/10 15:30:04 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)

DRV - [2012/09/10 15:30:02 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2012/07/19 07:45:52 | 001,174,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)

DRV - [2012/04/17 11:49:56 | 001,248,320 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009/04/21 15:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)

DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2006/05/25 14:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {F58DA12C-BDF8-49DB-9ADD-EB66C45881D5}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{F58DA12C-BDF8-49DB-9ADD-EB66C45881D5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF

IE - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\..\SearchScopes,DefaultScope = {29034F42-EC0F-4CB8-A007-176B737AFC26}

IE - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\..\SearchScopes\{29034F42-EC0F-4CB8-A007-176B737AFC26}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox

IE - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\..\SearchScopes\{F58DA12C-BDF8-49DB-9ADD-EB66C45881D5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/08 22:47:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2012/09/16 10:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\janzalone\Application Data\Mozilla\Extensions

[2013/01/03 10:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\janzalone\Application Data\Mozilla\Firefox\Profiles\3qhpkdev.default-1355672722985\extensions

[2013/01/08 22:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/01/08 22:47:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/09/27 07:47:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/01/08 22:47:51 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - Extension: Google Drive = C:\Documents and Settings\janzalone\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: Google Drive = C:\Documents and Settings\janzalone\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\janzalone\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Documents and Settings\janzalone\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Documents and Settings\janzalone\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)

O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKU\S-1-5-21-1647721599-2452076932-524808660-1103..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

O4 - Startup: C:\Documents and Settings\James Anzalone\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\janzalone\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Documents and Settings\James Anzalone\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)

O4 - Startup: C:\Documents and Settings\janzalone\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\janzalone\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Documents and Settings\janzalone\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1647721599-2452076932-524808660-1103\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)

O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://webassistants.partcommunity.com/partserver/viewer/cnsweb3d/cnsweb3d.cab (PARTcommunity 3D Web Viewer)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = anzarch.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C9AA747-135E-4CF7-9C71-8A8481FACAD1}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C9AA747-135E-4CF7-9C71-8A8481FACAD1}: NameServer = 192.168.0.5,192.168.0.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (RalinkGina.DLL) - C:\WINDOWS\System32\RalinkGina.dll (Ralink Tech)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/01/10 17:44:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 17:37:19 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS

[2013/01/18 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\janzalone\Local Settings\Application Data\NPE

[2013/01/18 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2013/01/18 13:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\janzalone\Desktop\DDS

[2013/01/18 10:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\janzalone\Desktop\Windiag

[2013/01/18 10:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013/01/16 12:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Free Download Manager

[2013/01/14 08:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\janzalone\Application Data\Malwarebytes

[2013/01/14 08:38:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2013/01/14 08:33:54 | 000,123,904 | ---- | C] (Bit Technologies) -- C:\Documents and Settings\All Users\Application Data\unzhaza.exe

[2013/01/09 18:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\janzalone\FileNet JavaView

[2013/01/08 22:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/01/21 12:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/21 11:56:52 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\janzalone\Desktop\Shortcut to OTL.lnk

[2013/01/21 11:51:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/21 11:14:02 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FBCA96C7-BA8B-40AD-9DF8-D6CC4075288E}.job

[2013/01/21 11:09:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml

[2013/01/21 11:09:25 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/21 11:09:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/01/21 00:00:00 | 000,000,762 | ---- | M] () -- C:\WINDOWS\tasks\DailyBackup.job

[2013/01/20 23:00:00 | 000,000,758 | ---- | M] () -- C:\WINDOWS\tasks\Backup1.job

[2013/01/18 17:37:20 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS

[2013/01/18 17:37:20 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\drivers\SMR311.dat

[2013/01/18 17:30:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/18 17:25:16 | 000,000,211 | ---- | M] () -- C:\boot.ini

[2013/01/17 18:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/01/17 11:31:19 | 000,228,466 | ---- | M] () -- C:\Documents and Settings\janzalone\Desktop\Pages from PLMarkups-1 9 13.pdf

[2013/01/16 17:35:53 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\janzalone\Desktop\Shortcut to Anzalone Architecture on 'anzarchserver' (Z).lnk

[2013/01/14 08:49:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/11 14:39:03 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\janzalone\Desktop\Lanier Web Interface.url

[2013/01/11 13:31:19 | 000,001,726 | -H-- | M] () -- C:\Documents and Settings\janzalone\My Documents\Default.rdp

[2013/01/11 11:44:06 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\janzalone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/11 07:54:10 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2013/01/09 03:09:23 | 000,435,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/09 03:09:23 | 000,068,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/09 03:02:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/01/03 10:29:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\janzalone\Desktop\Free Download Manager.lnk

[2012/12/26 16:03:33 | 000,066,108 | ---- | M] () -- C:\acadminidump.dmp

[2012/12/26 12:01:36 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\janzalone\Start Menu\Programs\Startup\Dropbox.lnk

[2012/12/26 12:01:20 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\janzalone\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2013/01/21 11:56:52 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\janzalone\Desktop\Shortcut to OTL.lnk

[2013/01/18 17:37:20 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\SMR311.dat

[2013/01/17 11:31:19 | 000,228,466 | ---- | C] () -- C:\Documents and Settings\janzalone\Desktop\Pages from PLMarkups-1 9 13.pdf

[2013/01/16 17:35:53 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\janzalone\Desktop\Shortcut to Anzalone Architecture on 'anzarchserver' (Z).lnk

[2013/01/11 14:39:03 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\janzalone\Desktop\Lanier Web Interface.url

[2012/11/27 12:46:42 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll

[2012/11/27 12:46:42 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll

[2012/11/27 12:46:42 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI

[2012/11/27 12:46:42 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini

[2012/10/25 08:50:18 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\janzalone\g2mdlhlpx.exe

[2012/09/11 09:52:25 | 000,187,995 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1347375058.bdinstall.bin

[2012/09/10 16:47:44 | 000,003,086 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2012/08/18 09:15:44 | 000,284,169 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1345298791.bdinstall.bin

[2012/08/15 11:57:00 | 000,061,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1345049807.2932.bin

[2012/08/15 11:56:48 | 000,086,821 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1345049807.864.bin

[2012/08/15 11:56:48 | 000,004,741 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1345049807.4004.bin

[2012/08/15 11:56:47 | 000,035,635 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1345049807.3360.bin

[2012/03/23 08:32:40 | 000,122,832 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2012/03/23 08:32:40 | 000,000,135 | ---- | C] () -- C:\WINDOWS\AGSCDV3.INI

[2012/02/15 22:25:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/16 10:02:43 | 000,000,070 | ---- | C] () -- C:\WINDOWS\ricdb.ini

[2012/01/15 11:28:44 | 000,312,992 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1326644169.bdinstall.bin

[2012/01/14 13:26:00 | 000,056,956 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2012/01/11 15:34:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI

[2012/01/10 20:08:44 | 001,265,664 | ---- | C] () -- C:\WINDOWS\System32\HPM1210SM.exe

[2012/01/10 20:08:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\HPM1210LM.DLL

[2012/01/10 20:08:44 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\HPM1210SMs.dll

[2012/01/10 20:08:43 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\m1210nwia.dll

[2012/01/10 20:03:37 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL

[2012/01/10 18:49:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2012/01/10 18:36:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2012/01/10 17:46:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/01/10 17:42:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012/01/10 12:36:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012/01/10 12:35:29 | 000,294,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/25 09:15:18 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat

========== ZeroAccess Check ==========

[2012/01/10 19:24:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 11:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/10 19:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2012/02/07 08:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging

[2012/01/10 18:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2012/09/14 08:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output

[2012/02/07 14:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen

[2013/01/16 12:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Download Manager

[2012/11/27 12:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver

[2012/01/16 10:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ricoh

[2012/01/11 15:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/01/10 19:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\Autodesk

[2012/09/11 09:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\Bitdefender

[2012/06/07 12:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\cadenas

[2012/01/10 19:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\Downloaded Installations

[2012/11/26 18:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\Dropbox

[2012/01/27 13:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\eFax Messenger

[2012/04/19 18:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\FileOpen

[2012/01/11 10:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\j2 Global

[2012/05/30 13:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\Oracle

[2012/01/15 11:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Anzalone\Application Data\QuickScan

[2012/09/11 12:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\janzalone\Application Data\Autodesk

[2013/01/21 11:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\janzalone\Application Data\Dropbox

[2012/09/14 08:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\janzalone\Application Data\eFax Messenger

[2012/11/15 15:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\janzalone\Application Data\FileOpen

[2013/01/21 11:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\janzalone\Application Data\Free Download Manager

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 1/21/2013 11:57:51 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.85% Memory free

3.85 Gb Paging File | 2.87 Gb Available in Paging File | 74.76% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 6.37 Gb Free Space | 4.27% Space Free | Partition Type: NTFS

Drive D: | 0.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive P: | 1716.00 Gb Total Space | 1590.77 Gb Free Space | 92.70% Space Free | Partition Type: NTFS

Drive Z: | 1716.00 Gb Total Space | 1590.77 Gb Free Space | 92.70% Space Free | Partition Type: NTFS

Computer Name: ANZARCH-1 | User Name: janzalone | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1647721599-2452076932-524808660-1103\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"9100:TCP" = 9100:TCP:*:Enabled:Advanced TCP/IP Printer Port

"427:TCP" = 427:TCP:*:Enabled:Advanced TCP/IP SLP Port

"161:TCP" = 161:TCP:*:Enabled:Advanced TCP/IP SNMP Port

"427:UDP" = 427:UDP:*:Enabled:SLP

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)

"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)

"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Documents and Settings\janzalone\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\janzalone\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

"C:\Program Files\Ralink\Common\RaMediaServer.exe" = C:\Program Files\Ralink\Common\RaMediaServer.exe:*:Enabled:Ralink UPnP Media Server -- ()

"C:\Program Files\Ralink\Common\RaUI.exe" = C:\Program Files\Ralink\Common\RaUI.exe:*:Enabled:Ralink Utility -- (Ralink Technology, Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"D:\ProductInst.exe" = D:\ProductInst.exe:*:Enabled:Advanced TCP/IP Port Installer

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Documents and Settings\James Anzalone\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\James Anzalone\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

"C:\Program Files\Ralink\Common\RaUI.exe" = C:\Program Files\Ralink\Common\RaUI.exe:*:Enabled:Ralink Utility -- (Ralink Technology, Corp.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1C5E35C2-583E-436B-AFC8-FB3F9B917C33}" = FileOpen Client

"{1FA6376A-3120-45DA-8686-96DEFC8A0513}" = HP LaserJet Toolbox

"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card

"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection

"{33FA361C-6545-4490-945C-1B869370489D}" = HP LaserJet Professional M1210 MFP Series Toolbox

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5783F2D7-5106-0409-0002-0060B0CE6BBA}" = Autodesk Building Systems 2007.1

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch

"{AC76BA86-1033-F400-BA7E-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708

"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService

"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series

"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger

"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer

"{FA3AFC80-05A5-45A6-BD6E-92641BF93129}" = HP LaserJet Professional M1210 MFP Series Fax Installer

"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1

"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter

"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX

"ESET Online Scanner" = ESET Online Scanner v3

"FileOpenClient_is1" = FileOpen Client version B925

"Free Download Manager_is1" = Free Download Manager 3.9.2

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist Corporate

"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series

"ie8" = Windows Internet Explorer 8

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Money2008b" = Microsoft Money Plus

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NirSoft BlueScreenView" = NirSoft BlueScreenView

"NVIDIA Drivers" = NVIDIA Drivers

"PhotoRecord" = Canon PhotoRecord

"RemoteCapture" = Canon Utilities RemoteCapture 2.1

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows XP Service Pack" = Windows XP Service Pack 3

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1647721599-2452076932-524808660-1103\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/14/2013 9:38:17 AM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1030

Description = Windows cannot query for the list of Group Policy objects. A message

that describes the reason for this was previously logged by the policy engine.

Error - 1/14/2013 10:39:41 AM | Computer Name = ANZARCH-1 | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual

scan. Action: Quarantine failed : Leave Alone failed. Action Description: The

file was deleted successfully.

Error - 1/14/2013 12:01:08 PM | Computer Name = ANZARCH-1 | Source = Microsoft Office 11 | ID = 1000

Description = Faulting application msaccess.exe, version 11.0.5614.0, stamp 3f3c8e3c,

faulting module ntdll.dll, version 5.1.2600.6055, stamp 4d00f27d, debug? 0, fault

address 0x00036037.

Error - 1/14/2013 2:03:55 PM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The RPC server

is unavailable. ). Group Policy processing aborted.

Error - 1/14/2013 6:52:53 PM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The RPC server

is unavailable. ). Group Policy processing aborted.

Error - 1/15/2013 1:03:38 PM | Computer Name = ANZARCH-1 | Source = Microsoft Office 11 | ID = 1000

Description = Faulting application msaccess.exe, version 11.0.5614.0, stamp 3f3c8e3c,

faulting module ntdll.dll, version 5.1.2600.6055, stamp 4d00f27d, debug? 0, fault

address 0x00036037.

Error - 1/15/2013 6:33:22 PM | Computer Name = ANZARCH-1 | Source = Application Error | ID = 1000

Description = Faulting application acrobat.exe, version 9.5.2.295, faulting module

acrobat.dll, version 9.5.2.295, fault address 0x000c0050.

Error - 1/16/2013 10:53:18 AM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1097

Description = Windows cannot find the machine account, No authority could be contacted

for authentication. .

Error - 1/16/2013 10:53:18 AM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1030

Description = Windows cannot query for the list of Group Policy objects. A message

that describes the reason for this was previously logged by the policy engine.

Error - 1/16/2013 3:55:38 PM | Computer Name = ANZARCH-1 | Source = Microsoft Office 11 | ID = 1000

Description = Faulting application msaccess.exe, version 11.0.5614.0, stamp 3f3c8e3c,

faulting module msaccess.exe, version 11.0.5614.0, stamp 3f3c8e3c, debug? 0, fault

address 0x00204eee.

[ Application Events ]

Error - 1/14/2013 9:38:17 AM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1030

Description = Windows cannot query for the list of Group Policy objects. A message

that describes the reason for this was previously logged by the policy engine.

Error - 1/14/2013 10:39:41 AM | Computer Name = ANZARCH-1 | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual

scan. Action: Quarantine failed : Leave Alone failed. Action Description: The

file was deleted successfully.

Error - 1/14/2013 12:01:08 PM | Computer Name = ANZARCH-1 | Source = Microsoft Office 11 | ID = 1000

Description = Faulting application msaccess.exe, version 11.0.5614.0, stamp 3f3c8e3c,

faulting module ntdll.dll, version 5.1.2600.6055, stamp 4d00f27d, debug? 0, fault

address 0x00036037.

Error - 1/14/2013 2:03:55 PM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The RPC server

is unavailable. ). Group Policy processing aborted.

Error - 1/14/2013 6:52:53 PM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The RPC server

is unavailable. ). Group Policy processing aborted.

Error - 1/15/2013 1:03:38 PM | Computer Name = ANZARCH-1 | Source = Microsoft Office 11 | ID = 1000

Description = Faulting application msaccess.exe, version 11.0.5614.0, stamp 3f3c8e3c,

faulting module ntdll.dll, version 5.1.2600.6055, stamp 4d00f27d, debug? 0, fault

address 0x00036037.

Error - 1/15/2013 6:33:22 PM | Computer Name = ANZARCH-1 | Source = Application Error | ID = 1000

Description = Faulting application acrobat.exe, version 9.5.2.295, faulting module

acrobat.dll, version 9.5.2.295, fault address 0x000c0050.

Error - 1/16/2013 10:53:18 AM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1097

Description = Windows cannot find the machine account, No authority could be contacted

for authentication. .

Error - 1/16/2013 10:53:18 AM | Computer Name = ANZARCH-1 | Source = Userenv | ID = 1030

Description = Windows cannot query for the list of Group Policy objects. A message

that describes the reason for this was previously logged by the policy engine.

Error - 1/16/2013 3:55:38 PM | Computer Name = ANZARCH-1 | Source = Microsoft Office 11 | ID = 1000

Description = Faulting application msaccess.exe, version 11.0.5614.0, stamp 3f3c8e3c,

faulting module msaccess.exe, version 11.0.5614.0, stamp 3f3c8e3c, debug? 0, fault

address 0x00204eee.

[ System Events ]

Error - 1/21/2013 1:10:32 PM | Computer Name = ANZARCH-1 | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/21/2013 1:10:42 PM | Computer Name = ANZARCH-1 | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/21/2013 1:10:52 PM | Computer Name = ANZARCH-1 | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/21/2013 1:11:02 PM | Computer Name = ANZARCH-1 | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/21/2013 1:11:10 PM | Computer Name = ANZARCH-1 | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/21/2013 1:11:20 PM | Computer Name = ANZARCH-1 | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/21/2013 1:11:32 PM | Computer Name = ANZARCH-1 | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 1/21/2013 1:11:40 PM | Computer Name = ANZARCH-1 | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/21/2013 1:11:50 PM | Computer Name = ANZARCH-1 | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/21/2013 1:12:00 PM | Computer Name = ANZARCH-1 | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

[2013/01/14 08:33:54 | 000,123,904 | ---- | C] (Bit Technologies) -- C:\Documents and Settings\All Users\Application Data\unzhaza.exe

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~

Then.................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

========== OTL ==========

File C:\Documents and Settings\All Users\Application Data\unzhaza.exe not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01212013_132618

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : janzalone [Admin rights]

Mode : Scan -- Date : 01/21/2013 13:27:56

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] notepad.exe -- C:\WINDOWS\notepad.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤

[TASK][sUSP PATH] DailyBackup.job : C:\WINDOWS\system32\ntbackup.exe backup "@C:\Documents and Settings\James Anzalone\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\DailyBackup.bks" /a /d "Set created 1/11/2012 at 4:54 PM" /v:yes /r:no /rs:no /hc:off /m normal /j "DailyBackup" /l:s /f "F:\Backup\Backup1.bk -> FOUND

[TASK][sUSP PATH] Backup1.job : C:\WINDOWS\system32\ntbackup.exe backup "@C:\Documents and Settings\James Anzalone\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\Backup1.bks" /a /d "Set created 6/30/2012 at 12:52 PM" /v:yes /r:no /rs:no /hc:off /m incremental /j "Backup1" /l:s /f "F:\Backup\Backup1.bkf" -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\Command Processor : AutoRun ("C:\Documents and Settings\janzalone\Local Settings\Application Data\unzhaza.exe") -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x89A8E540)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x89A8F390)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x89A33208)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89A3CDF0)

SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x89C459B0)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89A61240)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x89A3ECB0)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x89A8E448)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x89A8E480)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x89B02838)

SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x89C458F0)

SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x89A32DA8)

SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x89A28218)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x89CADA50)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x89A5F058)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x89A5D3C8)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x89A8F410)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x89CF20D0)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x89A3A4D0)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89B026F8)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x89A373D0)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x89A3C158)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89A8D618)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-75B4A0 +++++

--- User ---

[MBR] 31ced984580011e832937ecc9682e877

[bSP] 3b8df1e3e1d2e85b1265be16ea0d0dfe : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152578 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01212013_02d1327.txt >>

RKreport[1]_S_01212013_02d1327.txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[HJ] HKCU\[...]\Command Processor : AutoRun ("C:\Documents and Settings\janzalone\Local Settings\Application Data\unzhaza.exe") -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I completed the RogueKiller step. I could not run the ComboFix program. Despite disabling my Malwarebytes and Symantec End Point Protection the program said the Symantec was still active. Then it could not find a file that seemed to be needed. Then it stated it was not a trustworthy version of the program desipite the fact that I downloaded and saved to my desktop.

The computer is still reaching out to the same outside source. Unfortunately I need to leave this computer for the day. But I can continue efforts tomorrow.

Thanks for your assistance thus far.

Link to post
Share on other sites

Dear MrCharlie,

It appears that my issue has resolved itself. The malwarebytes database did an automatic update. After this update completed, the computer ceased reaching out to the unknown IP address. I will consider the issue closed. Thank you for all of your assistance.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.