Pz trojan

Pakes

idd.4EO.tmp.exe

idd83c.tmp.exe

dialer.U trojan

Usyp_0002_n1m1708.netinstaller.exe

there are alot more of tmp.exe that i have repeatedly deleted

 

 

28/08/2006 23:22:47 PM IMON file hxxp://85.255.114.166/1/rdgAU2404.exe a variant of Win32/TrojanDownloader.Busky trojan  JAI-PC\Jai

 

C:\WINDOWS\TEMP\iddC05.tmp.exe Win32/Dialer.U trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a new file created by the application: C:\WINDOWS\TEMP\win52F.tmp.exe. The file was moved to quarantine. You may close this window.
28/08/2006 23:23:53 PM AMON file C:\Documents and Settings\Jai Crewdson\Local Settings\Temporary Internet Files\Content.IE5\RSTUVNXY\rdgAU2404[1].exe a variant of Win32/TrojanDownloader.Busky trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a newly created file. The file was moved to quarantine. You may close this window.

28/08/2006 23:23:52 PM AMON file C:\WINDOWS\TEMP\iddB6B.tmp.exe Win32/Dialer.U trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a new file created by the application: C:\WINDOWS\TEMP\win2E1.tmp.exe. The file was moved to quarantine. You may close this window.

28/08/2006 23:23:35 PM AMON file C:\Documents and Settings\Jai Crewdson\Local Settings\Temporary Internet Files\Content.IE5\FSWCY89G\rdgAU2404[1].exe a variant of Win32/TrojanDownloader.Busky trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a newly created file. The file was moved to quarantine. You may close this window.

 
28/08/2006 23:23:33 PM AMON file C:\WINDOWS\TEMP\iddA1C.tmp.exe Win32/Dialer.U trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a new file created by the application: C:\WINDOWS\TEMP\win52F.tmp.exe. The file was moved to quarantine. You may close this window.
28/08/2006 23:23:02 PM AMON file C:\Documents and Settings\Jai Crewdson\Local Settings\Temporary Internet Files\Content.IE5\A6TF5Z4U\rdgAU2404[2].exe a variant of Win32/TrojanDownloader.Busky trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a newly created file. The file was moved to quarantine. You may close this window.

28/08/2006 23:23:01 PM AMON file C:\WINDOWS\TEMP\idd991.tmp.exe Win32/Dialer.U trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a new file created by the application: C:\WINDOWS\TEMP\win2E1.tmp.exe. The file was moved to quarantine. You may close this window.

28/08/2006 23:22:58 PM AMON file C:\Documents and Settings\Jai Crewdson\Local Settings\Temporary Internet Files\Content.IE5\A6TF5Z4U\rdgAU2404[1].exe a variant of Win32/TrojanDownloader.Busky trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a newly created file. The file was moved to quarantine. You may close this window.

28/08/2006 23:22:57 PM AMON file C:\WINDOWS\TEMP\idd89F.tmp.exe Win32/Dialer.U trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a new file created by the application: C:\WINDOWS\TEMP\win52F.tmp.exe. The file was moved to quarantine. You may close this window.

28/08/2006 23:22:56 PM AMON file C:\Documents and Settings\Jai Crewdson\Local Settings\Temporary Internet Files\Content.IE5\6OF0RUVI\rdgAU2404[2].exe a variant of Win32/TrojanDownloader.Busky trojan quarantined - deleted JAI-PC\Jai Crewdson Event occurred on a newly created file. The file was moved to quarantine. You may close this window.

 
28/08/2006 23:22:55 PM AMON file C:\WINDOWS\TEMP\idd7E6.tmp.exe Win32/Dialer.U trojan

 

 

 

 

 

 

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
 
Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
 
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
 
»»»»» Searching by size/names...
 
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
 
Other suspects.
Directory of C:\WINDOWS\system32
 
»»»»» Misc files.
 
»»»»» Checking for older varients covered by the Rem3 tool.

 

 

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                       

Spyware:Cookie/YieldManager                                                     Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@ad.yieldmanager[1].txt                                                                                                                                                                             
Spyware:Cookie/Adtech                                                           Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@adtech[2].txt                                                                                                                                                                                      
Spyware:Cookie/Advertising                                                      Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@advertising[2].txt                                                                                                                                                                                 
Spyware:Cookie/Falkag                                                           Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@as-eu.falkag[2].txt                                                                                                                                                                                
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@atdmt[2].txt                                                                                                                                                                                       
Spyware:Cookie/Casalemedia                                                      Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@casalemedia[2].txt                                                                                                                                                                                 
Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@doubleclick[1].txt                                                                                                                                                                                 
Spyware:Cookie/Mediaplex                                                        Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@mediaplex[1].txt                                                                                                                                                                                   
Spyware:Cookie/Serving-sys                                                      Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@serving-sys[1].txt                                                                                                                                                                                 
Spyware:Cookie/Reliablestats                                                    Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@stats1.reliablestats[2].txt                                                                                                                                                                        
Spyware:Cookie/Tribalfusion                                                     Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@tribalfusion[1].txt                                                                                                                                                                                
Spyware:Cookie/Zedo                                                             Not disinfected               C:\Documents and Settings\Jai Crewdson\Cookies\jai crewdson@zedo[1].txt                                                                                                                                                                                        
Dialer:Dialer.HPD                                                               Not disinfected               C:\Documents and Settings\Jai Crewdson\Local Settings\Temporary Internet Files\Content.IE5\A6TF5Z4U\srvuor[1].exe                                                                                                                                              
Adware:Adware/SystemDoctor                                                      Not disinfected               C:\Documents and Settings\Jai Crewdson\Local Settings\Temporary Internet Files\Content.IE5\FSWCY89G\srvewi[1].exe                                                                                                                                              
Adware:Adware/SystemDoctor                                                      Not disinfected               C:\Documents and Settings\Jai Crewdson\Local Settings\Temporary Internet Files\Content.IE5\RSTUVNXY\srvkxj[1].exe                                                                                                                                              
Dialer:Dialer.HPD   

I have treid using & following a lot of thread instructions in this forum & other forums but to no avail

so please help if u can

 

Got your pm.

I'll be here sometime today to help you with your log.

Please post another log from the renamed hijackthis.exe, I'll check back here when I receive a notification.

  

Is that the result of the renamed hijackthis??? It doesn't look like it sorry.

I wanted you to rename Hijackthis.exe into something.exe(anyname.exe as long as it doesn't bear the word "hijackthis"

It is because some nasty targets the word hijackthis and they are able to hide from the scan when they see "hijackthis.exe" in the running process.

OR:

You could download an already renamed hijackthis from here -->http://danborg.org/spy/hjt/alternativ.exe

and run a scan with that.

Some entries won't show up unless you scan with the renamed one.

---

Check out Tony Klein's article "How Did I Get Infected in the First Place?"
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I

  

Well done!
See how your log is also showing BHOs now? the 02 entries.
It's a vundo infection and mediatickets.
Vundofix sometimes doesn't get it so we'll use Avenger and ATF Cleaner.

 

 

1. Please download The Avenger by Swandog46 to your Desktop.
http://swandog46.geekstogo.com/avenger.zip

   *Click on Avenger.zip to open the file
   *Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

 

3. Now, start The Avenger program by clicking on its icon on your desktop.
    *Under "Script file to execute" choose "Input Script Manually".
    *Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    *Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    *Click Done
    *Now click on the Green Light to begin execution of the script
    *Answer "Yes" twice when prompted.

 

4. The Avenger will automatically do the following:
* It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.

* After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

 

 

 

Next:

Download and run ATF Cleaner by Atribune.
http://www.atribune.org/ccount/click.php?id=1
 
Reboot your computer into Safe Mode.
 
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

 

 

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

 

 

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

 

 

 

Next run hijackthis again and fix this entry below, it should say "file missing" at the end of the line.
O2 - BHO: (no name) - {230E6E77-FEE3-4314-B48F-83CF4E8630A5} - C:\WINDOWS\system32\sstqq.dll

 

Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log.

 

 

BTW, can you tell me about this program? did you install it yourself?

 

  

 

thanks! that's part of mediatickets, but since it's not appearing in your 016 entries, let's check your DPF folder and see if there is an .exe there.

 

Make a batchfile of the text inside the quote below and save it as "look.bat" save it to your desktop,
save as type "All Files"
doubleclick on the "look.bat" and post the result.

 

I'll check back this thread later today at lunchtime.

  

 

Volume in drive C has no label.
 Volume Serial Number is 504A-BA6F

 Directory of C:\WINDOWS\Downloaded Program Files

11/04/2006  05:10 PM           135,168 asinst.dll
03/04/2006  11:00 AM               537 asinst.inf
07/06/2005  02:55 PM               516 CTPID.inf
07/06/2005  02:54 PM            32,768 CTPID.ocx
23/06/2005  03:53 PM               523 CTSUEng.inf
22/06/2005  06:37 PM           225,280 CTSUEng.ocx
30/08/2006  10:37 AM                 0 files.txt
10/08/2006  04:06 PM               708 hcImpl.inf
10/08/2006  05:31 PM           380,928 Housecall_ActiveX.dll
03/06/2005  04:49 AM               752 jinstall-1_5_0_04.inf
02/08/2005  04:48 PM               495 LegitCheckControl.inf
30/06/2005  02:19 PM               227 MsnMessengerSetupDownloader.inf
13/08/2005  11:26 PM           113,664 MsnMessengerSetupDownloader.ocx
09/10/2003  10:32 AM               144 QTPlugin.inf
08/12/2003  01:58 PM             3,759 swflash.inf
26/05/2005  04:19 AM               291 wuweb.inf
              16 File(s)        895,760 bytes
               0 Dir(s)  31,853,912,064 bytes free

 

 

Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qyphbtch

*******************

Script file located at: \??\C:\axmbrptd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\sstqq.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\winopn32.dll deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstqq deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winopn32 deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Scan saved at 10:40:25 AM, on 30/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\RFA\r!!!ent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jai Crewdson\Desktop\bobsyoureuncle.exe.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [r!!!ent] "C:\Program Files\RFA\r!!!ent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124770295608
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

 

 

So how did i go?

 

 

Look.bat result is clean!

 

 

Avenger deleted the files and the relevant reg entries.

 

If you installed this program --> C:\Program Files\RFA\r!!!ent.exe

then things look okay, how is the pc going?

Can you still update your Ewido? scan again with Ewido.

 

---

Check out Tony Klein's article "How Did I Get Infected in the First Place?"
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I

  

No problem, glad to help.

Oh I see, thanks for the info.

  

 

Glad to know this thread has been useful to you, and hopefully to others as well.

---

* You can email me if I've replied to your thread and still waiting for follow up post. You may email me if you're desperately waiting for a reply.