I think I did it again

Discussion in 'adware, spyware & hijack cleaning' started by Blake, May 19, 2004.

Thread Status:
Not open for further replies.
  1. Blake

    Blake Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    5
    Location:
    Kansas
    Here is my hijack log...

    I keep getting a rads01.quadrogram something popping up on the Ad aware. I think I have everything gone and then... whamo.. they are back...


    o_O


    Logfile of HijackThis v1.97.7
    Scan saved at 8:51:59 AM, on 5/19/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\PROGRA~1\NavNT\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\NavNT\vptray.exe
    C:\documents and settings\my name\local settings\temp\GzA.exe
    C:\WINDOWS\System32\srsdx32.exe
    C:\WINDOWS\System32\srsdx32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\my name\My Documents\New Folder (2)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.micoks.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.6.1.1:80;gopher=10.6.1.1:80;http=10.6.1.1:80
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.micoks.net/"); (C:\Program Files\Netscape\Users\bpitt\prefs.js)
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [GzA] C:\documents and settings\my name\local settings\temp\GzA.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Atv0h.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [AutoLoadero02r1KPeLIPc] "C:\WINDOWS\System32\srsdx32.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [o7tX38S] srsdx32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Lavasoft Adwatch] C:\Program Files\Lavasoft Ad-aware\Ad-watch.exe /min
    O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapisv.exe
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://csiweb.webex.com/client/latest/webex/ieatgpc.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2D6F586F-72D4-4273-B136-9262C2ED8CFC}: NameServer = 10.6.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2D6F586F-72D4-4273-B136-9262C2ED8CFC}: NameServer = 10.6.1.1
     
    Last edited by a moderator: May 21, 2004
  2. Blake

    Blake Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    5
    Location:
    Kansas
    Snap..

    if you're out there. I emailed you a copy of this too.

    I know .. I know.. where do I get these things?


    its kind of like asking someone where they got that hickey... it just happens..

    ~L~ :rolleyes:
     
  3. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    My..my...Blake, what have you been doing? (no, don't answer that) :D

    Well you did pick up a few nasty things there. Ad-Aware should have been able to remove the rads01.quadrogram (adware) though. Are you sure you have Ad-Aware up-to-date? The most current Reference File is Build:01R306 19.05.2004, Date: 19.05.2004.

    The first thing we have to remove is the PeperTrojan.
    That's the O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Atv0h.exe line that is showing in your HijackThis log.

    To do that, please download the uninstaller tool to remove the pepertrojan: http://www.memorywatcher.com/uninst.exe (direct download link)
    Doubleclick the unist.exe file to run it, and say 'yes' to let it connect to the internet. You must remain online and allow the uninstaller to connect to the internet, otherwise it won't work.
    It may take a few minutes before it finishes. (reboot your computer if you are prompted to do so, otherwise continue on with the following instructions)

    Bring up the TaskManager (ctrl+alt+del keys) and find the follow files, right-click on them and choose End Process to stop them from running.
    srsdx32.exe
    GzA.exe


    I am not finding any information on the above 2 files, so they may be something new. If you do not recognize them either, then can you navigate to C:\WINDOWS\System32 folder and zip up a copy of the srsdx32.exe and also the GzA.exe in your C:\documents and settings\my name\local settings\temp folder, and submit the zipped copies by email to Pieter_Arntz for analysis. You can find his email addy in his Profile, Here (scroll down and look under Additional Information). Please include a brief message and a link back to this thread so he will be able to find it easily. Thank you kindly.

    Once you have emailed the requested files to Pieter, then go to Kaspersky and upload them for a scan. Follow the directions there for scanning individual files.

    In case the above files are hidden, make sure you have enable all files and folders to be viewable: How to Show Hidden Files and Folders

    Then open Hijackthis, rescan, and place a check in the box beside each of the following items.
    Make sure you have closed ALL other browsers/windows, and click *Fix checked

    (I don't remember these 3 from last time, but if you set them this way yourself, then do not fix them)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/


    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll

    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [GzA] C:\documents and settings\my name\local settings\temp\GzA.exe

    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Atv0h.exe

    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [AutoLoadero02r1KPeLIPc] "C:\WINDOWS\System32\srsdx32.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [o7tX38S] srsdx32.exe
    O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapisv.exe

    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

    Then boot your computer into safe mode by tapping the F8 key just before windows begins to load.

    Find and delete the following files and folders highlighed in bold:
    C:\Program Files\SysAI <--entire folder
    C:\Program Files\LiveUpdate <--entire folder
    C:\WINDOWS\System32\dp-him.exe <--file
    C:\WINDOWS\System32\wnsapisv.exe <--file
    C:\WINDOWS\System32\toolbar.dll <--file
    C:\documents and settings\my name\local settings\temp\GzA.exe <--file (it wouldn't hurt to empty the entire contents of your Temp folder which should be done periodically anyways)

    Reboot your computer normally, then post a new log here in this thread to be checked. Please include the scan results from Kaspersky on those two files.

    If you have any questions Blake, just ask.

    Regards,

    snap

    PS - you may want to print out the above instructions, I know how busy you can get.
     
  4. Blake

    Blake Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    5
    Location:
    Kansas
    I printed it out, and was able to accomplish the majority of the instructions, with the exception of the uninstaller tool. When I double click on the file to run it... it acts like its loading and then shuts down almost immediately.

    Other than that... if you wouldn't mind... could you take a peek at the file again and see where I'm at. (I know... I know.. someone's always having to fix a problem I created... but I've learned my lesson.. in the shortrun... and I'll try and be good.... for a little while)


    Logfile of HijackThis v1.97.7
    Scan saved at 1:29:42 PM, on 5/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\PROGRA~1\NavNT\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\NavNT\vptray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\Program Files\Netropa\OSD.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\Documents and Settings\Brad Pitt\My Documents\New Folder (2)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.micoks.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.6.1.1:80;gopher=10.6.1.1:80;http=10.6.1.1:80
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.micoks.net/"); (C:\Program Files\Netscape\Users\bpitt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Lavasoft Adwatch] C:\Program Files\Lavasoft Ad-aware\Ad-watch.exe /min
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://csiweb.webex.com/client/latest/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2D6F586F-72D4-4273-B136-9262C2ED8CFC}: NameServer = 10.6.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2D6F586F-72D4-4273-B136-9262C2ED8CFC}: NameServer = 10.6.1.1


    Thanks again for any help. You all are great.

    :ninja:

    B
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Uh-huh..... :D

    Well Mr. Pitt ;) Your log is clean and I do not see any signs of the pepertrojan files running, so hopefully the uninstaller was successful. It can look like it just opens for a few seconds and not do anything, then just close. Sometimes it will open and last longer but it depends on how many peper files are involved to be removed. If in a few days you want to do another scan with Hijackthis and just see if there is that O4 line there with that long 14-character .exe file. If there is, please come back. But hopefully it is gone for good.

    Were you able to email Pieter those files I requested?
    srsdx32.exe
    GzA.exe

    If they are something new then it helps everyone to have them analysed and submitted for detection.

    So as it looks right now, you are good to go Brad. ;)

    Regards,

    snap
     
  6. Blake

    Blake Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    5
    Location:
    Kansas
    :cool:

    ~laughing~

    I will.. try... to be good.

    anyway. I am checking with my onsite tech guy to see if those are from existing programs that are proprietary in nature to my company.

    if no.. then yes.. I will send on.. if yes.. then no.. I won't...

    and.. its good to touch base with you again...

    your ever faithful friend *puppy*

    Brad
     
  7. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    You can upload them for a scan at Kaspersky (link above in my earlier post), but I understand that they may be special programs.

    I would very much appreciate your submitting them if they do turn out to be something your tech doesn't recognize. Thank you muchly Brad.

    Please do remember to turn off System Restore and purge any backups that will have the bad files in once your are sure your system is clean. Then turn System Restore back on and set a new restore point.

    For XP: System Restore Instructions.

    Always good to touch bases with you too Brad. ;)

    Regards,

    snap
     
  8. Blake

    Blake Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    5
    Location:
    Kansas
    I should know by tomorrow...

    and seriously.. thanks again...

    sometimes I forget that I need to be a little more diligent in all this....

    you always help bring me back to earth when I stray too far...
     
Thread Status:
Not open for further replies.