Explorer.EXE

Unknown

What is this ? I have a lower case explorer.exe file from my dads computer
and compared the two , same bytes , same version but mine will comes up different in process viewers. explorer.exe - Explorer.EXE tried scanning it nothing comes up, looks fishy though should I be worried about this one ?

Baabiouz

Hi vtowntommy!

C:\WINDOWS\explorer.exe is Ok.

If it founds example in C:\Windows\system32\explorer.exe it could be virus.

So, where you found this explorer.exe?

vtowntommy

the files in C:\windows, i killed the shell and dropped the clean version on top and restarted explorer using the run, in task manger, then looked in a roothook probe and saw it connected to virclisd.exe found them in 3 spots in compressed folders, I renamed them searched all over for more found no more. but the file Explorer.EXE is still coming from somewhere over-writing the other explorer.exe . Ive found no reference online to this exact spelling of whatever Explorer.EXE is. Also I ran a fingerprint program and it caught the signal that that it's running a com object, then it terminated like totaly shut down the probe . Only saw the message for a couple seconds, wouldnt show up again.

Baabiouz

Hi!

please, scan virclisd.exe in www.virustotal.com.

And please post virustotal's results back here

vtowntommy

nothing found on both files, , been reading about rootkits, says antivirus cant see them, I think a files masquerating theres no file called Explorer.EXE visible on my system. If i take the explorer from the windows folder the shell keeps running shouldn't i get a file protection error ?

Baabiouz

hmm...
It would be best to take a hijackthis log.

Download HJTInstall.exe to your Desktop.

• Doubleclick HJTInstall.exe to install it.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Save the log to a convenient location as you'll need to post it soon.
• Don't use the Analyse This button, its findings are dangerous if misinterpreted.
• Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please, post hijackthis log back here

vtowntommy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:35 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Customer\Desktop\HiJackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

--
End of file - 1481 bytes

Baabiouz

Hi!

Log is ok.
Do you have Firewall and Antivirus?
____________________

Please download Deckard's System Scanner to your Desktop


* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

Please post Main.txt and Extra.txt

vtowntommy

ok heres the logs, yes I'm routed and firewalled now,

Deckard's System Scanner v20071014.68
Run by Customer on 2007-11-11 22:59:37
Computer is in Normal Mode.

---

-- System Restore

---

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis Clone

---

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-11 23:00:52
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Customer\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Iomega Activity Disk2 - Unknown owner - C:\WINDOWS\system32
O23 - Service: Iomega App Services - Unknown owner - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe


--
End of file - 2402 bytes

-- File Associations

---

.vbs - unable to read key
.vbs - unable to read key
.vbs - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft(R) Windows NT(R) Operating System>
3 LVUSBSta (Logitech USB Monitor Filter) - system32\drivers\lvusbsta.sys (file missing)
3 pepifilter (Volume Adapter) - system32\drivers\lv302af.sys (file missing)
3 PID_08A0 (Labtec WebCam(PID_08A0)) - system32\drivers\lv302av.sys (file missing)
2 SBKUPNT - c:\windows\system32\drivers\sbkupnt.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
4 Iomega Activity Disk2 - c:\windows\system32
4 Iomega App Services - c:\progra~1\iomega\system32\appservices.exe (file missing)
3 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
3 UMWdf (Windows User Mode Driver Framework) - c:\windows\system32\wdfmgr.exe (file missing)


-- Device Manager: Disabled

---

Unable to create WMI object.

-- Files created between 2007-10-11 and 2007-11-11

---

2007-11-11 11:17:47 0 dr-h

---

C:\Documents and Settings\Customer\Recent
2007-11-10 02:39:03 1033216 --a

---

C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-07 21:18:02 0 d--h

---

C:\WINDOWS\$hf_mig$
2007-11-07 21:09:56 0 d

---

C:\WINDOWS\system32\SoftwareDistribution
2007-11-07 18:05:19 0 d

---

C:\Program Files\InfoProcess
2007-11-07 17:39:25 0 d

---

C:\Documents and Settings\Customer\Application Data\WinRAR
2007-11-06 20:15:15 0 dr-h

---

C:\Documents and Settings\LocalService\Recent
2007-11-06 19:17:28 0 d

---

C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-06 19:17:05 11264 --a

---

C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-11-06 19:16:23 0 d

---

C:\WINDOWS\system32\ZoneLabs
2007-11-06 19:09:03 0 d

---

C:\WINDOWS\Internet Logs
2007-10-31 20:59:26 0 d

---

C:\WINDOWS\Replay Media Catcher
2007-10-31 20:59:16 0 d

---

C:\Program Files\Replay Media Catcher
2007-10-31 20:42:04 0 d

---

C:\Documents and Settings\Customer\dwhelper
2007-10-31 19:03:16 0 d

---

C:\WINDOWS\SxsCaPendDel
2007-10-30 21:42:24 0 d

---

C:\Program Files\Orbitdownloader
2007-10-25 17:40:49 0 d

---

C:\Documents and Settings\Customer\Application Data\Opera
2007-10-25 17:26:36 0 d

---

C:\Program Files\Opera
2007-10-24 21:48:12 0 d

---

C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-16 23:45:38 0 d

---

C:\Downloads
2007-10-16 23:45:33 0 d

---

C:\Documents and Settings\Customer\Application Data\Orbit
2007-10-16 23:33:24 0 d

---

C:\Documents and Settings\Customer\Application Data\Help


-- Find3M Report

---

2007-11-06 19:21:26 4212 ---h

---

C:\WINDOWS\system32\zllictbl.dat
2007-10-06 08:58:18 0 d

---

C:\Documents and Settings\Customer\Application Data\ImgBurn
2007-10-06 08:19:36 0 d

---

C:\Program Files\ImgBurn


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=&quot;Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon]
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup]
C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Documents and Settings\Customer\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"C:\Program Files\Shareaza\Shareaza.exe" -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2007-11-11 23:01:37

---

extra log

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 42%
Physical Memory (total/avail): 255.4 MiB / 147.9 MiB
Pagefile Memory (total/avail): 619.73 MiB / 548.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938 MiB

A: is Removable (FAT)
C: is Fixed (FAT32) - 7.79 GiB total, 5.53 GiB free.
D: is Fixed (NTFS) - 0.49 GiB total, 0.49 GiB free.


-- Security Center

---

AUOptions is disabled.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Customer\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OMEGA-QNFRLWNW6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Customer
LOGONSERVER=\\OMEGA-QNFRLWNW6
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Nmap
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Customer\LOCALS~1\Temp
TMP=C:\DOCUME~1\Customer\LOCALS~1\Temp
USERDOMAIN=OMEGA-QNFRLWNW6
USERNAME=Customer
USERPROFILE=C:\Documents and Settings\Customer
windir=C:\WINDOWS


-- User Profiles

---

Customer (admin)
Administrator (admin)


-- Add/Remove Programs

---

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
CompuApps SwissKnife V3 --> C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Flash Movie Player 1.5 --> C:\Program Files\Flash Movie Player\uninst.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Customer\Desktop\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Opera 9.24 --> MsiExec.exe /X{16913489-B5E3-403E-AFD3-2B19BBE464D4}
Orbit Downloader --> "C:\Program Files\Orbitdownloader\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Replay Media Catcher --> "C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"


-- Application Event Log

---

No Errors/Warnings found.


-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2007-11-11 23:01:37

---

Baabiouz

Hi!

All logs are clean!

Log looks clean...great job!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.
   
   You can find instructions on how to enable and reenable system restore here:
   
   Managing Windows Millenium System Restore
   
   or
   
   Windows XP System Restore Guide
   
   Renable system restore with instructions from tutorial above
   
   
2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources
   
   
4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
   
   For a tutorial on Firewalls and a listing of some available ones see the link below:
   
   Understanding and Using Firewalls
   
   
6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
   
   A tutorial on installing & using this product can be found here:
   
   Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
   
   
8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
   
   A tutorial on installing & using this product can be found here:
   
   Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
   
   
9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
   
   A tutorial on installing & using this product can be found here:
   
   Using SpywareBlaster to protect your computer from Spyware and Malware
   
   
10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.