Win32: Goldun-BZ trojan +Win32: Adware-gen

Scanned with Ewido and got rid of what is listed in the attached report. Then scanned with Bit Defender and it didn’t find anything.



Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:39:36 AM, on 8/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM..\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe”
O4 - HKLM..\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam10\QuickCam10.exe” /hide
O4 - HKLM..\Run: [LVCOMSX] “C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe”
O4 - HKLM..\Run: [LogitechSetup] E:\Setup\Setup.exe /restart /l:enu
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [BitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU..\RunOnce: [FFTI] C:\Documents and Settings\Lorna\Application Data\Mozilla\Firefox\Profiles\li5lgnoc.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=“C:\Documents and Settings\Lorna\Application Data\Mozilla\Firefox\Profiles/li5lgnoc.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}”
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://mirs.peoplepc.com/?offername=PeoplePC Online Accelerated&userName=irulenifleheim&firstName=Lorna&qs=NAIMPNDNPMOHKBHBGMINDLONHHPJEDLMMFGFLBABAMPICPFDKAHJNCCPHAICOCJDMPMOHGPKEDNJPCEEJKGOOKAMKELPKDBBEMBLPAIEDCLLIDELEMJHNLCHNODCJLDF|FCEKNKBDDGNMCNOPADEEAAG
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114375882703
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://www.platoweb01.com/pathways/pway_iis.dll/pwln/02040611/fullcab/pwlninst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe


End of file - 8989 bytes



Some of the things listed there are interesting like Photoshop, MSN Messenger, Norton Internet Security, AIM Toolbar, PeoplePC Online ( :-)and Bit Torrent. All of which I got rid of a long time ago and do not want. I know it’s unrelated but :stuck_out_tongue:

that bit-defender did NOT find anything is really good news
I could not read your first EWIDO log
did it find anything besides cookies?
did it safely quarantine or deal with anything it did find?
was there anything that it found it could not deal with?

Perhaps Polonus can look at your HJT

I’ll be out for a couple of hours

those files were baddies and if they are gone - something got them - good
do you have the paths to any IST files left- if any

Follow these directions to download the Norton Removal Tool and run it to remove the above programs.

  1. Click on the following link to download the Norton removal tool

    ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

  2. Click Save and save the file to your desktop

  3. Close all Norton Application windows you may have open, and double-click on Norton_Removal_Tool.exe to start the removal tool. Windows Vista users will have to right-click on the file and select “Run as Administrator”

  4. After the removal tool finishes, you should be prompted to restart your computer.

  5. Once the computer restarts, your Norton product should be uninstalled.

Extra Optional Steps

  1. Open My Computer, double-click on Drive C
  2. Double-click on Program Files
  3. Look for any Norton or Symatec product folders that remain. Right-click on them and choose Delete. Also look in the Program Files\Common Files for the Symantec Shared folder and delete it
  4. Close My Computer and other folders

Hi nunchuck,

Your hjt analysis showed the following:
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.
We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.

You could fix the following items:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O4 - HKCU..\RunOnce: [FFTI] C:\Documents and Settings\Lorna\Application Data\Mozilla\Firefox\Profiles\li5lgnoc.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT
/SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Lorna\Application
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
If the following is not there ebcause of your provider fix as well:
O14 - IERESET.INF: START_PAGE_URL=http://mirs.peoplepc.com/?offername=PeoplePC Online Accelerated&userName=irulenifleheim&firstName=Lorna&qs=NAIMPNDNPMOHKBHBGMINDLONHHPJEDLMMFGFLBABAMPICPFDKAHJNCCPHAICOCJDMPMOHGPKEDNJPCEEJKGOOKAMKELPKDBBEMBLPAIEDCLLIDELEMJHNLCHNODCJLDF|FCEKNKBDDGNMCNOPADEEAAG

And check if you are familiar with these entries, if not fix:
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://www.platoweb01.com/pathways
/pway_iis.dll/pwln/02040611/fullcab/pwlninst.cab

Now after you have seen into that, I’d like you to download silent runners from here:
http://silentrunners.org/Silent%20Runners.vbs
Let it fully run out on your computer, and post the results.txt as an attachment to your next posting

polonus

that bit-defender did NOT find anything is really good news I could not read your first EWIDO log did it find anything besides cookies? did it safely quarantine or deal with anything it did find? was there anything that it found it could not deal with
There were two others aside from the cookies: Name: Adware.WhyPPC Path: HKU\S-1-5-21-1123561945-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} Risk: Medium

Name: Downloader.IstBar.ja
Path: C:\data
Risk: High

I did a quick scan on my computer with MWB and SAS. The former found my system to be clean, whereas the latter still picked up the cookies. I just had them quarantined and removed just now.

Your hjt analysis showed the following: A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack. We didn't detect any active process of a firewall on your system. Reasons maybe: (1.) You are using the windows firewall or a hardware firewall. (2.) You are using a firewall of an unknown vendor. (3.) You are using a firewall, but for unknown reasons it is disabled (4.) You don't use any firewall at all. We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.

And check if you are familiar with these entries, if not fix:
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://www.platoweb01.com/pathways
/pway_iis.dll/pwln/02040611/fullcab/pwlninst.cab


I have the windows firewall. Anyway, I will get to installing the service pack now. Does that mean I can get rid of the older updates for SP2?

Also, I am familiar with those items but they have no need to be on my computer anymore thus I had them taken care of.

let’s ask poponus about
Downloader.IstBar.ja
when he looks at your startup log
this is not a new baddie so I am surprised that most do not detect
perhaps it was packed with something that only BD unpacks
A-Squared anti trojan detected years ago
I would think that BD nuked it if asked

here is a write up on the people pal toolbar that I hope BD nuked
I did a google on
A8FB8EB3-183B-4598-924D-86F0E5E37085
www.castlecops.com/tk1272-PPCToolbar_dll_PPCToolbar_dll_digit.html
castle cops is a very reputable site

Hi nunchuck and wyrmrider,

The info on this new baddie: http://spyware.processlibrary.com/details/SpyName/Trojan-Downloader.IstBar.ja/
Also you can distill the manual removal instructions from the aforementioned link, make sure you print the removal instructions out, so you can meticulously tackle these one by one,
SAS came with a complete new program just a minute ago, download it and scan
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

polonus

The info on this new baddie: http://spyware.processlibrary.com/details/SpyName/Trojan-Downloader.IstBar.ja/ Also you can distill the manual removal instructions from the aforementioned link, make sure you print the removal instructions out, so you can meticulously tackle these one by one, SAS came with a complete new program just a minute ago, download it and scan http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

I just scanned and the Downloader.IstBar.ja is gone. However, I still am encountering “adware tracking cookies” each time.

CCleaner safely removes older un-needed Service Pack files:
http://www.ccleaner.com/download/builds <== select Slim for no Toolbar installation

Then install a HOSTS file to prevent “adware tracking cookies” from infesting the system.

HOSTS files I use:
http://www.mvps.org/winhelp2002/hosts.htm
http://hosts-file.net/?s=Download

Managed with HostsMan and I use its HostsServer proxy to speed up browsing:
http://www.abelhadigital.com

you just scanned with what?
anyway if you go to the uniblue website and in the middle of the page click on
files modified
and
registry entries
check em out and make sure they are gone

do not run uniblue tool unless asked

I’m going to try the new version of SAS
I suggest you do the same

tracking cookies will reappear unless you lock down your browser to minimise
I block third party tracking cookies

I can’t see this whole thread but
secunia software inspector needs to be done sometime
and the HOSTS file suggestion by YoKenny is a real winner

Polonus may want you to post a HJT- we’ll deal with that later

We need to talk prevention now that the firefighting is under control

Then install a HOSTS file to prevent "adware tracking cookies" from infesting the system.

HOSTS files I use:
http://www.mvps.org/winhelp2002/hosts.htm
http://hosts-file.net/?s=Download

Managed with HostsMan and I use its HostsServer proxy to speed up browsing:
http://www.abelhadigital.com


I downloaded from http://www.mvps.org/winhelp2002/hosts.htm. However, I am not quite sure I know how this program works. If you could explain it to me. Do I actually do anything with it? Like, run it or something? Otherwise, could you instruct me on how to take it off because the instructions on how to do so are over my head. Sorry.

you just scanned with what? anyway if you go to the uniblue website and in the middle of the page click on files modified and registry entries check em out and make sure they are gone

do not run uniblue tool unless asked

I’m going to try the new version of SAS
I suggest you do the same

*tracking cookies will reappear unless you lock down your browser to minimise
I block third party tracking cookies

I can’t see this whole thread but
secunia software inspector needs to be done sometime
and the HOSTS file suggestion by YoKenny is a real winner

Polonus may want you to post a HJT- we’ll deal with that later

We need to talk prevention now that the firefighting is under control


Sorry for not being specific; I scanned with the new SAS. I just got done with updating the programs listed from Secunia. Also, earlier I posted a HJT which was taken care of. :slight_smile:

Tracking cookies are a waste of time and effort even bothering with (I disable this option in the SAS Preferences), they aren’t a security issue, but if anything a minor privacy issue. Many sites place cookies and most would be classed as tracking as they retain details about your activity (on the site that set the cookie). The don’t gather information on other sites you visit and other sites can’t access the cookies of other sites.

I never allow third party cookies, ones set by other than the site you are visiting, but you may find it difficult browsing some sites if you block cookies completely. Firefox and other browsers should allow for the blocking of third party cookies. You should however, periodically clear out your browser cache (temp internet files), internet history and cookies, etc.

After you have downloaded the zip file to a Download Folder not your Desktop as this will clutter up you Desktop with un-needed files then go to the un-zipped Folder and run the mvps.bat file to add the HOSTS file in the correct place.

Tracking cookies are a waste of time and effort even bothering with (I disable this option in the SAS Preferences), they aren't a security issue, but if anything a minor privacy issue. Many sites place cookies and most would be classed as tracking as they retain details about your activity (on the site that set the cookie). The don't gather information on other sites you visit and other sites can't access the cookies of other sites.

I never allow third party cookies, ones set by other than the site you are visiting, but you may find it difficult browsing some sites if you block cookies completely. Firefox and other browsers should allow for the blocking of third party cookies. You should however, periodically clear out your browser cache (temp internet files), internet history and cookies, etc.

Alright, thanks. That is helpful. I’ll keep that in mind :slight_smile:

Alright, that all done. Thanks. Though how might I get rid of it if I do not want it anymore?

Alright, that all done. Thanks. Though how might I get rid of it if I do not want it anymore?
You are welcome.

After you use it for a while I hope that you realize that not only does the HOSTS file prevent tracking cookies but if you use the ones I recommend then they prevent your system from getting infected with malware that some of the entries prevent you getting to.

I have actually begun to notice that browsing around. Yeah, I think this is too handy to just get rid of. Thank you so much :slight_smile:

Polonus
was the attachment in post 23 the silent runners you asked for
anything there?