Posts by jholland1964

Please download ComboFix by sUBs

* You must download it to and run it from your Desktop
* Physically disconnect from the internet.
* Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
* Double click combofix.exe & follow the prompts.
* When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
* Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Honestly Azzy I have no more solutions or options to offer. This has gone on for 8 days, and as far as I can see all accepted remedies have been tried. Unless somebody else can step in here with another suggestion the only one now I can give is reformat, and that is one I always try to avoid at all costs but I have no other suggestion. There are obviously some key system files which are damaged. If you can back up important items you want to save and by this I mean personal items...family pictures and documents...then I have to say reformat. I am truly sorry but I can't think of or find anything else to try.
Judy

If it did clean infections there will be a second log in the Logs tab. Go there and look for that and post it to be certain things were cleaned. If you don't find one then run the program again and be sure you HAVE checked to remove infections and then post that log.
We need to be certain.
Judy

Wasn't implying you were stupid Bob, I knew you were posting this as a warning, just wanted to add my "2 cents" to re-enforce what you said.
Sorry if that is what you thought I meant, I absolutely did not.
Judy

The reason all items I noted were not in the latest HJT log is because you uninstalled them, that is what is supposed to happen.
Now for memory and hard drive size;
You stated the RAM at 768...I am assuming this is 768MB, not very much.
You don't have enough RAM installed really for the computer to run quickly. Usually running out of virtual memory means that you are running to many programs at the same time for your system or one of them is attempting to use too much memory. I think that TOO many programs running at once and your small amount of RAM are the main reasons for your problems.

I would recommend that you purchase additional RAM which is not very expensive and easy to install. Go to Crucial and their page will do a scan of your computer and give recommendations for how much additional RAM you can install. Their prices are very reasonable.

The operating system tracks the programs running and how much memory is needed to run each one. Some take more than others. If you are working with photos, videos, music or a large word document that will take more memory than others so the operating system ends up taking from one running program and giving it to another. If you have too many running or too many large programs running then this will slow things down because the os will have to keep …

There is absolutely NO way Microsoft is going to send out personal emails to each and every user of Microsoft Windows OS (n August 2006 the total global usage share of Microsoft's Windows was 96.97 percent.) who have their computer set to receive notifications of updates, and especially from a hotmail address!
Delete it.

One reason for your memory problems is you have an excessive number of programs running at start up and therefore running all the time in the back ground.
All of these programs are auto starting and therefore running in the background consuming a huge amount of system resources. NONE of these need to auto start or run all the time. All can be started manually WHEN NEEDED.
AdaptecDirectCD
Microsoft Works Update Detection
MimBoot
QuickTime Task
MediaFace Integration
NBKeyScan
NeroFilterCheck
ISTray
SunJavaUpdateSched
My Web Search Bar
MyWebSearch Email Plugin
Corel Photo Downloader
MoneyAgent
BgMonitor_
Pando
Yahoo! Pager

You also show malware on the computer, mywebsearch is a known malware program.
You need to get this off the computer immediately. To do so do the following:
First, uninstall the My Web Search option from Add/Remove Programs

1) Click on Start, Settings, Control Panel

2) Double click on Add/Remove Programs

3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* …

Did you do a Repair install? I don't know why you would need to reactivate Windows unless you had.

Hi scorch20 and welcome to daniweb. I note that you said

Running Malwarebytes as well

Please follow the directions given below and please NOTE REMOVE SELECTED instructions

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT THE COMPUTER after you have run the program.
Then run a new HJT full system scan and save that log. Post back here with both logs and we can determine where to go from there.
Judy

no one is supposed to use it for internet access, however, i have teenagers helping me out and sure enough, i look at the history and they're been on it.

Then you should call them on it. Since this is a business machine this could very well damage your business. When you are going to other, NECESSARY sites for the business on an infected computer there is a possibility of spreading these infections to others. This would definitely damage your business because there is a chance others could trace these infections back to your machine.
One free program can offer some help to you, and I would never run a computer without it, that is SpywareBlaster. It is FREE, it DOES NOT run in the background but it DOES protect the computer against the following;
ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
All you need to do is download it, install it and update it and then enable all the protection. Update it at least weekly and then enable the new items on the update.

You also should set you Internet Explorer security settings higher, you will have to experiment with that to be certain that your business necessities are not blocked but that shouldn't take you long to figure out the proper higher setting. Also you need to Internet …

copy and paster the text from the log .
...04's listed are programs that run at start up ,given the amount of 04's you have in the log ,its no wounder you have a slow bootup problem

I agree 100% on both of caperjack's comments. WAY too many unnecessary programs running at Startup and therefore running ALL the time in the background.
I would advise that you follow these instructions first;
Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)
• You can put ATF-Cleaner on your Desktop for easy access.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* …

Thanks so much jsong. I am so happy I could help.
Judy

You should not be installing new programs while trying to clean the computer.
Update that MBA-M program and do a new scan and fix everything found and post the log.

Hi;
i am running windows firewall and antivirus (posting this from another computer) the only eset log i can post is 2 replys above, starts with "version=4". in the program files for eset, each time i run it it seems to overwrite the previous notepad log file. I can't use microsoft updates, they crash the teetime software, which is vital to me--software supplier specifically pointed out to turn off updates to avoid crashing the program. I did update the java.

Do you mean you are using Windows Live OneCare?
Honestly, I am a bit confused here. Turning off Windows Auto update is ok, but that doesn't mean you shouldn't update, it should be done manually which is very easy to do. Many people do this. If you are not doing ANY Microsoft Updates then this would mean that the Windows Live OneCare, if that is what you are using, is not up to date either I would think, so your antivirus protection is out of date and therefore you would not be protected against new viruses that turn up nearly every day. One key to each and every security program is keeping it updated if you don't do that then why even have it on the computer?
I have no clue was to what this TeeTime software is you are talking about but really have never heard of being told NOT to do the Microsoft Updates. In fact I have not heard of a program which prohibits …

Hi Dragewood and welcome to daniweb.
Sorry for the delay in a reply.
Run the ESET scanner again and this time allow it to fix everything found.
Then UPDATE Malwarebytes' Anti-Malware, the version you used for the scan was out of date. Todays version is version 1253. You should ALWAYS update MBA-M before each scan as this program has updates very often, sometimes more than once a day, and scan again, and have it fix everything found. Save the log.
Then after doing both of the above reboot. Run a new HJT scan and post back here with all three logs.
Judy

Sorry, but not certain the computer is clean. There was so much time between MBA-M scans and the last posting of HJT there are some items remaining in the HJT log that I just don't feel should be there. To be safe, can you UPDATE MBA-M and then run it again and also have it REMOVE everything found.
Reboot the computer and immediately run a new HJT scan and save the log.
Post back here with both new logs.
Judy

Didn't work....and now windows keeps telling me to activate it, and when i try online it says it can't connect????

But back to the original problem that step didn't work next one

Activate what? When you try what online?

Logs look clean to me. Does the computer appear to be running normally and smoothly?

I STILL don't see an active anti-virus program or a firewall on the computer. Where is the ESET log?

Download http://www.malwarebytes.org/libraries/COMCTL32.OCX
Copy it into your system folder:

C:\Windows\System32

Register it by going to Start | Run then copy and paste the following line:

regsvr32 \windows\system32\comctl32.ocx

You should get a dialog saying library registered.

That should fix that error and you should be able to scan and see if it finds anything.

Ok, then try this;
Start, Run, Msconfig. On that General Tab place a tick in Diagnostic Start Up, Click Apply.
Then try again to see if you can boot all the way into Safe Mode.
It this works then go back in and place that tick back into Selective Start Up, Click Apply and then reboot to normal mode and come back and report what happened.
This could be a trial and error process here but if this first step works then I will have another step, I just don't want to try too much before "weeding" out something.
Judy

Run HJT again. Place check marks next to the following;
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

After you have placed the check marks then click the Fix Checked button.
Exit HJT and reboot the computer
Run HJT again and post the log.

What firewall I installed I never installed a firewall...

:icon_redface:
Sorry about that must have been thinking of another thread, I apologize.
Try this, it worked on another computer I worked with earlier at another forum hopefully it will work for you.
Go to Start, Run, msconfig, Startup Tab. Take the check marks out of EVERYTHING there except your anti-virus program. Then shut down the computer, don't just reboot, turn it off completely.
Then reboot, you will get a message saying you are using a Selective Start up, this is ok DON'T tell it to re-enable anything.
Now try to download and run SDFix
SDFix Instructions:

1. Please print these instructions as they will be needed later when Internet access is not available.
2. Logon to your computer with an account that has Administrator privileges.
3. Download SDFix.exe from the following link and save it to your desktop:

SDFix Download Link

Confirm that the file SDFix.exe now resides on your desktop.

1. Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
2. A window will open asking where you would like to install SDFix to.

Do not change anything and press the Install button. This will install the program into the default location of C:\SDFix. At this point, you should not run …

Make sure you are connected to the internet and your firewall is set to allow Malwarebytes' Anti-Malware to access the internet

Your firewall that you installed is blocking MBA-M, turn it off and try again.

Hi jamavan, you need to begin your own thread. This thread is solved.
Begin your own, post any logs you may have especially the HJT BEFORE you did fixes with it and do one AFTER you did fixes.
You really shouldn't do fixes with HJT unless directed to do so.
Note ALL problems you have been having in your new thread and include the logs.
Judy

Hi 73firebird,

AHEM....I do not see an active antivirus program running on the machine, where is it?
Also, your Java program is woefully way out of date. Current version is version 6 update 7.

You need to first UPDATE MBA-M and then run the MBA-M scan again and have it REMOVE everything found.
Reboot the computer and run the ESET Scanner again and have it fix or remove everything found.
Reboot the computer.
Then run a new HJT scan and post back here with all three logs.
Judy

Hi deepesh911 welcome to daniweb. Sorry it took so long to get a reply, remember we are all volunteers here and there aren't many of us. We can only work on so much at any given time.
The best place to begin is to try to run these programs;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

9 – Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at …

Now update and run MBA-M again and reboot.
Then run a new HJT scan and post both logs here.

Do this Azzy77. Use HiJackThis to generate a Startup list.
Go into the Config option when you start HijackThis
then click on the Misc Tools button at the top.
You will then click on the button labeled "Generate StartupList Log"
Once you click that button, the program will automatically open up a notepad filled with the Startup items from your computer. Copy and paste these entries into a message and submit it here

You are running BitTorrent DNA which is a file sharing program.
You must turn this off and all other P2P programs and NOT use them for the entire duration of this cleaning procedure. Otherwise no help will be offered.
Download Smitfraudfix to the desktop.
* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Double-click SmitfraudFix.exe
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. Go ahead and allow the system to reboot. The report can be found at the root of the system drive, usually at C:\rapport.txt
Please post that log here, just copy/paste do not attach.
Judy

Just try right clicking on the combofix icon and choose Delete.

Then UPDATE MBA-M.
Shut down the computer.
Reboot to Safe Mode and run MBA-M and have it remove everything found.
Reboot to normal mode.
Run HJT again.
Post back with both logs.

I take it vundofix must be run from windows, if this is the case will I be able to access the disc in safe mode (pressuming I can get it to boot into safe mode)?

The only answer I can give you is maybe.
Try disconnecting the compute from the internet first and see if you can boot to safe mode and use the cd

One thing you need to do for now is turn off the following;
Spy Sweeper
SUPERAntiSpyware
System Mechanic
While they are good programs they CAN block fixes which may need to be done. So turn them off for now until we get things cleared up.
Next, your Malwarebytes' program is running an out of date database, current one is 1240 and yours shows 1223. You should always update MBA-M BEFORE scanning with it as it updates very frequently, sometimes more than twice a day.
Next, you are running HJT from a temp folder. You need to create a new folder on the desktop or in "C" drive or Programs and name it HiJackThis and then move the program there. The reason for this is that HijackThis WILL make backups of fixed entries in case they would need to be restored but it will not do this from a TEMP file.

Turn off all those programs I noted, then UPDATE MBA-M. Then turn off the computer.
Unplug the computer from the internet. Reboot the computer and run another FULL System scan with MBA-M. Have it REMOVE everything found.
Then run a new HJT scan and save the log.
Shut down, reconnect the internet cable to the computer. Reboot and come back here and post those new logs.
Judy

I didn't ask for an uninstall list we need to see full HJT log. Please do not attach logs please copy/paste them.

You still have to run the steps, because if her sign in showed an infection then you need to run the steps again.

Almost sounds as if the computer is dead. Are there any lights showing on the back of the computer? Do you hear any beeps when attempting to boot up? Are you absolutely certain the monitor is working?
Can you get to the BIOS if you can do that you can change the boot order so that it will boot first to the CD.
There are various keys to use to access the BIOS depending on the BIOS supplier or Computer manufacturer
If you don't know this here is a page with some listed
http://www.compu-help.us/BIOS_access.htm

Hi lt31 and welcome to daniweb.
As long as you have access to another computer, and of course you do, you can download the necessary tools to YOUR computer and then put them on a disk and take them to his.
Now I have to ask, how do you know for sure that this is the infection that is on the computer? Did he learn this by doing a scan or are you just going by symptoms showing?
You say he cannot load even in Safe Mode. How is he trying to do this?
You would download the tool below, save it to a disk and then run it on the affected computer but if it doesn't boot at all I am not certain that can be accomplished either.
The tool to remove this is VundoFix
# double-click VundoFix.exe to run it.

# Click the Scan for Vundo button.

# Once it's done scanning, click the Remove Vundo button.

# You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo.

# When completed, it will prompt that it will shutdown your computer, click the OK button.

# When the computer has shutdown, turn your computer back on.

Totally agree Crunchie. Didn't reply here as I figured that obviously this was a lost cause. Obviously people never learn.
Judy

Things ARE looking somewhat better but I don't like it that even with removal MBA-M continues to find these entries.
Let's try the UNINSTALL that combofix that you have on there now.
Do it this way.
Click START then RUN
Now type Combofix /u in the run box and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"
Reboot the computer.

Once you have uninstalled it then try downloading from HERE
If you can't get it on your own computer try to download on another and bring it to yours. BUT don't do that if you cannot get it to Uninstall.
Then try running it.

If you can't download it to your computer do you have another computer where you could access the file, save it and take it to your computer? This will work well also.
If you get it to run post the log, it WILL take awhile to start and finish, just give it time.
If it doesn't run, then Update MBA-M and run it again and let it fix everything found and post that log.
Judy

Hi furyboy38109,
As you can see by your MBA-M log there were 44 infected items on the computer that you were positive was clean.
I still have not seen a HiJackThis log. This must also be posted to see what else may remain. There is NO guarantee that this was the only infection on the computer. We have no idea what your anti-virus program is, what other security items you have running OR even how they are running unless we FIRST see this HiJackThis log.
The fix I noted for you is the current and most up to date recommendation for removal of this infection. It is noted on NUMEROUS reputable and legitimate websites dealing with malware removal. You WILL find other not so reputable removal instructions on other websites. There is NO mention anywhere of registry editing to remove this on these reputable sites, so I hope you have not continued on to that path without first knowing what else may be on the computer.
If your C-drive is still inaccessable or your "run" option still does not appear in your start menu then there are ways this can also be fixed usually without walking through the registry and making changes.
If you will note the FakeAlert items were all found in the System Restore, meaning yes,some were removed earlier BUT what remained were some key files Vundo trojan which was removed with this run of MBA-M. Now either these were either NOT there …

Looks good but that Spybot TeaTimer is running. Believe me, it is more trouble than it is worth. Disable that from running automatically at start up by opening the program.
Choose Mode, Advanced. Then you should click Tools at the bottom. When Tools opens you will see a row of buttons on the left. Click Resident. When Resident opens take the check mark OUT of TeaTimer.
Click ok and close the program.

SpywareBlaster will do a much better protection job and it does NOT run in the background. Download, install and update. Then enable all protection including the Restricted sites portion.
Manually update it once a week and enable all the new protection.
If you feel all is corrected and the computer is running well then click the Solved button.
Judy

Hi halsey and welcome to daniweb.
We can't offer any solutions or new steps until we see some logs. Please post the MBA-M log and also a HiJackThis log and we then can offer suggestions.
Judy

Then you do need to run the steps again. Make sure this then covers ALL users.

Extra Information.
Please add this entry to the list of fixes to be done with HJT.
Be sure to print out all those instructions as you will not have internet for some of these fixes.

Whether you know it or not things ARE being accomplished here.
Couple things you need to do FIRST. Update the MBA-M program. Don't do anything else with it right now.
Shut down the computer after that.
DISCONNECT THE INTERNET CABLE FROM THE COMPUTER this way there will be no possible way the trojan can get access to the internet.

Reboot the computer.

Go to Start, Control Panel, Administrative Tools. Services.
When that y opens you will see items which can be run as auto starts via Services. The list is alphabetical. Scroll through that list and look for the following two items;
LJJWTA - Sysinternals
LiveUpdate - Symantec Corporation
Highlight them one at a time. Double Click. When the box opens first of all Stop the Service. You should see a button towards the bottom which says Stop. Click that button to stop the service. Then in the middle you will see a section which says Start Up Type. Click the little arrow there and change it to DISABLED. CLick Ok and exit out after you have done this to both of those items noted above. Now if the Stop button is greyed out just click the Start Up type button there and choose disabled and ok and then exit.

Shut down and reboot again.
Leave the internet cable DISCONNECTED.

Then run MBA-M again.
Then allow it to FIX or REMOVE everything found.

Reboot the computer …

Then you will have to be certain that the above steps are run on ALL accounts on the computer.

furyboy38109, I promise you this infection is not gone from your computer. As long as that Virus Alert is sitting there that means the infection is still there.
What you have IS the Antivirus 2009 infection.
The recommended solution is to do as I have stated in my original post to you above in Post #2.
You need to run those steps before doing anything else.
Once you do those steps THEN is when to try anything else but generally this Virus Alert notification will also be gone. This has been removed on several threads here in this forum using the steps I outlined above.
Judy
P.S. Once you have run those steps then post back with the MBA-M log and also a HJT log. If you had this infection there is a good possibility that you have others. By seeing a HJT log we may be able to give you the finishing clean up.

Hi furyboy38109 and welcome to daniweb.
If that Virus Alert is still on the taskbar then this means that the infection is NOT removed.
How did you determine that the infection was Win.Worm.32 netnooster?
It appears that you are probably infected with Antivirus 2009, which is NOT a legitimate antivirus program but is a new rogue anti-spyware program from the same family as Antivirus 2008 and Doctor Antivirus . Antivirus 2009 is installed and advertised through the use of misleading web sites that attempt to make you think your computer is infected with a variety of malware. Once installed, Antivirus 2009 will scan your computer and list a variety of fake infections that can't be removed unless you first purchase the software. These infections are fake, though, and only being shown to scare you into purchasing the software.

Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the …

Are you saying that Trojanhunter says there is a trojan in combofix?
I may be wrong but I thought that the trial version of Trojanhunter was supposed to be fully working, meaning it would remove without payment. I have not used this in quite awhile but it used to be that the trial version was a fully working one for 30 days.
Try running MBA-M again. Update it first and fix everything found.

Hi DaGibson and welcome to daniweb.
We need a bit more information than just Hijacked. What is happening exactly? What steps have you taken thus far? Have you followed all the steps given HERE?
If not then please do so, with the exception of the DSS scanner as it is no longer available.
When you have completed the steps then do another scan with HJT and post back with all the requested logs. NOTE* If instructions say to have a program clean or remove then please do so.
Judy