# Solved: Kaspersky's "avp.exe" Causing Problems



## Warlord Jimmy

Hey 

For a few days now I've been having problems with the kaspersky process "avp.exe" - which has been (according to taskmanger) taking up between 45 and 55% of my CPU.



















According to a google search the process "avp.exe is a process belonging to Kaspersky Internet Security Suite" but is also "a process which is registered as a trojan". Kaspersky itself has not picked this up as a threat however (hence my deliberating over whether this thread should go in "Security & HJT" or "Software")

Another thing which I have noticed is that I seem to have mutiple instances of "CLI.exe" processes running (ATi Catalyst stuff I think) but these are only taking up between 5 and 10% of the CPU. - This may be a separate problem.

Also interesting is that even though Task Manager tells me that my CPU is running at 90%+, I cannot here anything working hard inside the computer, the Hard Drives are running quietly, and generally the computer still runs smoothly...

Any help would be greatly appreciated,

Jimmy.

_Intel Core 2 CPU 6400 @ 2.13GHz, 2.00GB of RAM, ATi X1600_

UPDATE: Occasionally there are two instances of avp.exe running, this concerns me. If I close down Kaspersy then my CPU goes back down to running low. But goes back up again as soon as I start it up.

I think this thread should be moved into the "Security" section as I suspect that I have a trojan.


----------



## Warlord Jimmy

UPDATE:

I have tried reparing the program through "add/remove programs", this did not make any difference.

I then tried uninstalling the software completely and then re-installing it. However now Kaspersky does not seem to run on start-up (it does not appear in the system tray on the start bar). Although the process "avp.exe" is still listed in taskmanager and is still taking between 45 and 55% of my CPU.

Then if I proceed to start up Kaspersky manually a further two instances of "avp.exe" appear in task manager, one lsited as SYSTEM process and the other as the user.

Does anyone have ANY idea what's going on here? Any suggestions will be grealty appreciated. Thanks for your time


----------



## ketsueki13

It's normal to have 2 avp.exe processes. And there has been a problem of cli.exe cloning itself in the past.
If you're really worried about this though, feel free to post a HJT log and we can get you some help.
Also, there's this, too.


> Q10: Why does the ATI Catalyst™ Control Center require 3 "CLI.exe" files as well a "Preview.exe" file?
> A10: The ATI Catalyst™ Control Center has been separated into different components (a unique instance of CLI.exe per component) because it allows us to tune the characteristics of the process instance to the type of component. One component is called the "Runtime", which acts as a server to all of the other client components. The two other client components are the "User-Interface" and the "System Tray". The client "CLI.exe"s are tuned differently to enhance performance; the "User-Interface" client is optimized to run for short periods of time, whereas the "System Tray" client is designed to run for long periods of time. The "preview.exe" file (used for the 3D preview) is a based on the Win32 process (whereas the rest of the ATI Catalyst™ Control Center is based on the .NET framework), and is strictly an OpenGL application. Note that the preview "preview.exe" process is used only when the "User-Interface" is operating, and is ended as soon as the ATI Catalyst™ Control Center is closed.


----------



## Warlord Jimmy

Thanks for the reply,

I did find out that it was normal for avp.exe to have two processes running, one listed as SYSTEM and another as the user, but in some cases there have been 3 instances of this process (also I doubt very much that it is normal to have the process leeching up to 60% of my CPU). After looking through some other help forums I started to follow some steps which some other users had suggested (including running ATF-Cleaner). I have downloaded HJT and ran a scan with it,

Here is the log which it produced:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:44, on 03/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www1.salesout.co.uk
O15 - Trusted Zone: www2.salesout.co.uk
O15 - Trusted Zone: www3.salesout.co.uk
O15 - Trusted Zone: www9.salesout.co.uk
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114w.bay114.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jimmyandhisduck.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///Z:/SuperCD/IntraLaunch.CAB
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

--
End of file - 12581 bytes

I am currently running a BitDefender Online Scan at the moment, which will be finished in the next 2 hours. So far it has found one virus some "C:\hp\bin\KillWind.exe" "Infected with: Virtool1992". The program has deleted the file.

Also, the CLI.exe cloning thing seems to have sorted itself out after I manually ended the processes.

Thanks for your time and suggestions,

Jimmy.


----------



## ketsueki13

Killwind, unless infected, is actually meant to be part of HP's utilities, but can be used by a virus. If you actually have a HP, it wouldn't have been bad to leave it be. It's used to let HP fix things remotely.
It's commonly considered unwanted now, though.
Anyway, I see a line in here, that looks a bit suspicious, so I'm gonna request this be moved to the malware section.


----------



## dvk01

ketsueki13 said:


> Killwind, unless infected, is actually meant to be part of HP's utilities, but can be used by a virus. If you actually have a HP, it wouldn't have been bad to leave it be. It's used to let HP fix things remotely.
> It's commonly considered unwanted now, though.
> Anyway, I see a line in here, that looks a bit suspicious, so I'm gonna request this be moved to the malware section.


what have you seen that looks suspicious that needs a move

I can't see anything obvious

@Warlord Jimmy

best solution would be update Kaspersky to version 8 (2009) as that deals with the quite well known problem of increased cpu load in several cases and has several other major improvements

provided you have a legitimate licence any upgrade is free

http://support.kaspersky.com/kis2009/install?qid=208279972


----------



## Warlord Jimmy

Hey,

Yeah, I do have an HP, BitDefender picked up that the "C:\hp\bin\KillWind" file was infected with the virus "Virtool.1992", which after doing a google search returned that there are quite a few cases of this.

According to this website:
http://www.ca.com/us/securityadvisor/pest/browse.aspx?let=V&cat=virus%20creation%20tool
It is some sort of "virus creation tool".

BitDefender did delete the file. But the afformentioned problem still remains.

-------------------------

Thanks for the reply dvk01,

I didn't know Kaspersky had a version 8.0 released. Will upgrade it. Let's hope it fixes the problem! :up:


----------



## Phantom010

You should also remove all traces of Symantec from your computer by using the Norton Removal Tool. That might help with most probable conflicts.

You also have an old version of Java. You should update to Java Runtime version 6 update 13.

Other than that, I can't see any suspicious entry in your HJT log.


----------



## Warlord Jimmy

Thanks for all your help guys, 

The problem seems to have been resolved by updating to KIS 2009. 

Although do I still find it strange that I had never had the problem previously after using KIS v7.0 for over a year. Could anyone tell me what they think has caused it? I currently have KIS v7.0 installed on 3 other PCs and they still running fine.

- - -

I will try and get rid of them Norton traces (I guess thats what you get for buying from the likes of Curry's - pre-loaded software  )


----------



## Phantom010

You're welcome!


----------



## dvk01

Update all of them to 2009 

it is a known intermittent problem, frequently where KIS is scanning a zip or large file like a movie etc or when a website with lots of suspicious links are being scanned 

2009 uses a different & improved scanning method that avoids those problems 

the other cause is having KIS set to do a full scan at certain times & that really uses cpu power
make sure it is scheduled for when you will be idle & doing nothing


----------



## Warlord Jimmy

I ran the Norton Removal tool, which would appear to have removed all the traces of Noton from the computer (no Symantec appears in the new HJT log).

Thanks again for your help and thanks for the information Derek, really appreciated! :up:


----------

