Bruce: > i'm inclined to think the processs is something on his server... > > now, how it got there is a curious issue that he's going to have to > address.. This is precisely the point. An unauthorized user currently has the ability to run processed on the machine. We do not know what they have already done or will do to the machine. We have to assume the entire machine is suspect and therefore it needs to be wiped. Neil -- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details.