Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Start Up List


  • Please log in to reply
23 replies to this topic

#1 igonuts2

igonuts2

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:06:34 AM

Posted 04 August 2007 - 02:59 PM

hi bc,

oringinal issue,,,pc slow and norton has some issues that per the norton help site says it's a computer based issue (trojan).
adaware se found and remooved C:\System Volume Information\_restore{5A31C1C5-751B-44C8-B9D7-C8594CD5FAD1}\RP21\A0027190.exe, spybot sd clean, norton keeps finding and removing "savescan" adware. CCleaner used prior to scans.

two entries, bold, that aren't in data base. no info via google, "processlibrary.com", or "programchecker.com"

any ideas????

also RegistryPowerCleaner unistall doesn't show in "control pannel", "all programs", program files, or spybot. it wasn't a voluntary download. google shows that it is considered possible malware(?), not sure 'bout that.

dell pc
xp sp2

generated by spybot sd


Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25be770865658cb79100117112819a7c
Located: HK_LM:Run, DLA
command: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
file: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
size: 122940
MD5: 5b1d53e352db12e14987decde1b17906
Located: HK_LM:Run, DLCFCATS
command: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
file:
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 303557c7f562e667b66fa406b7fa07bd
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 41e653a8852072673e9fa230d360f7a9
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: fb9e5c251cf6c37749f296bacb34a69b
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763dab43bdab27316dbf3373192823d7
Located: HK_LM:Run, NI.UGA6P_0001_N105M2704
command: "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6IIL7EKT\install_en[1].exe" -nag
file:
Located: HK_LM:Run, osCheck
command: "C:\Program Files\Norton Internet Security\osCheck.exe"
file: C:\Program Files\Norton Internet Security\osCheck.exe
size: 771704
MD5: 74867f6aaf1badda7e7c0e6e63a20732
Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: dbb1666dca5d49f8483cbfbeb7551c3a
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 7fbe43046efdf24fc9375024e4d02ac9
Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\Core\smax4pnp.exe
file: C:\Program Files\Analog Devices\Core\smax4pnp.exe
size: 1404928
MD5: 10247c15d999cc116c87da36bd0ad64d
Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 517768
MD5: c837d17de0b349539aa527ee750ebe2a
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77c03bf23ae56b0a31ae4d5bb4b3d0ac
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259
Located: HK_CU:Run, RegPowerClean
command: "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
file:
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38
Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: e616a6a6e91b0a86f2f6217cde835ffe
Located: HK_CU:Run, Yahoo! Pager
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4670968
MD5: 81bcd9b9a86c3559f5bcfe56519a9a19
Located: Startup (user), SpywareGuard.lnk
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61c028aba5e49573a6332f4a7c744e87
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, igfxcui
command: igfxdev.dll
file: igfxdev.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

ty for any input

Edited by igonuts2, 04 August 2007 - 03:26 PM.

Why work when you can play!

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:34 AM

Posted 04 August 2007 - 03:37 PM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:34 AM

Posted 04 August 2007 - 03:46 PM

Hi, igonuts2, I am Oldf@rt, and I will try to help you solve the problems that you are having.

The first two things that I would like for you to try are Rogue Remover Free and superantispyware.
  • Please download Rogue Remover Free from Malwarebytes.
  • Please save the file to your normal saved file location or the desktop
  • double click on rr-free-setup to run the installation program
  • accept the license agreement.
  • follow all the steps and click finish to run the program
  • Click the check for updates link
  • click the scan link to start scanning
  • when done, follow the onscreen directions to remove anything that it found.
Next, Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
It is imperative that I get the results so that I an determine if you need to post a hijack this log.

Thank You, Oldf@rt.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#4 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:06:34 AM

Posted 04 August 2007 - 04:01 PM

ty buddy, i should respond to a board member, i know you understand, repecfully.

ty oldf@rt, ty for the quik response. get right on it.
Why work when you can play!

#5 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:34 AM

Posted 04 August 2007 - 05:07 PM

igonuts2, when you get done with the SAS and Rogue remover, move on to buddy 215s link for bitdefender, and post the scan results for that also.

Edited by oldf@rt, 04 August 2007 - 05:08 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#6 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:06:34 AM

Posted 04 August 2007 - 06:10 PM

oldf@rt sir,

will follow your latest instructions.

heres what i've done so far,,,,,

rougeremover found and removed video x and rouge music. couldn't retrieve details.

SAS was clean.... hour and fifteen minutes!!!!!

forgot to mention in original post, found C:\Program Files\Blink\Blink.exe in NIS fire wall control. removed via it's own uninstall program before original post.

after the scans you requested and via NIS firewall i found and blocked the following; C:\Program Files\Blink\Blink.exe and C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe

still can't enable NIS anti phishing. get the same error re; trojan. i think something was mallisously disabled. might be an NIS thing now. r&r needed after the fact. getting a head ache. but i was able to enable NIS firewall. those were the two NIS issues that started these quiries.

i haven't disabled anything in start up or disabled sys restore and reboot for two days since trouble shooting this

files are not hidden on pc.

i saw that SAS scanned "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe". looking after SAS scan and it's not there. or can't be seen.

this pc is on broadband cable. NIS has been periodicaly reporting a threat attack re; "adware savenow" for the last day and even as requested scans were running.

ty both fer the help. moving on to buddy215 suggestion. will advise.

Edited by igonuts2, 04 August 2007 - 06:12 PM.

Why work when you can play!

#7 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:34 AM

Posted 04 August 2007 - 07:03 PM

Let us know, please. Blink.exe is probably a worm bitdefender should find it.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#8 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:06:34 AM

Posted 04 August 2007 - 07:13 PM

don't try to save those bit defender logs to text. comes out gobbledygook.
tried to clean it up.

bit defender log;

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUJ0TA3\upgrade[1].cab=>upgrade.exe=>(NSIS o) Infected with: Backdoor.Agent.AQR

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUJ0TA3\upgrade[1].cab=>upgrade.exe=>(NSIS o) Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUJ0TA3\upgrade[1].cab=>upgrade.exe=>(NSIS o) Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUJ0TA3\upgrade[1].cab=>upgrade.exe=>(NSIS o) Update failed

C:\Program Files\Blink\Blink_deleted_\blink.dll Infected with: Backdoor.Agent.AQR

C:\Program Files\Blink\Blink_deleted_\blink.dll Disinfection failed

C:\Program Files\Blink\Blink_deleted_\blink.dll Deleted

C:\System Volume Information\_restore{5A31C1C5-751B-44C8-B9D7-C8594CD5FAD1}\RP16\A0016151.dll Infected with: Backdoor.Agent.AQR

C:\System Volume Information\_restore{5A31C1C5-751B-44C8-B9D7-C8594CD5FAD1}\RP16\A0016151.dll Disinfection failed

C:\System Volume Information\_restore{5A31C1C5-751B-44C8-B9D7-C8594CD5FAD1}\RP16\A0016151.dll Deleted

C:\System Volume Information\_restore{5A31C1C5-751B-44C8-B9D7-C8594CD5FAD1}\RP53\A0064276.dll Infected with: Backdoor.Agent.AQR

C:\System Volume Information\_restore{5A31C1C5-751B-44C8-B9D7-C8594CD5FAD1}\RP53\A0064276.dll Disinfection failed

C:\System Volume Information\_restore{5A31C1C5-751B-44C8-B9D7-C8594CD5FAD1}\RP53\A0064276.dll Deleted

btw, the blink stuff was still there (dll files) after using it's own uninstall program.

only bit defender tagged it as infected.

spybot and HJT still show C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe in startup, (not showing in msconfig), but even w/sys,prog, and hidden files unticked, i can't see it.

but the firewall is up. very important w/cable.

still have'nt rebooted w/ sys restore disabled.

i seem to be running a little faster.

ty both

advise,,,,

Edited by igonuts2, 04 August 2007 - 07:21 PM.

Why work when you can play!

#9 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:06:34 AM

Posted 04 August 2007 - 07:24 PM

ty for the info on blink worm. i did find that as well. good thing none of the infectable programs are used on this pc.

awaiting
Why work when you can play!

#10 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:34 AM

Posted 04 August 2007 - 07:24 PM

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
I need you to post a hijack this log, please reference this thread.
  • A new version of HijackThis has now been released, so before you post your log please download and install the new version
  • download the installer for Hijack this, and save it to your desktop.
  • Double click on the HJTinstall to run the installer.
  • Agree to install
  • Agree to the license agreement.
  • Hijack this will then open.
  • Click on the do a system scan and save a logfile.
  • notepad will open with your log.
  • post the log in the hijack this forum
  • If you get no answer in 5 days post a request here
Thank You, OF

Edited by oldf@rt, 04 August 2007 - 07:26 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#11 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:06:34 AM

Posted 04 August 2007 - 07:46 PM

ty sir, you put in too many hours.

you gotta like doing this. i get a head ache.

i'm sorry but i have to eat something. 53 and low sugar. later tonite i will do as you reqest and reference this thread and post both logs in hjt forum.

if i don't communicate w/ you there, ty very much for your very quick response and aid. u2 buddy215

Edited by igonuts2, 04 August 2007 - 07:46 PM.

Why work when you can play!

#12 buddy215

buddy215

  • BC Advisor
  • 12,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:34 AM

Posted 04 August 2007 - 09:21 PM

Check out the info at pchell for removing save now and NewDotNet. NewDotNet is responsible for the Regpower cleaner that you have according to Site Advisor.
http://www.pchell.com/support/savenow.shtml

Info from McAfee Site Advisor
http://www.siteadvisor.pl/sites/freeze.com...nloads/3444951/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:06:34 AM

Posted 04 August 2007 - 11:23 PM

ty buddy,
i was aware of new.net but didn't know of it's relationship w/savenow and regpower.
a lot of music has been dl'd so it is starting to make some sense.

since i can't view the regpower i might have to do the at site removal. hate to even go there.

DrWeb-CureIt found and couldn't cure but moved;

RicochetRechargedSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
VeniceSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;

i've seen trymedia before and usualy adaware se can deal with it but the last entry, C:\WINDOWS\system32;Tool.Prockill;; i've never seen

off to hjt forum.

ty both again
Why work when you can play!

#14 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:34 AM

Posted 05 August 2007 - 12:33 AM

igonuts2 (BTW, love the name)


Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Thank You

Oldf@rt

Edited by oldf@rt, 05 August 2007 - 12:33 AM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#15 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:06:34 AM

Posted 05 August 2007 - 01:32 AM

ty sir,

wouldn't dream of it.

you work too hard sir.

rss feed on my home pg shows you posting as late as 8 something pm.

and this confirms it. or maybe you're retiered like me and just bored.

either way ty again
Why work when you can play!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users