Jump to content


Photo

XP Restore etc not working. Spyware?


  • This topic is locked This topic is locked
11 replies to this topic

#1 bobhope

bobhope

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 28 May 2007 - 10:48 AM

Hi there,

Wondering if anyone could shed some light on the problem I have been experiencing recently. I am not sure if its a spyware/malware problem, but it might be.

I have read the FAQ, and followed all the advice before posting this.

Symptoms:

1. The Help and support function is inaccessible. When clicked on in the start menu, nothing happens.

2. System Restore does not open either, even tried opening it through msconfig. no luck. But whats strange is that when i open Task manager, rstrui.exe is there.

3. Internet Explorer will not open to my default home page, or any other page for that matter. Or rather IE opens, but the page is just white. Mozilla firefox works perfectly though. This is what I am currently using to post this. I've tried to type in several URL's, but the progress bar at the bottom just moves slowly and nothing ever happens. The IE Plugin for firefox also does not work.

What I've done to try and fix these problems, so far without any luck:

- I tried to change all the internet explorer settings to default in Internet options.
- I tried to see if I had perhaps disabled any needed services by mistake, but hadn't.
- Ran Lavasoft Ad-aware 6 (Fully updated)
- Ran Spybot search and destroy (Fully updated)
- Ran Combifix (Log included)
- Ran Ewido Anti Spyware (Found some things, Log included)
- Ran Hijackthis (log included)
- Could not run any of the online scans suggested because they seem to require Internet Explorer.

Like i said, i don't know for sure that this is spyware related, but these symptoms seemed to come out of nowhere, and i don't remember doing anything specific that could have caused them. Any help or advice would be greatly appreciated, whenever you lot have a spare moment!

Logs:

Combifix :

"Noe-Noe" - 2007-05-27 20:27:19 Service Pack 2 [SAFE MODE]
ComboFix 07-05.27.V - Running from: "D:\OrangeMedia\downloads\Applications\Combofix\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))


2007-05-27 19:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-27 18:47 <DIR> d-------- C:\bintheredunthat
2007-05-26 23:07 14 --a------ C:\WINDOWS\system32\SR2.dat
2007-05-26 23:05 <DIR> d-------- C:\WINDOWS\58DD514344174F43A7DD5B8B29CEDBEA.TMP
2007-05-26 19:59 <DIR> d-------- C:\Program Files\Ahead
2007-05-26 19:22 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-05-25 17:31 2,705,112 --a------ C:\WebfettiSetup2.2.60.11.exe
2007-05-25 13:51 <DIR> d-------- C:\Program Files\Tor
2007-05-25 13:35 <DIR> d-------- C:\Program Files\Privoxy
2007-05-25 12:10 <DIR> d-------- C:\Program Files\CCleaner
2007-05-22 20:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-22 20:27 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-22 19:38 1,572,864 --ah----- C:\Documents and Settings\Noe-Noe\NTUSER.DAT
2007-05-19 12:19 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Tor
2007-05-05 22:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.netbeans
2007-05-03 20:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-03 20:55 <DIR> d-------- C:\Program Files\QuickTime
2007-05-02 18:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-05-02 18:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-05-02 18:35 <DIR> d-------- C:\Program Files\netbeans-4.0
2007-05-02 18:33 <DIR> d-------- C:\Program Files\JCreatorV3LE
2007-05-02 17:45 <DIR> d-------- C:\Program Files\LimeWire


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-27 16:17:04 -------- d-----w C:\Program Files\Ad-aware 6
2007-05-27 13:47:31 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\Help
2007-05-26 21:08:29 -------- d-----w C:\Program Files\Norton SystemWorks
2007-05-26 21:08:28 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-26 21:07:02 -------- d-----w C:\Program Files\Symantec
2007-05-26 20:46:00 -------- d-----w C:\Program Files\AVG Antivirus
2007-05-26 17:35:07 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\Real
2007-05-25 12:13:50 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\Tor
2007-05-23 10:15:14 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\vlc
2007-05-23 09:05:13 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\TrueCrypt
2007-05-22 19:51:27 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\Symantec
2007-05-22 19:38:14 -------- d-----w C:\Program Files\Copernic Desktop Search
2007-05-22 18:05:44 -------- d-----w C:\DOCUME~1\Noe-Noe\Application Data\ACD Systems
2007-05-19 09:37:49 -------- d-----w C:\Program Files\Network Associates
2007-05-19 09:36:43 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-01 21:21:09 3,850 ----a-w C:\WINDOWS\mozver.dat
2007-04-23 17:20:21 -------- d-----w C:\Program Files\ScannerU
2007-04-23 17:16:14 -------- d-----w C:\Program Files\NewSoft
2007-04-16 15:40:10 70,129 ----a-w C:\AVG7QT.DAT
2007-04-16 15:17:26 23,424 ----a-w C:\WINDOWS\system32\drivers\avgmfrs.sys
2007-04-10 18:55:18 -------- d-----w C:\Program Files\Xilisoft
2007-03-30 10:58:13 -------- d-----w C:\Program Files\ApexDC++


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\AVG Antivirus\avgcc.exe" [2007-04-16 17:42]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=C:\PROGRA~1\AVG Antivirus\avgw.exe /RUNONCE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoInstrumentation"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
"C:\Program Files\BCWipe\BCWipeTM.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

*Newly Created Service* -AVGASCLN

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-27 20:29:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wampmysqld]
"ImagePath"="\"C:\Program Files\wamp\mysql\bin\mysqld-nt.exe\" \"--defaults-file=C:\Program Files\wamp\mysql\my.ini\" wampmysqld"

Completion time: 2007-05-27 20:31:18

--- E O F ---

Ewido :

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:32:46 28/May/07

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
D:\System Volume Information\_restore{0B35E552-D9FA-4529-831C-8CBD5D6CD941}\RP327\A0048276.exe -> Hijacker.Befins.b : No action taken.
C:\RECYCLER\NPROTECT\00000016.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000017.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000018.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000019.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000020.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000021.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000022.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000023.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000024.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000025.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000026.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000027.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000028.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000029.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000030.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000031.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000032.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000033.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000034.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000035.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000036.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000037.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000038.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000039.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000040.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000041.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000042.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000056.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000057.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000058.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000059.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000063.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000064.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000065.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000066.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000070.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000071.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000072.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000073.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000074.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000075.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000076.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000077.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000078.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000079.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000080.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000081.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000082.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000083.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000084.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000085.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000086.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000087.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000088.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000089.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000090.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000091.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000095.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000096.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000097.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000098.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000099.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000100.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000101.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000102.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000103.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000104.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000105.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000106.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000107.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000108.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000109.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000110.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000111.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000112.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000113.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000114.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000115.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000116.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000117.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000118.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000119.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000120.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000121.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000122.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000123.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000124.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000125.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000126.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000127.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000128.y -> TrackingCookie.Yieldmanager : No action taken.
C:\RECYCLER\NPROTECT\00000129.y -> TrackingCookie.Yieldmanager : No action taken.


::Report end

And finally, Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 16:35:17, on 28/May/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\OrangeMedia\downloads\Applications\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mymaties.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.sun.ac.za/sunproxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: - {4f3b4aae-a050-4afd-8b56-5852fbcafe33} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: - {58ec85b7-0be0-4ce0-ba89-f4ecf8b0c4ab} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG Antivirus\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZK
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\Script Blocking\SBServ.exe (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)



Thanks in advance.
bobhope.

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,527 posts

Posted 31 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 31 May 2007 - 08:18 AM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

1. The Help and support function is inaccessible. When clicked on in the start menu, nothing happens.


Go to this link
http://windowsxp.mvp...artmenuhelp.htm

Download and run the startmenuhelp.reg file.
Just double click the .reg file and accept the change.

2. System Restore does not open either, even tried opening it through msconfig. no luck. But whats strange is that when i open Task manager, rstrui.exe is there.


Try this fix.
http://www.annoyance...nxp/t1043249447
If not sure what to do just let me know.

3. Internet Explorer will not open to my default home page, or any other page for that matter.


Start, Run, type in cmd, press enter

At the DOS prompt execute the following commands, one by one.
Press the enter key after each entry

regsvr32 urlmon.dll
regsvr32 Shdocvw.dll
regsvr32 Msjava.dll
regsvr32 Actxprxy.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 Browseui.dll
regsvr32 Shell32.dll


Type Exit press enter to return the operating mode.

Reboot normally.

Is Internet Explorer available now?

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: - {4f3b4aae-a050-4afd-8b56-5852fbcafe33} - (no file)
O2 - BHO: - {58ec85b7-0be0-4ce0-ba89-f4ecf8b0c4ab} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZK


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally to reset the registry.

Submit a fresh HijackThis log and let me know what problem remains.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 bobhope

bobhope

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 31 May 2007 - 02:07 PM

Hi there,

Well, thanks so much for taking the time to help me out! I really do appreciate it. Internet is amazing. Who would have thought I'd be getting direct PC troubleshooting advice from someone in Canada! Other side of the world. hehe

Anyway, back to business...

I'm did all the things you said I should do in your post, but I'm afraid, so far there has been no change.

- Help and support still doesn't respond.

- System restore is unavailable, even through msconfig, while I still see that rstrui.exe is running when I look in task manager.

- and internet explorer has only minimal functionality. This is where i believe there is an improvement, but I'm not sure. This computer is part of my university network, and then connects to the internet via a proxy server.
Some of the university sites on the intranet work fine, but not all of them. My homepage is one of the ones that doesn't. Also, no sites on the internet work(ie. those that i need the proxy for...tried google, facebook etc. to no avail)

- Another symptom that has changed or become a bit worse is the system speed. It really does seem to be slower than it was even 3 days ago when I first decided to post here. And windows seems to be using more ram than it used to. (I frequently check the task manager while doing things, mainly out of interest/curiosity, thats how I noticed. Its using about 210 mb of ram where I only remember it using 180mb or less before.)


Anyway, here is the latest HijackThis log, done after having performed all the things in your post and rebooting as you suggested :

Logfile of HijackThis v1.99.1
Scan saved at 20:53:42, on 31/May/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG Antivirus\avgamsvr.exe
C:\PROGRA~1\AVG Antivirus\avgupsvc.exe
C:\PROGRA~1\AVG Antivirus\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG Antivirus\avgcc.exe
C:\WINDOWS\system32\Restore\rstrui.exe
D:\OrangeMedia\downloads\Applications\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mymaties.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.sun.ac.za/sunproxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG Antivirus\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\Script Blocking\SBServ.exe (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)


Thanks again for all our efforts! Much appreciated.
bobhope

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 31 May 2007 - 02:44 PM

Lets take it one step at a time.

1st System Restore.

Open HijackThis
Click: None of the above, just start the program.
Click: Config
Click: Misc Tools
Click: Open Process Manager
. Look for both this process and click on Kill Process.

C:\WINDOWS\system32\Restore\rstrui.exe

Restart the computer normally.

Go to this site.
http://windowsxp.mvps.org/repairsr.htm

Execute the instructions.

Let me know if you can execute the instructions without any error message.

Submit a fresh HijackThis log for my review.

Let me know of the pending problems.

p.s. confirm to me that you are running HijackThis in Normal Mode and NOT Safe Mode.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 bobhope

bobhope

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 June 2007 - 06:10 AM

Hi there,

Well, I followed the instructions on the site, and the reinstall of System Restore was successful. I restarted the computer and then tested to see if restore was working, but it isn't...

I am running HijackThis in normal mode, not Safe mode. Should I be in safe mode?


Thanks for your persistence, I really do appreciate all your efforts!

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 13:13:41, on 01/Jun/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG Antivirus\avgamsvr.exe
C:\PROGRA~1\AVG Antivirus\avgupsvc.exe
C:\PROGRA~1\AVG Antivirus\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG Antivirus\avgcc.exe
D:\OrangeMedia\downloads\Applications\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mymaties.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.sun.ac.za/sunproxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG Antivirus\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Antivirus\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\Script Blocking\SBServ.exe (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 01 June 2007 - 07:07 AM

HijackThis log must be submitted in normal mode. Thats good.

The log is clean.

Your Java is outdated. Please update.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions. <- important.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Restart the computer after the installation.

When completed.
Method 1: Microsoft Internet Explorer 6.x Repair for Windows XP

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Method 2: Microsoft Internet Explorer 6.x Repair for Windows XP

From the Start menu, select Search, select All Files and Folders.
Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.
Ensure that Search System Folders and Search Subfolders are also checked.
In the All or Part of the File Name box, type ie.inf
In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.
Click the Search button.
In the search results pane, find the ie.inf file located in Windows\Inf folder.
Right click the ie.inf file and click Install on the context menu.
Reboot the computer when the file copy process is complete.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 bobhope

bobhope

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 June 2007 - 06:38 AM

Hi nasdaq,

Well. This is a frustrating business, isn't it?! You must have alot of patience... :-) I know I've said it before, but I do appreciate all your help very much. I hope we can find a solution to this damn thing. Having said that though, from reading some of the other posts, the problems I'm having are fairly mild!

Anyway,

I uninstalled all the previous versions of Java runtime, and installed the newest one. Then I ran the other thing you had me do. I must say, I would have thought that that would have done it, but I'm afraid nothing has changed so far. Another symptom which has been there from the beginning that I think I neglected to mention is that I also cannot get into the windows user accounts through control panel. I wanted to change my passwords because one of those spyware scans earlier picked up a keylogger, but now I can't even do THAT...

Well, I'm not sure if you wanted another HijackThis log, because you said it seemed to be clean last time? Let me know if you need one.

Also, although we obviously haven't figured out the problem yet, have you got any idea what could have caused this? I mean if it wasn't spyware, and I don't remember doing anything to mess up any settings? Do things just stuff up for no reason sometimes or what?

*Sigh* Computers are great, but they sure do annoy me sometimes! ha ha.

I hope there is still something more you can think of to help. Looking forward to your reply, and thanks again!

bobhope

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 04 June 2007 - 08:32 AM

Control Panel Does Not Open
http://support.microsoft.com/default.aspx?scid=kb;en-us;221153
Look at the Windows NT solution.

Or your control.exe may be damaged.

Go to this site.
http://www.richardthelionhearted.com/~merijn/winfiles.html#control
Download the control.exe for your XP.

Let me know what problem remains.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 bobhope

bobhope

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 09 June 2007 - 06:19 AM

Hello again,

I'm not sure if I wasn't clear, but the problem is not control panel itself. That works fine, and I can get into most things inside control panel, except user accounts.

In any event, I downloaded the fresh copy of Control.exe and put it in the windows/system32 folder, overwriting the old one, then rebooted, but alas, the problems remains...

Thanks for this. I'm sure you're getting a bit sick of this by now!? But I hope you can still hang in there for me. I'm sure we'll hit on a solution soon! Well, hopefully that solution is not to reinstall windows! Hopefully that would only be a last resort though.

Having said that, is it possible to reinstall just the windows system files, and leave all the installed programs and stuff on the hard drive intact? If thats all that could fix it, I wouldn't be opposed to it, its just that I don't have complete backups of the stuff on this computer, so formatting would be a real pain in the arse. And the reason I can't back it up now is that my nero express stopped working in the beginning of this problem, so I couldn't write any CD's or DVD's at all.

Thats when I tried to do a system restore and discovered all the rest of the problems. I uninstalled NERO and tried to reinstall it again, but it wouldn't install. It came up with some error about a audio olugin. I have no idea what to do about that..

I tried to download a newer version of NERO and install that, but it came up with the same error message..

Anyway, looking forward to your reply.

Bob Hope.

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 09 June 2007 - 07:36 AM

I can get into most things inside control panel, except user accounts.


I Used google and search for this string "Cannot access User Accounts" no quotes.

I got many hits, you can have a look at it and see if you can find a solution.
Let me know if you get any error message so that I can further the search on my end.

I tried to download a newer version of NERO and install that, but it came up with the same error message..


Again the exact error message is your friend.
What is it?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 20 June 2007 - 08:14 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!