Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken.


  • This topic is locked This topic is locked
13 replies to this topic

#1 geofade

geofade

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 12 February 2010 - 10:41 PM

Hi, I got these nasty viruses on my computer and you guys have been awesome in helping me in the past, so I used that knowledge to clean out my computer..... but my computer still has some more funk in it that I need to get rid of and i dont know how to deal with it....
Here is a scan I ran and this is what comes up.....
Please help!,,,, I want to completely purge my comp if that is at all possible!
Thanks!
Geo


Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/11/2010 10:23:45 PM
mbam-log-2010-02-11 (22-22-16).txt

Scan type: Quick Scan
Objects scanned: 130674
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> No action taken.

Edited by geofade, 12 February 2010 - 10:42 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:03 AM

Posted 13 February 2010 - 05:34 AM

As no logs have been posted, I am shifting this topic from the specialized Malware Removal forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Please describe the issues you are experiencing with your computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 geofade

geofade
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 14 February 2010 - 07:05 PM

Can some one please help??
Thanks!
Geo

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 PM

Posted 14 February 2010 - 07:11 PM

Your Malwarebytes Anti-Malware log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead just click "Save Logfile" or save the report before having MBAM remove the threats.

Rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

The database in your previous log shows 3510. Last I checked it was 3739.

If you cannot update MBAM through the program's interface and have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, be aware that mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 geofade

geofade
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 18 February 2010 - 06:24 PM

Hey Quitman7,
Thanks for helping me....
Here is the log after I updated MBAM.....
Whats next?
Geo :thumbsup:


Malwarebytes' Anti-Malware 1.44
Database version: 3757
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/18/2010 3:09:15 PM
mbam-log-2010-02-18 (15-09-15).txt

Scan type: Full Scan (C:\|D:\|P:\|)
Objects scanned: 238176
Time elapsed: 57 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 PM

Posted 18 February 2010 - 06:39 PM

Your Malwarebytes Anti-Malware log indicates some files will be deleted on reboot. If MBAM encounters a file that is difficult to remove, you need to restart the computer so the malware can be fully removed. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. If you have not rebooted, make sure you do this. When done, rescan again with MBAM (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning. Then click the Logs tab and copy/paste the contents of the new report in your next reply. If you did reboot, then rescan again anyway and post a new log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 geofade

geofade
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 18 February 2010 - 07:06 PM

Hey Quietman7,
Here is the log....
I can't get rid of the rootkit agent.....
Thanks for your help!
Geo :thumbsup:



Malwarebytes' Anti-Malware 1.44
Database version: 3759
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/18/2010 4:04:45 PM
mbam-log-2010-02-18 (16-04-45).txt

Scan type: Quick Scan
Objects scanned: 136267
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internetsecurity10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internetsecurity10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> Delete on reboot.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 PM

Posted 18 February 2010 - 09:16 PM

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Posted Image > Run..., then copy and paste this command into the open box: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Important: Before performing an anti-rootkit (ARK) scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Both Legitimate programs and rootkits can hook into and alter this table. You should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 geofade

geofade
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 19 February 2010 - 02:57 AM

Hey Quietman7.
Here is the log of the scan....
I disabled antivirus programs and I also discconected from the internet and cleaned temp files.....
when sophos rebooted, it said
-Error: Failed to remove file ( A device attached to the system is not functioning

All your help is appreciated to get this out!....
Thanks
Geo :thumbsup:

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 2/18/2010 at 21:47:32 PM
User "HP_Administrator" on computer "PINOLE"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Stopped logging on 2/18/2010 at 21:49:35 PM


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 2/18/2010 at 21:56:41 PM
User "HP_Administrator" on computer "PINOLE"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Stopped logging on 2/18/2010 at 21:56:44 PM


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 2/18/2010 at 21:59:12 PM
User "HP_Administrator" on computer "PINOLE"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\system32\drivers\eceuh.sys
Info: Starting disk scan of D: (FAT).
Info: Starting disk scan of P: (FAT).
Stopped logging on 2/18/2010 at 22:28:29 PM

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 PM

Posted 19 February 2010 - 08:10 AM

If you are are using a CD Emulator (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infection, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by CM Emulators. Since CD Emulators use a hidden driver which can be seen as a rootkit and can interfere with investigative tools or cause other problems, it is recommended that they be removed or disabled until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFoggerexe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Please rescan with Sophos AntiRootkit again and select to remove the following entry(s) if still present.
Hidden: file C:\WINDOWS\system32\drivers\eceuh.sys
  • Follow the prompts to remove them and restart your computer.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and exit the program when done.
Then rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 geofade

geofade
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 19 February 2010 - 08:56 PM

hey quietman7.
here is the log from the last mbam scan......
apparently the rootkit cant be deleted.... I ran defogger and uninstalled dvdripper and dvd drag and drop.....
is this a bad thing in my computer?
thanks
Geo :thumbsup:



Malwarebytes' Anti-Malware 1.44
Database version: 3764
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/19/2010 3:00:16 PM
mbam-log-2010-02-19 (15-00-16).txt

Scan type: Quick Scan
Objects scanned: 136475
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\eceuh.sys (Rootkit.Agent) -> Delete on reboot.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 PM

Posted 20 February 2010 - 08:47 AM

Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is hidden piece of malware (i.e. rootkit) which has not been detected by your security tools that protects malicious files and registry keys so they cannot be permanently deleted. Other types of malware can even terminate your security tools by changing the permissions on targeted programs so that they cannot run or complete scans. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 geofade

geofade
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 20 February 2010 - 09:15 PM

Thanks Quietman7 for all the help!
Geo :thumbsup:

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:03 PM

Posted 20 February 2010 - 09:21 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/297352/infected-with-rootkit-agent/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users