Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Double-checking that I'm not infected with a rootkit


  • This topic is locked This topic is locked
13 replies to this topic

#1 MML

MML

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 07 February 2011 - 08:03 AM

Oy, I can't believe I'm here again, but I wanted to cross the T's and dot the I's on this one. I have a Compaq Presario CQ62-215DX, running Norton Internet Security and firewall through Windows 7.

A few days ago, I had a bluescreen while shutting down my computer: here's the details:

020211-31200-01.dmp 2/2/2011 7:46:46 AM FILE_SYSTEM 0x00000022 00000000`bef00c64 00000000`00000001 fffff880`05e5d2b8 fffff880`05e5cb20 Sftfslh.sys Sftfslh.sys+956b0 x64 C:\Windows\Minidump\020211-31200-01.dmp 1 15 7600

I was just browsing the Onion AV Club and clicked a link there. My Norton AV reported that an intrusion attempt by my own computer was blocked, identifying a HTTP Fake AV Webpage Request 1 and a different attacking URL, followed immediately by blocked attacks by an HTTP Java Obe Toolkit Activity 1 and identifying another attacking URL. Intrusion Prevention Signature Auto Block blocked the attacking IP, which also laucnhed attempted HTTP Phoenix Toolkit Activity, all taking place within a single minute.

It's been an hour since that occurred, and I haven't seen any ill effects to my computer. So far, I've run GMER, Malwarebytes, Norton and ESET, and all have come up clean. Should I relax about it, or is there something more I should check?

ETA: Have run SuperAntiSpyware, and they've popped up with Trojan.Agent/Gen-IEFake and Trojan.Agent/Gen-IEExplorer[Fake]. Waiting to see if cleansing shall work...

Edited by MML, 07 February 2011 - 09:35 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 PM

Posted 07 February 2011 - 01:21 PM

Please post the results of your SUPERAntiSpyware scan for review.

To retrieve the SAS scan log information, launch SAS.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.

Please post the results of your last MBAM scan for review (even if nothing was found).

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 MML

MML
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 07 February 2011 - 07:57 PM

Here's the log!


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/07/2011 at 07:29 PM

Application Version : 4.41.1000

Core Rules Database Version : 6350
Trace Rules Database Version: 4162

Scan type : Complete Scan
Total Scan Time : 11:26:16

Memory items scanned : 747
Memory threats detected : 0
Registry items scanned : 14185
Registry threats detected : 0
File items scanned : 197104
File threats detected : 10

Adware.Tracking Cookie
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@doubleclick[1].txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@r1-ads.ace.advertising[1].txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@advertising[2].txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@at.atwola[1].txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@tacoda.at.atwola[2].txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@pointroll[2].txt
media2.y3.com [ C:\Users\melissa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV2AGJUU ]

Trojan.Agent/Gen-IEFake
C:\USERS\MELISSA\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE
C:\USERS\MELISSA\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\MELISSA\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE

Ooops, and the MWB log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5701

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/7/2011 7:42:30 AM
mbam-log-2011-02-07 (07-42-30).txt

Scan type: Quick scan
Objects scanned: 157039
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ETA: Cleaning went through - ran a second scan to double-check and it came up clean.

Double ETA: I'm getting booted off my wireless connection fairly frequently (anywhere to once every ten minutes to several times a minute), but I'm not sure if it's my router or my laptop.) Unplugged my router and plugged it back in - working beautifully again.

Another ETA: The first instance of severe trouble my Norton's logged was a downloader named drspoccy8txx5.class that was quarantined after a java update January 5th. I didn't even notice that it blocked that infection; would this be the result of any stragglers left from it?

Edited by MML, 08 February 2011 - 02:33 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 PM

Posted 08 February 2011 - 07:48 AM


What Norton found was most likely a threat(s) in the Java cache.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:
Also be aware that older versions of Java have vulnerabilities that malicious sites can use to exploit and infect your system. That's why it is important to always use the most current Java Version and remove outdated Java components.Even Java advises users to always have the latest version of the Java since it contains security updates and improvements to previous versions.

The latest Java version contains important enhancements to improve performance, stability and security of the Java applications that run on your machine. Installing this free update will ensure that your Java applications continue to run safely and efficiently.

Why should I upgrade to the latest Java version?
Why should I upgrade to Java 6?

You can verify (test) your JAVA Software Installation & Version here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 MML

MML
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 08 February 2011 - 11:11 PM

Cleared my java cache and the cache on my Chrome and used TFC to double-check my Windows cache was clean. I have Java update 23 so it's all up to date! Managed to run Windows updates and all went smoothly - also ran another SAS scan and nothing was picked up!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 PM

Posted 09 February 2011 - 12:35 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 MML

MML
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 10 February 2011 - 01:00 AM

Did so just now :)

EDIT: Aha, I just noticed something new pop up in an SAS - Trojan.Agent Gen. I think it might be a false positive? It's recognizing RKill as one. I won't do anything without advice, of course.

SAS Report:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/10/2011 at 03:54 AM

Application Version : 4.41.1000

Core Rules Database Version : 6371
Trace Rules Database Version: 4183

Scan type : Complete Scan
Total Scan Time : 03:45:08

Memory items scanned : 795
Memory threats detected : 0
Registry items scanned : 14178
Registry threats detected : 0
File items scanned : 201314
File threats detected : 9

Adware.Tracking Cookie
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@doubleclick[2].txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@advertising[2].txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@at.atwola[1].txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@tacoda.at.atwola[1].txt
C:\Users\melissa\AppData\Roaming\Microsoft\Windows\Cookies\melissa@doubleclick[1].txt
i.adultswim.com [ C:\Users\melissa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LGPQYUQH ]
media.mtvnservices.com [ C:\Users\melissa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LGPQYUQH ]
secure-us.imrworldwide.com [ C:\Users\melissa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LGPQYUQH ]

Trojan.Agent/Gen
C:\USERS\MELISSA\DOWNLOADS\RKILL.EXE

EDIT: Slow boot-up today, perhaps due to Adobe Reader update? During that install, Norton blocked access by MSIEXEC.EXE and allowed consent.exe and Consent UI for administrative applications to operate. Post update, speed is good, though I'm losing connections repeatedly. I can see the connection speed slow over at my tower. Seems to happen at the same time every day. Further advice would be appreciated!

Edited by MML, 10 February 2011 - 07:20 PM.


#8 MML

MML
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 12 February 2011 - 07:46 AM

Bumping because I have fresh symptoms:

* My computer is losing connectivity every twenty to ten minutes or so, intermittently. Surfing speed alternates between being so-so and excellent.

* It boots up well but loads Windows slowly, and shuts down slowly as well.

* Received an error that said my Network had rejected my Chrome's attempt to connect to it because sometimes it recognizes Chrome as an attacking program (?) refreshed, and could connect.

* After updated my Chrome to a new version, the history has been self-refreshing several times a minute.

All scans are coming up clean, so I'm stumped :/

ETA: I hope I didn't break forum rules by bumping my topic but I was having trouble editing it at the time :P

Double ETA: The following just popped up in a GMER Scan:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-12 08:48:22
Windows 6.1.7600
Running: roxte676.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 24298

File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\b3cd360f-a788-483e-b971-7b4bb1c60193.png 5426 bytes

Edited by MML, 12 February 2011 - 09:09 AM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 PM

Posted 12 February 2011 - 09:06 AM

EDIT: Aha, I just noticed something new pop up in an SAS - Trojan.Agent Gen. I think it might be a false positive? It's recognizing RKill as one. I won't do anything without advice, of course.

RKill is not malware.

On a final note, when you download and run RKill, certain anti-virus programs may state that the program is a security risk. This is because some of the tools used by RKill can be used for good or bad, though the programs themselves are perfectly harmless, and most anti-virus programs just lump them into the bad category. I assure you we are using them only for good purposes

A scan from virustotal.com as of 12/02/10 shows the following AV vendors flagging RKill as:

ClamAV	0.96.4.0	2010.12.02	PUA.Packed.PECompact-1
eSafe	7.0.17.0	2010.12.02	Suspicious File
F-Prot	4.6.2.117	2010.12.01	File is damaged
Sophos	4.60.0	2010.12.02	NirCmd
Please be assured that there are no Trojans or infections within RKill.


Certain embedded files that are part of legitimate programs or specialized fix tools like RKill, may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious. These detections do not mean the file is malware or a bad program. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive".


Norton blocked access by MSIEXEC.EXE and allowed consent.exe and Consent UI for administrative applications to operate.

The consent.exe file is associated with User Account Control (UAC) in Windows. MsiExec.exe is the executable for the windows installer.


My computer is losing connectivity every twenty to ten minutes or so, intermittently.

Have you checked with your Internet Service Provider (ISP)? I have the same issues with Verizon after they upgraded the network. I live in a rural area which has now been reclassified as "marginal" and connectivity issues is an ongoing problem.


It boots up well but loads Windows slowly, and shuts down slowly as well.

If your system is slow, you may have too many applications loading at startup when Windows boots. Almost all applications you install want to startup when Windows loads. If you allow all these startups, they will compete for and use system resources resulting in poor performance and a slow system. Many of these programs are not needed and disabling them can save resources and improve performance as they can be accessed from Start > Programs or an icon on the desktop if needed. Other reasons for slowness include disk fragmentation, disk errors, corrupt system files, unnecessary services running, too many browser Add-ons/toolbars, failure to clear browser cache, not enough RAM, dirty hardware components, etc. Incompatible browser extensions and add-ons can impact system performance and cause compatibility issues such as application hangs (freezing).

For more information about trimming down the number of startup applications, please refer to Slow Computer/Browser? Check here first; it may not be malware. Scroll down to the section titled "• Check for any unnecessary applications loading when Windows Boots."
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 MML

MML
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 12 February 2011 - 09:36 AM

Oh pew, that's good to hear RE Rkill; should've figured that much!

RE: MIE - makes sense, I was installing the new Adobe reader.

Hmm, I'm on Comcast, similarly rural, and have been having these issues since the last rash of storms. I was planning on calling them for another issue this afternoon, anyway, might as well try them while I have them on the horn. It only seems to be effecting this laptop, which is why I asked.

Will double-check my startup, but I haven't added anything new since January and the difference in load time has just shown up now.

Please let me know if the results for GMER are anything to worry about.

Thank you so much for helping me! It means a lot!

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 PM

Posted 12 February 2011 - 09:47 AM

I can only go by what the scan logs show (what was detected/removed) and your description of whatever signs or symptoms of infection you are experiencing. If you want a more detailed look at your system, then more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Note: You should not be going back to previous replies and editing your post as that causes confusion and your edited information may be overlooked. The edit feature is entended to make a quick fix or revision a short time after you click the Add Reply button.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 MML

MML
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 13 February 2011 - 08:00 AM

I'll take it over there, then, just to be safe :). Thank you so much for your time and help!

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 PM

Posted 13 February 2011 - 08:30 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:47 PM

Posted 13 February 2011 - 09:48 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic379245.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users