Jump to content

Perth2008

Honorary Members
  • Posts

    75
  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • AIM
    Perth2008
  • Website URL
    http://au.gamespot.com/users/Perth2008/
  • ICQ
    0

Profile Information

  • Location
    Perth, Western Australia
  1. Hi Chris Thanks for your response. I checked the 2 PCs that are part of this home network: one direct LAN and the other via USB wireless. Neither of these (nor the laptop itself) showed any issues with MBAM, Spybot S&D, Norton 360 or WinPatrol. The only symptom is that described in my original post. As noted it did not appear that data was being sent/received on the internet per se, although I did suspect that perhaps the laptop was being used as a "mule" with external data passing through my laptop/router. For all other intents and purposes the laptop was working fine and accessed the internet without redirects or noticeable issues. Having spent most of the weekend on this I can confirm that the issue seems to be solely between the laptop with inbuilt Intel PRO/Set Wireless WiFi and its connection to the Netgear DGN3500 router. I spent the weekend trying different things in terms of configuring (a) the router and (b) the laptop settings. It appears that either (a) increased wireless usage in our neighbourhood perhaps causing interference, and/or (b) a recent firmware upgrade to the router may be the cause RATHER THAN any malware or virus. By trial and error changing the wireless channel and communications protocol mode from "up to 270Mbps" to "up to 130Mbps" the problem now appears to have been solved. So unless you can see anything "odd" in the HijackThis log that needs to be addressed I suggest this thread be closed as solved. Apologies for distracting the MBAM team from more serious real malware issues others may be having. Regards Perth2008
  2. Hi MBAM Team Unusual activity on our laptop (only) noticed today but perhaps prevalent for a few days. What we are seeing in Windows Task Manager (WTM) is that data is being sent and received (in "equal" amounts) between our laptop (with inbuilt wireless modem) and wireless router. The same behaviour is not noticed with our wirelessly connected PC. I have run MBAM, Spybot and Norton 360 scans but no malware shows up. On the wireless router, a Netgear DGN3500, only the wireless "beacon" LED is flashing while this is happening rather than the internet activity LED. My ISP internet usage stats also do not indicate any unusual internet usage to reflect what I am seeing on the WTM graphs and stats ... I'm just concerned about the (apparent) data flow through the laptop. Attached is what we are seeing on WTM. Yes, we are on a secure password encrypted home wireless network and this type of activity has not been noticed before. Please find attached the HijackThis log for the relevant laptop initiated while the unusual behaviour was being noticed: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:09:51 PM, on 8/07/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Downloaded Software\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mywestnet.com.au/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [sSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" -r O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - HKCU\..\Run: [uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spywareBlaster] C:\Program Files\SpywareBlaster\spywareblaster.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/ O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222514835000 O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c9dc59d9d70ade) (gupdate1c9dc59d9d70ade) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- End of file - 11990 bytes I look forward to your feedback on the logs. Cheers Perth2008
  3. Hi Gammo Thanks for your help. Looks like all is (now) OK. My PC protection and software updating systems comply reasonably well with those outlined in the paragraphs above. I have installed and run the following: Norton 360 v4 - real time SpywareBlaster - loads at start up Spybot S&D (without Tea Timer) - weekly update and scan WinPatrol - "real time" MBAM - daily scan Windows Malicious Software Removal Tool - monthly update CCleaner - daily usage Defraggler - used as required, especially pre/post install/uninstall Process Explorer - checked if/when unusual activity observed FileHippo Update Checker - very useful one stop shop for updates Symantec Security Scanner - online link I also run online scans similar to ESET (which I was not familiar with previously) using links from TeMerc's very useful anti-malware website: http://temerc.com/onlnscnnrs.htm I use these monthly as a double check in case something got past Norton 360 & MBAM or to check individual suspicious files. Anyway as noted being careful is the most important thing, especially with IE ... I have never used p2p and don't plan to! Thanks again for your kind assistance. I will PM you if the Windows Explorer problem I initially identified returns. Regards Perth2008
  4. Hi Gammo Thanks again for your help. TFC resulted in the deletion of ~44MB(!) of temporary files despite having run CCleaner shortly before reading your last posting, obviously TFC looks a lot "deeper". Following are the logs you requested. As you can see MBAM Quick Scan showed no infections. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5356 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19/12/2010 10:03:35 PM mbam-log-2010-12-19 (22-03-35).txt Scan type: Quick scan Objects scanned: 154759 Time elapsed: 3 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) No threats were identified after running the ESET Online scan (including the archive scan as requested), during which I had Norton 360 anti-virus disabled. No threat found. Scanned files: 306,925 Infected files: 0 Cleaned files: 0 Total scan time: 03:26:53 Scan status: Finished So it appears my system is (and perhaps was) clean after all. As noted since the latest Windows updates I have not had a repeat of the Windows Explorer random shut down and/or DEP warning. So perhaps all is well afterall. Note that I have also not used/played Grand Theft Auto IV since my initial post which may be relevant if SecuRom was (directly/indirectly) causing the problem (if you google "windows explorer securom" there are several hits ... alas I need SecuRom to play/enjoy my games). Thanks again for your kind assistance. Perth2008
  5. Hello Gammo I followed your very clear instructions. The Microsoft Windows Recovery Console was skipped ... either it is installed or perhaps because I have run Combo-Fix previously for another problem with Malwarebytes guidance. After some time running Combo-Fix I got a pop-up message on top of my otherwise blank desktop screen about a possible root kit and that ComboFix needed to restart ... I waited ~15 minutes during which the PC was "idle", that is screen remained the same and no activity indicator lights on the PC were flashing. I then did a "hard reset" to restart the PC and ComboFix continued its work. The report/log is attached for your review. My very non-expert comments on specific items as follows: #1. S3 cpuz130;cpuz130;\??\c:\docume~1\Frank\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Frank\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] #2. S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Frank\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Frank\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?] #3. S3 gkmixern;gkmixern;\??\c:\docume~1\Frank\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\Frank\LOCALS~1\Temp\gkmixern.sys [?] #4. S4 ILTNTHUW;ILTNTHUW;c:\docume~1\Frank\LOCALS~1\Temp\ILTNTHUW.exe --> c:\docume~1\Frank\LOCALS~1\Temp\ILTNTHUW.exe [?] None of #1-4 were showing in the indicated Temp folder before or after the ComboFix Scan even with Hidden and System files viewing enabled (I check this folder regularly and flush it with CCleaner as required); #1 I have not seen before; #2 may be associated with online virus check scans by f-secure (but I'm guessing based on file name), and #3-4 I believe, based on a previous visit (~2 years ago) to Malwarebytes, is related to SecuRom or another DRM protection program/service. About ... c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll I previously did have an ATI GPU but have Nvidia now ... I think these are undeletable/remnant ATI dlls which hopefully are not interfering with my current GPU's operation. I have used SAFE uninstall with Driver Sweeper to get rid of these but perhaps they are useful if/when I ever install an ATI card again ... in any case they can't be deleted OR perhaps shouldn't be? Anyway I will leave the proper analysis of the logs in your capable hands. Note a directory called C:\Qoobox has been created by Combo-Fix that also has some log files ... if any are required please advise and I can upload. BTW, The latest Microsoft/Windows updates were installed yesterday and so far there has not been another Windows Explorer crash. Thanks for your help. Perth2008 ComboFix.txt
  6. Greetings All, I've been having a number of random crashes of my Windows Explorer over the last week with the Data Execution Preventon (DEP) error warning ... following which desktop icons reset their image and certain programs icons disappear from task bar (near clock), eg. Nvidia Control Panel & VIA sound icons. I don't believe there is a specific "trigger" for the crash as sometimes its simply a case of trying to exit the program or while clicking on a folder. I have checked the version (6.0.2900.5512) and running location of explorer.exe (c:/windows) file and it all seems OK with Only new (non-update type) installation in that period has been the Grand Theft Auto IV PC game which also installed SecuRom and two Windows Live ID programs, which while not start up programs or delayed start programs according to WinPatrol are always active (albeit at negligible CPU usage). Other PC games I own also have SecuRom and I have had no problems before. No unusual programs seem to be running based on my non-expert review of Task Manager and Process Explorer. Nothing is showing up in MalwareBytes, Norton 360, Windows Malicious Software Removal Tool (Nov 2010) or Spybot SD scans. Can you please review my scan logs and advise any action I need to take in case I do have some kind of well hidden trojan on board. Scans logs follow: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.orgDatabase version: 5304 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 14/12/2010 10:19:24 AM mbam-log-2010-12-14 (10-19-24).txt Scan type: Quick scan Objects scanned: 154211 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:12:23 AM, on 14/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Frank\My Documents\Computer & ISP\PC Utils\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -expressboot O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKCU\..\Run: [spywareBlaster] C:\Program Files\SpywareBlaster\spywareblaster.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.arrowcomputers.com.au O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229485591656 O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://d1ylr6sba64qi3.cloudfront.net/globa...el_4.1.66.0.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://service.futuremark.com/openapi/receivers/FMSI.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s...yri_4.3.1.0.cab O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Performance Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 10629 bytes Regards Perth2008
  7. Hi exile360 Only seems like yesterday ... Thanks the upgrade to Norton 360 v4 has fixed the MBAM v1.45 updating problem for me! Funny how Norton doesn't actively "promote" the ability to upgrade its products to a newer version. I always suspected it was a case of paying to upgrade to the next "build version" (I'd already bought a new boxed N360 v3 and was waiting for the N360 v2.5 to (almost) expire before installing it) ... all I had to do after installation was enter my existing "key" and my remaining days of use was correctly updated. Of course it'll now be a case of getting used to the new interface, setting up firewall and email spam filters again, but the all important identity safe transferred OK. Thanks again!
  8. G'day All Just an update ... all the MBAM related programs (exe, sys, dll and even ref) listed in Post #33 as needing to be excluded by AV and Firewall are so set on my system. However, I still get the same message as this topic subject line. For the record, I use Norton 360 (Ver 2.5.0.5) as my AV and firewall system. Is it possible to download and apply updates to MBAM 1.45 manually, and if so where from? In other words is there a workaround until the simple push the "Check for Updates" button method is fixed? GOOD LUCK to all working on fixing this "bug" & HAPPY EASTER! Cheers
  9. G'day All Not sure if I should have opened a new topic but I'm getting the same error message as in this topic header after updating my MBAM to 1.45 and then trying to download the latest definitions. Just to be clear my problem is not updating to the latest version of MBAM, but in updating the malware definitions. Judging by the number of views of this topic I'm not in a minority. By way of updating my status and (lack of) progress to date: 1) I tried downloading the latest definitions after disabling my Norton 360 V2.5 AV and firewall ... no success (although I already have MBAM as a firewall exclusion). I've not previously noted any conflicts between Norton 360 and MBAM. 2) I followed the MBAM uninstall and mbam-clean procedure in Advanced Setup's post. 3) I reinstalled MBAM 1.45 (with Norton AV and firewall disabled) without a problem, but still get the same error message when I try to update. As always, I'm happy to assist in resolving this problem by running diagnostics, etc. Cheers
  10. Sorry for jumping in again ... but I've been following this thread for a while and as my freeze issue seems to have been fixed via the "Epson route" I'm keeping tabs. My freeze thread: http://forums.malwarebytes.org/index.php?s...40764&st=40 Here's my experience, I haven't restarted since I last did a print test and spoolsv.exe is still showing up on Task Manager as an image [and also on Process Explorer which also indicates: Spooler SubSystem App; (Verified) Microsoft Windows Component Publisher; Version: 5.1.2600.5512; Command Line: C:\WINDOWS\system32\spoolsv.exe;Parent: services.exe(988)] BUT MBAM quick scan ran to completion, despite spoolsv.exe apparently active in background while the scan was running, although the printer was turned off. Scan, which ran smoothly with a short few pauses, resulted in: Malwarebytes' Anti-Malware 1.44 Database version: 3813 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/03/2010 10:38:21 PM mbam-log-2010-03-02 (22-38-21).txt Scan type: Quick Scan Objects scanned: 129936 Time elapsed: 3 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 As usual, not sure if this helps ... but I figure it can't hurt. Thinking back I'm pretty sure spoolsv.exe has shown up on my Task Manager regularly under Processes and as such it may not have interfered with MBAM previously. One thing is clear we all have Epson printers, mines a EPSON Stylus Photo RX510 ... if that helps. Good luck ... it seems the issue focus is narrowing! Cheers
  11. Hi exile360 Thanks for your follow up. Well after I read your post I thought ... good idea test the printer! I looked on START-Control Panel-Printers and Faxes (in classic view) and I noticed two listings for the EPSON Stylus Photo RX510. One was linked to LPT1 (which was default) and the other was the "(Copy)" version linked to the USB. I tried print and while the PC screen showed printing was proceeding OK ... the printer was silent. As I use USB I deleted the "(Copy)" version and used properties to change printer port to USB for the remaining EPSON Stylus Photo RX510. It printed fine on test B&W (from Notepad and a .pdf) but colours were off for a photo (probably due to low ink than anything else). Strange there should (still) be two EPSON options showing having, I thought deleted the surplus one yesterday. I'll see if it comes back after a restart. MBAM ran fine again after all this without any reboot and all the usual Norton 360, Win Patrol, etc running. Malwarebytes' Anti-Malware 1.44 Database version: 3811 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/03/2010 8:20:32 PM mbam-log-2010-03-02 (20-20-32).txt Scan type: Quick Scan Objects scanned: 129530 Time elapsed: 5 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Otherwise all seems fine exile360.
  12. Hi guys Well if I hadn't been following this thread I may not have tried the Autoruns.exe and exile360 would not have pin-pointed the cause of my "freeze" problem, being to do with a (duplicate) Epson "logon" file. Go figure! Well, best of luck with the resolution of your problem! Be patient I guess you don't get to be a forum deity without good cause. I sure feel safer when MBAM is working for me!
  13. Right back at ya! It's a relief it's not a conflict between MBAM and my PC's other "protection programs" which, based on reading of advice here and at TeMerc's website, should not be conflicting each other. Whew ... what a week! Anyway, one bizarre set of co-incidences with multiple people having a "freeze" issue! The other similar threads led me to believe, wrongly post facto, it wasn't anything I'd done. Well the diagnostics certainly worked in identifying, whether by design or default, the cause ... strange though it is that one incorrect/duplicate setting could seize up the whole program? Hopefully the others get their freeze issues sorted as well. THANKS AGAIN to you, exile360, and the rest of the MBAM team!
  14. Hi exile360 Well I did as suggested and again MBAM Quick Scan (with the Always scan registry objects box ticked) completed its Quick Scan! Malwarebytes' Anti-Malware 1.44 Database version: 3808 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/03/2010 6:05:13 PM mbam-log-2010-03-01 (18-05-13).txt Scan type: Quick Scan Objects scanned: 128904 Time elapsed: 5 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Strange ... so it would appear I inflicted this problem upon myself ... so maybe its not a widespread freeze like a year ago, despite the similar threads? Sorry
  15. OK will do as you ask. While awaiting your response I activated/started Uniblue ProcessQuickLink 2 from its desktop icon and MBAM again completed its quick scan without issue! So it could be the Epson. Strange ... with others reporting freeze issues about the same time??? Strange coincidence. Malwarebytes' Anti-Malware 1.44 Database version: 3808 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/03/2010 5:46:05 PM mbam-log-2010-03-01 (17-46-05).txt Scan type: Quick Scan Objects scanned: 129011 Time elapsed: 1 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.