Jump to content

infected, win32.sality


Recommended Posts

malwarebytes blocked some ip's, i searched on google and sent me here https://forums.malwarebytes.org/index.php?showtopic=120105

detections by malwarebytes scan

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Files Detected: 1
C:\System Volume Information\_restore{BE1A3A80-FBAD-4130-92CC-50631D87A3FC}\RP8\A0004751.exe (Trojan.Malpack.Gen) -> Quarantined and deleted successfully.

2013/11/06 18:21:58 -0800    WTF-3AB129E6119    mike    MESSAGE    Starting protection
2013/11/06 18:21:58 -0800    WTF-3AB129E6119    mike    MESSAGE    Protection started successfully
2013/11/06 18:21:58 -0800    WTF-3AB129E6119    mike    MESSAGE    Starting IP protection
2013/11/06 18:22:18 -0800    WTF-3AB129E6119    mike    DETECTION    C:\Documents and Settings\mike\Desktop\njfk.exe    Malware.Packer.Gen    QUARANTINE
2013/11/06 18:27:16 -0800    WTF-3AB129E6119    mike    MESSAGE    IP Protection started successfully
2013/11/06 18:27:16 -0800    WTF-3AB129E6119    mike    MESSAGE    Starting database refresh
2013/11/06 18:27:16 -0800    WTF-3AB129E6119    mike    MESSAGE    Stopping IP protection
2013/11/06 18:27:17 -0800    WTF-3AB129E6119    mike    MESSAGE    IP Protection stopped successfully
2013/11/06 18:27:32 -0800    WTF-3AB129E6119    mike    MESSAGE    Database refreshed successfully
2013/11/06 18:27:32 -0800    WTF-3AB129E6119    mike    MESSAGE    Starting IP protection
2013/11/06 18:28:12 -0800    WTF-3AB129E6119    mike    MESSAGE    IP Protection started successfully
2013/11/06 18:33:29 -0800    WTF-3AB129E6119    mike    MESSAGE    Executing scheduled update:  Daily
2013/11/06 18:33:42 -0800    WTF-3AB129E6119    mike    MESSAGE    Database already up-to-date
2013/11/06 18:50:38 -0800    WTF-3AB129E6119    mike    IP-BLOCK    109.236.82.186 (Type: outgoing)
2013/11/06 18:50:39 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:39 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:39 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:39 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:40 -0800    WTF-3AB129E6119    mike    IP-BLOCK    109.236.82.186 (Type: outgoing)
2013/11/06 18:50:40 -0800    WTF-3AB129E6119    mike    IP-BLOCK    109.236.82.186 (Type: outgoing)
2013/11/06 18:50:41 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:42 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:42 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:42 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:46 -0800    WTF-3AB129E6119    mike    IP-BLOCK    109.236.82.186 (Type: outgoing)
2013/11/06 18:50:47 -0800    WTF-3AB129E6119    mike    IP-BLOCK    109.236.82.186 (Type: outgoing)
2013/11/06 18:50:48 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:48 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:48 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:48 -0800    WTF-3AB129E6119    mike    IP-BLOCK    213.152.181.87 (Type: outgoing)
2013/11/06 18:50:58 -0800    WTF-3AB129E6119    mike    IP-BLOCK    94.242.251.103 (Type: outgoing)
2013/11/06 18:50:59 -0800    WTF-3AB129E6119    mike    IP-BLOCK    94.242.251.103 (Type: outgoing)
2013/11/06 18:51:01 -0800    WTF-3AB129E6119    mike    IP-BLOCK    94.242.251.103 (Type: outgoing)
2013/11/06 18:51:02 -0800    WTF-3AB129E6119    mike    IP-BLOCK    94.242.251.103 (Type: outgoing)
2013/11/06 18:51:07 -0800    WTF-3AB129E6119    mike    IP-BLOCK    94.242.251.103 (Type: outgoing)
2013/11/06 18:51:08 -0800    WTF-3AB129E6119    mike    IP-BLOCK    94.242.251.103 (Type: outgoing)
2013/11/06 19:05:36 -0800    WTF-3AB129E6119    mike    MESSAGE    Starting protection
2013/11/06 19:05:36 -0800    WTF-3AB129E6119    mike    MESSAGE    Protection started successfully
2013/11/06 19:05:36 -0800    WTF-3AB129E6119    mike    MESSAGE    Starting IP protection
2013/11/06 19:05:53 -0800    WTF-3AB129E6119    mike    MESSAGE    IP Protection started successfully

i think i got infected by usb(had no av at time :/)
https://www.virustotal.com/en/file/ddc794b4c08ea92bde7b1c5004ad6444d941007c1668bcf4c3039151c7fb2603/analysis/1383757911/
by finding the tools on the other thread i did collect the information

 Results of screen317's Security Check version 0.99.76  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player     11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0)
 Mozilla Thunderbird (24.1.0)
 Google Chrome 30.0.1599.101  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

=============================================

# AdwCleaner v3.011 - Report created 06/11/2013 at 18:55:45
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : mike - WTF-3AB129E6119
# Running from : C:\Documents and Settings\mike\My Documents\Downloads\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\00c9a42fd9b5bde1
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v25.0 (en-US)
[ File : C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\1sr9pwu6.default\prefs.js ]
[ File : C:\Documents and Settings\Administrator.WTF-3AB129E6119\Application Data\Mozilla\Firefox\Profiles\gz6xciqj.default\prefs.js ]
-\\ Google Chrome v30.0.1599.101
[ File : C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1031 octets] - [06/1a1/2013 18:55:45]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1091 octets] ##########

==============================================

# AdwCleaner v3.011 - Report created 06/11/2013 at 19:04:06
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : mike - WTF-3AB129E6119
# Running from : C:\Documents and Settings\mike\My Documents\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] ****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\00c9a42fd9b5bde1
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v25.0 (en-US)
[ File : C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\1sr9pwu6.default\prefs.js ]
[ File : C:\Documents and Settings\Administrator.WTF-3AB129E6119\Application Data\Mozilla\Firefox\Profiles\gz6xciqj.default\prefs.js ]
-\\ Google Chrome v30.0.1599.101
[ File : C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1171 octets] - [06/11/2013 18:55:45]
AdwCleaner[s0].txt - [1094 octets] - [06/11/2013 19:04:06]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1154 octets] ##########

============================================

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:17:25 PM, on 11/6/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 25.0 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mike\My Documents\Downloads\OTL.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\mike\My Documents\Downloads\dds.com
C:\DOCUME~1\mike\LOCALS~1\Temp\nsw9.tmp\nsC.tmp
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\mike\My Documents\Downloads\HijackThis.exe
C:\DOCUME~1\mike\LOCALS~1\Temp\nsw9.tmp\PEV.DAT

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 3640 bytes

==================================================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by mike at 19:17:03 on 2013-11-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.362 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\mike\My Documents\Downloads\OTL.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\mike\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.1.80
TCP: Interfaces\{208F3818-1DD0-4087-8047-5417DB27F978} : DHCPNameServer = 192.168.1.80
Notify: igfxcui - igfxdev.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mike\application data\mozilla\firefox\profiles\1sr9pwu6.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2013-11-5 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2013-11-5 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2013-11-5 14184]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\malwarebytes anti-exploit\mbae.sys [2013-11-6 44632]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-6 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-6 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-6 22856]
.
=============== Created Last 30 ================
.
2013-11-07 02:55:25    --------    d-----w-    C:\AdwCleaner
2013-11-07 02:23:01    1498960    ----a-w-    c:\windows\system32\msvcr100d.dll
2013-11-07 02:23:00    743248    ----a-w-    c:\windows\system32\msvcp100d.dll
2013-11-07 02:23:00    --------    d-----w-    c:\program files\Malwarebytes Anti-Exploit
2013-11-07 02:21:31    --------    d-----w-    c:\documents and settings\mike\application data\Malwarebytes
2013-11-07 02:21:14    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-11-07 02:21:13    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-07 02:21:13    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-07 02:10:16    --------    d-sh--w-    c:\documents and settings\mike\PrivacIE
2013-11-07 02:09:40    2369812    ----a-w-    c:\windows\system32\previewer.exe
2013-11-07 02:09:22    --------    d-----w-    c:\documents and settings\mike\local settings\application data\Google
2013-11-07 02:09:20    --------    d-----w-    c:\program files\USB Disk Security
2013-11-07 02:08:12    217176    ----a-w-    c:\windows\system32\unrar.dll
2013-11-07 02:08:07    --------    d-----w-    c:\program files\K-Lite Codec Pack
2013-11-07 01:20:34    --------    d-----w-    c:\documents and settings\mike\application data\OpenOffice
2013-11-07 01:19:33    --------    d-----w-    c:\program files\OpenOffice 4
2013-11-07 01:18:45    --------    d-----w-    c:\program files\openoffice
2013-11-07 01:13:16    --------    d-----w-    c:\documents and settings\mike\application data\tor
2013-11-07 01:11:50    --------    d-----w-    c:\documents and settings\mike\Data
2013-11-07 01:10:10    --------    d-----w-    c:\program files\tor browser
2013-11-07 01:07:46    --------    d-----w-    c:\documents and settings\mike\.thumbnails
2013-11-07 01:07:28    --------    d-----w-    c:\documents and settings\mike\local settings\application data\gtk-2.0
2013-11-07 01:02:31    --------    d-----w-    c:\documents and settings\mike\local settings\application data\fontconfig
2013-11-07 01:02:26    --------    d-----w-    c:\documents and settings\mike\local settings\application data\gegl-0.2
2013-11-07 01:02:26    --------    d-----w-    c:\documents and settings\mike\.gimp-2.8
2013-11-07 00:51:20    --------    d-----w-    c:\documents and settings\mike\local settings\application data\Thunderbird
2013-11-07 00:48:07    --------    d-----w-    c:\program files\GIMP 2
2013-11-07 00:44:36    --------    d-----w-    C:\xampp
2013-11-07 00:44:09    --------    d-----w-    c:\documents and settings\mike\application data\.purple
2013-11-07 00:28:46    --------    d-----w-    c:\documents and settings\mike\local settings\application data\Mozilla
2013-11-07 00:26:57    --------    d-----w-    c:\documents and settings\mike\application data\Participatory Culture Foundation
2013-11-06 22:38:44    --------    d-----w-    c:\program files\CPUID
2013-11-06 22:14:03    --------    d-----w-    c:\program files\Participatory Culture Foundation
2013-11-06 22:11:54    42672    ------w-    c:\windows\system32\wbsys.dll
2013-11-06 22:04:16    --------    d-----w-    c:\program files\Pidgin
2013-11-06 21:48:55    --------    d-----w-    c:\program files\common files\Stardock
2013-11-06 21:48:54    163712    ----a-w-    c:\windows\system32\drivers\vidstub.sys
2013-11-06 21:48:54    --------    d-----w-    c:\program files\Stardock
2013-11-06 19:51:59    229928    -c--a-w-    c:\windows\system32\dllcache\b57xp32.sys
2013-11-06 19:51:59    224808    ----a-w-    c:\windows\system32\drivers\b57xp32.sys
2013-11-06 12:19:59    4992    -c--a-w-    c:\windows\system32\dllcache\mspqm.sys
2013-11-06 12:19:59    4992    ----a-w-    c:\windows\system32\drivers\MSPQM.sys
2013-11-06 12:19:58    5376    -c--a-w-    c:\windows\system32\dllcache\mspclock.sys
2013-11-06 12:19:58    5376    ----a-w-    c:\windows\system32\drivers\MSPCLOCK.sys
2013-11-06 11:53:47    --------    d--h--w-    c:\windows\Icons
2013-11-06 11:40:54    --------    d-----w-    c:\documents and settings\all users\application data\TuneUp Software
2013-11-06 11:40:36    --------    d-sh--w-    c:\documents and settings\all users\application data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-06 11:40:36    --------    d--h--w-    c:\documents and settings\all users\application data\Common Files
2013-11-06 11:26:30    218624    ----a-w-    c:\windows\system32\uxtheme.dll.backup
2013-11-06 11:14:00    272496    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-11-06 10:58:03    4096    -c--a-w-    c:\windows\system32\dllcache\ksuser.dll
2013-11-06 10:58:03    4096    ----a-w-    c:\windows\system32\ksuser.dll
2013-11-06 10:58:03    146048    -c--a-w-    c:\windows\system32\dllcache\portcls.sys
2013-11-06 10:58:03    146048    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-11-06 10:58:03    129536    ----a-w-    c:\windows\system32\ksproxy.ax
2013-11-06 10:58:02    60160    -c--a-w-    c:\windows\system32\dllcache\drmk.sys
2013-11-06 10:58:02    60160    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-11-06 10:57:56    4122368    ----a-w-    c:\windows\system32\drivers\ALCXWDM.SYS
2013-11-06 10:57:56    147456    ----a-w-    c:\windows\system32\RTLCPAPI.dll
2013-11-06 10:57:51    577536    ----a-w-    c:\windows\SOUNDMAN.EXE
2013-11-06 10:57:50    10528768    ----a-w-    c:\windows\system32\RTLCPL.EXE
2013-11-06 10:57:34    217088    ----a-w-    c:\windows\Alcrmv.exe
2013-11-06 10:57:29    18804736    ----a-w-    c:\windows\system32\ALSNDMGR.CPL
2013-11-06 10:56:42    50053120    ----a-w-    c:\program files\GUT172.tmp
2013-11-06 10:56:42    --------    d-----w-    c:\program files\GUM171.tmp
2013-11-06 10:53:24    172032    ----a-w-    c:\windows\system32\igfxres.dll
2013-11-06 10:53:07    --------    d-----w-    c:\windows\system32\ReinstallBackups
2013-11-06 10:53:04    389120    ----a-w-    c:\windows\system32\igxpun.exe
2013-11-06 10:53:04    --------    d-----w-    c:\windows\system32\x64
.
==================== Find3M  ====================
.
2013-11-06 22:37:36    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-06 22:37:36    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-06 11:26:30    218624    ----a-w-    c:\windows\system32\uxtheme.dll
2013-11-05 17:06:14    1614848    ----a-w-    c:\windows\system32\sfcfiles.dll
.
============= FINISH: 19:17:44.06 ===============

((((attach.txt))))

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2013 9:13:03 PM
System Uptime: 11/6/2013 7:04:52 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 0968h
Processor:               Intel® Pentium® 4 CPU 3.20GHz | XU1 PROCESSOR | 3192/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 67.994 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1117367&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1117367&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1117367&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1117367&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 11/5/2013 9:16:46 PM - System Checkpoint
RP2: 11/6/2013 11:51:53 AM - DriverPack Solution 11.8
RP3: 11/6/2013 3:41:52 AM - Installed TuneUp Utilities 2014
RP4: 11/6/2013 4:30:57 AM - Removed TuneUp Utilities 2014
RP5: 11/6/2013 4:31:13 AM - Removed TuneUp Utilities 2014 (en-US)
RP6: 11/6/2013 5:18:56 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP7: 11/6/2013 5:19:30 PM - Installed OpenOffice 4.0.1
RP8: 11/6/2013 6:09:12 PM - Installed Adobe Reader XI.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
BootSkin
CPUID CPU-Z 1.67
GIMP 2.8.8
Google Chrome
Google Update Helper
Intel® Graphics Media Accelerator Driver
K-Lite Codec Pack 10.1.0 Full
Malwarebytes Anti-Exploit version 0.09.4.2000
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Miro
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Thunderbird 24.1.0 (x86 en-US)
Notepad++
OpenOffice 4.0.1
Pidgin
Security Update for CAPICOM (KB931906)
USB Disk Security
WebFldrs XP
WinRAR 5.00 (32-bit)
XAMPP
.
==== Event Viewer Messages From Past Week ========
.
11/6/2013 7:05:25 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
11/6/2013 4:23:00 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt
11/6/2013 4:22:45 AM, error: SCardSvr [610]  - Smart Card Reader 'Hewlett-Packard Company CCID Interface 0' rejected IOCTL POWER: The smart card is not responding to a reset.
11/6/2013 4:11:26 AM, error: Service Control Manager [7000]  - The TuneUp Theme Extension service failed to start due to the following error:  The executable program that this service is configured to run in does not implement the service.
11/6/2013 3:59:04 AM, error: System Error [1003]  - Error code 1000007e, parameter1 c0000005, parameter2 aa96b46d, parameter3 f7a2fa7c, parameter4 f7a2f778.
11/6/2013 3:56:49 AM, error: USBCCID [0]  -
11/6/2013 3:11:16 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips i8042prt intelppm
11/6/2013 3:05:51 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/5/2013 9:13:19 PM, error: Setup [60055]  - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
11/5/2013 1:05:49 PM, error: SCardSvr [610]  - Smart Card Reader 'Hewlett-Packard Company CCID Interface 0' rejected IOCTL EJECT: The request is not supported.
.
==== End Of File ===========================

======================================================

OTL Extras logfile created on: 11/6/2013 7:10:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\mike\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.43 Mb Total Physical Memory | 485.34 Mb Available Physical Memory | 47.80% Memory free
2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 68.01 Gb Free Space | 91.26% Space Free | Partition Type: NTFS
 
Computer Name: WTF-3AB129E6119 | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiSpyWareDisableNotify" = 1
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe" = C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Disabled:Miro_Downloader -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BootSkin" = BootSkin
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67
"GIMP-2_is1" = GIMP 2.8.8
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.1.0 Full
"Malwarebytes Anti-Exploit_is1" = Malwarebytes Anti-Exploit version 0.09.4.2000
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Miro" = Miro
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"Mozilla Thunderbird 24.1.0 (x86 en-US)" = Mozilla Thunderbird 24.1.0 (x86 en-US)
"Notepad++" = Notepad++
"Pidgin" = Pidgin
"USB Disk Security_is1" = USB Disk Security
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"xampp" = XAMPP
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/6/2013 1:08:11 AM | Computer Name = WTF-3AB129E6119 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved  
 
Error - 11/6/2013 1:08:11 AM | Computer Name = WTF-3AB129E6119 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 11/6/2013 1:08:12 AM | Computer Name = WTF-3AB129E6119 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 11/6/2013 1:08:12 AM | Computer Name = WTF-3AB129E6119 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 11/6/2013 1:16:37 AM | Computer Name = WTF-3AB129E6119 | Source = MsiInstaller | ID = 11931
Description = Product: WebFldrs XP -- Error 1931. The Windows Installer service
cannot update the system file C:\Program Files\Common Files\Microsoft Shared\Web
 Server Extensions\40\bin\FP4AUTL.DLL because the file is protected by Windows.
 You may need to update your operating system for this program to work correctly.
 Package version: 4.0.2.7523, OS Protected version:
 
Error - 11/6/2013 1:38:12 AM | Computer Name = WTF-3AB129E6119 | Source = Application Hang | ID = 1002
Description = Hanging application DSPdsblr.exe, version 3.3.4.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 11/6/2013 8:26:42 PM | Computer Name = WTF-3AB129E6119 | Source = USBCCID | ID = 0
Description =
 
Error - 11/6/2013 8:26:42 PM | Computer Name = WTF-3AB129E6119 | Source = USBCCID | ID = 0
Description =
 
Error - 11/6/2013 11:05:12 PM | Computer Name = WTF-3AB129E6119 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'Hewlett-Packard Company CCID Interface 0' rejected
 IOCTL POWER: The smart card is not responding to a reset.
 
Error - 11/6/2013 11:05:12 PM | Computer Name = WTF-3AB129E6119 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'Hewlett-Packard Company CCID Interface 0' rejected
 IOCTL POWER: The smart card is not responding to a reset.
 
Error - 11/6/2013 11:05:12 PM | Computer Name = WTF-3AB129E6119 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'Hewlett-Packard Company CCID Interface 0' rejected
 IOCTL POWER: The smart card is not responding to a reset.
 
Error - 11/6/2013 11:05:25 PM | Computer Name = WTF-3AB129E6119 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
 while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring
 the volume.
 
Error - 11/6/2013 11:05:25 PM | Computer Name = WTF-3AB129E6119 | Source = USBCCID | ID = 0
Description =
 
Error - 11/6/2013 11:05:25 PM | Computer Name = WTF-3AB129E6119 | Source = USBCCID | ID = 0
Description =
 
Error - 11/6/2013 11:05:25 PM | Computer Name = WTF-3AB129E6119 | Source = USBCCID | ID = 0
Description =
 
Error - 11/6/2013 11:05:30 PM | Computer Name = WTF-3AB129E6119 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   i8042prt
 
 
< End of report >

========================================================

 

otl made an 800kb resuld file, im attaching it, im afraid it is a boot sector virus, please help me and thanks

OTL.Txt

Link to post
Share on other sites

Hello and Welcome to Malwarebytes

Sorry your infected, unfortunately we can not review logs in this section of the forum, please see below for how and where to post these logs to receive free help.

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Hello and Welcome to Malwarebytes

Sorry your infected, unfortunately we can not review logs in this section of the forum, please see below for how and where to post these logs to receive free help.

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

will staff move the thread or should i make a new one?

Link to post
Share on other sites

  • Root Admin

No we won't move the thread.  Just create a new topic, however if you do have Sality the best course of action is to format the drive and reinstall Windows and hopefully you have good backups from before this infection that are not connected to the drive. 

 

Its possible to clean up from this file infector infection but you will always run into files or data that do not work correctly as they're damaged and cannot be repaired.

Link to post
Share on other sites

No we won't move the thread.  Just create a new topic, however if you do have Sality the best course of action is to format the drive and reinstall Windows and hopefully you have good backups from before this infection that are not connected to the drive. 

 

Its possible to clean up from this file infector infection but you will always run into files or data that do not work correctly as they're damaged and cannot be repaired.

thats what i wanted to head, tnx

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.