urtreasured

December 2, 2013

ran malwarebytes one more time, here is the log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18928
Owner :: GMB [administrator]

Protection: Enabled

12/2/2013 9:47:59 AM
mbam-log-2013-12-02 (09-47-59).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

December 2, 2013

The program which my computer wants me to run is: MS Windows maliicious software removal tool. This is the program in which I thought was bad. Is it?

December 2, 2013

OK, I deleted all selected and here is the new log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18928
Owner :: GMB [administrator]

Protection: Disabled

12/2/2013 9:03:32 AM
mbam-log-2013-12-02 (09-03-32).txt

Memory Processes Detected: 1
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> 5800 -> Delete on reboot.

Memory Modules Detected: 1
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> Delete on reboot.

Registry Keys Detected: 14
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\wecarereminder@bryan (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

Files Detected: 20
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> Delete on reboot.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\IEToolMenuDisable.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome.manifest (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\install.rdf (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\wecarereminder.jar (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\default_serp.gif (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\wecare_logo.bmp (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\httpModifyListener.js (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.idl (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.js (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.xpt (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences\wecarereminder.js (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

(end)

December 2, 2013

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18928
Owner :: GMB [administrator]

Protection: Disabled

12/2/2013 9:03:32 AM
MBAM-log-2013-12-02 (09-12-27).txt

Memory Processes Detected: 1
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> 5800 -> No action taken.

Memory Modules Detected: 1
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> No action taken.

Registry Keys Detected: 14
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> No action taken.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) -> No action taken.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> No action taken.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) -> No action taken.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> No action taken.
HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> No action taken.
HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> No action taken.
HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) -> No action taken.
HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> No action taken.
HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences (PUP.Optional.WeCare.A) -> No action taken.

Files Detected: 20
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\IEToolMenuDisable.exe (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome.manifest (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\install.rdf (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\wecarereminder.jar (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\default_serp.gif (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\wecare_logo.bmp (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\httpModifyListener.js (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.idl (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.js (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.xpt (PUP.Optional.WeCare.A) -> No action taken.
C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences\wecarereminder.js (PUP.Optional.WeCare.A) -> No action taken.

(end)

December 2, 2013

although the log says MS security E. was active, I did deactivate them b4 running combofix.

December 2, 2013

combofix log 2

------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
MSConfigStartUp-DivX Free Codec - c:\program files\DivX Free Codec\Divx Free Update.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-02 08:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-12-02 08:58:33
ComboFix-quarantined-files.txt 2013-12-02 15:58
.
Pre-Run: 58,518,855,680 bytes free
Post-Run: 58,595,053,568 bytes free
.
- - End Of File - - 953C9B56757160F293AC765214287DD7
D0A37B66A9B60F135B25640CB1AA1477

December 2, 2013

combofix log 1

omboFix 13-11-23.02 - Owner 12/02/2013   8:36.1.2 - x86
MicrosoftÂ® Windows Vistaâ„¢ Home Premium   6.0.6002.2.1252.1.1033.18.1917.922 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\programdata\windows
C:\UNWISE.EXE
c:\windows\system32\FlashPlayerApp.exe
c:\windows\system32\html
c:\windows\system32\images
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-02 to 2013-12-02 )))))))))))))))))))))))))))))))
.
.
2013-12-02 15:51 . 2013-12-02 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-02 15:20 . 2013-12-02 15:27 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
2013-12-02 14:43 . 2013-12-02 14:43 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{724184E6-13DE-4B90-8A87-6EF6F8C4619A}\MpKslea0a2860.sys
2013-12-02 09:03 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{724184E6-13DE-4B90-8A87-6EF6F8C4619A}\mpengine.dll
2013-12-02 04:36 . 2013-12-02 04:36 -------- d-----w- c:\program files\Surf Canyon
2013-12-02 04:36 . 2013-12-02 04:36 -------- d-----w- c:\users\Owner\AppData\Local\Surf_Canyon
2013-12-02 04:01 . 2013-12-02 04:01 -------- d-----w- c:\programdata\Winferno
2013-12-02 03:56 . 2013-12-02 14:12 -------- d-----w- c:\programdata\Fighters
2013-12-02 03:55 . 2013-12-02 03:55 -------- d-----w- c:\users\Owner\AppData\Roaming\FileAssociationManager
2013-12-02 03:55 . 2013-12-02 03:56 -------- d-----w- c:\program files\FileAssociationManager
2013-12-02 03:54 . 2013-12-02 14:14 -------- d-----w- c:\programdata\Yahoo!
2013-12-02 03:54 . 2013-12-02 03:54 -------- d-----w- c:\windows\system32\css
2013-12-02 03:54 . 2013-12-02 03:54 -------- d-----w- c:\windows\system32\modules
2013-12-02 03:54 . 2013-12-02 03:54 -------- d-----w- c:\windows\system32\js
2013-12-02 03:54 . 2013-12-02 03:54 -------- d-----w- c:\programdata\WeCareReminder
2013-12-01 17:00 . 2013-12-01 17:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-01 16:16 . 2013-12-01 16:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-12-01 16:16 . 2013-12-01 16:16 -------- d-----w- c:\programdata\Malwarebytes
2013-12-01 16:16 . 2013-12-01 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-01 16:16 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-01 15:52 . 2013-12-01 15:52 -------- d-----w- c:\windows\ERUNT
2013-12-01 15:29 . 2013-12-01 15:33 -------- d-----w- C:\AdwCleaner
2013-12-01 08:36 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-12 23:36 . 2013-10-18 07:48 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC099350-56EE-477A-A272-B7FE2D190FBE}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2009-10-03 08:03 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-18 07:48 . 2011-10-11 08:40 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-27 16:53 . 2013-09-27 16:53 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 16:53 . 2011-04-27 21:25 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"MRT"="c:\windows\system32\MRT.exe" [2013-11-13 80340640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 03:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2714304592-1191437367-953324204-1000]
"EnableNotificationsRef"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2714304592-1191437367-953324204-500]
"EnableNotificationsRef"=dword:00000002
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLEA0A2860
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2714304592-1191437367-953324204-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 12:09]
.
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2714304592-1191437367-953324204-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 12:09]

December 2, 2013

starting combofix

December 2, 2013

yes I removed them, this morning. When I ran RK this morning I did not see the same results as yesterday. I do not have trained eye to even begin to think I know something, but it struck me as odd.

December 2, 2013

Just sent you the RK report. ? will wait to hear from you. the following programs were installed when I ran that7zip program yesterday:

driver genius
genieo
speedupmypc
slow-pcfixer
winferno- registry power cleaner

Yahoo explorer bar, set it to default

December 2, 2013

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 12/02/2013 07:53:58
| ARK || FAK || MBR |

Â¤Â¤Â¤ Bad processes : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Registry Entries : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Scheduled tasks : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Startup Entries : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Web browsers : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Particular Files / Folders: Â¤Â¤Â¤

Â¤Â¤Â¤ Driver : [LOADED] Â¤Â¤Â¤
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x82C936AD -> HOOKED (Unknown @ 0x859A3378)
[Address] SSDT[64] : NtCreateKey @ 0x82C3A170 -> HOOKED (Unknown @ 0x85992D88)
[Address] SSDT[72] : NtCreateProcess @ 0x82CDCF95 -> HOOKED (Unknown @ 0x85992928)
[Address] SSDT[73] : NtCreateProcessEx @ 0x82CDCFE0 -> HOOKED (Unknown @ 0x859A3828)
[Address] SSDT[78] : NtCreateThread @ 0x82CDCDC8 -> HOOKED (Unknown @ 0x859A3648)
[Address] SSDT[123] : NtDeleteKey @ 0x82BFD749 -> HOOKED (Unknown @ 0x85992B80)
[Address] SSDT[126] : NtDeleteValueKey @ 0x82BF8CEA -> HOOKED (Unknown @ 0x859929A0)
[Address] SSDT[255] : NtQueueApcThread @ 0x82BFC889 -> HOOKED (Unknown @ 0x859A33F0)
[Address] SSDT[261] : NtReadVirtualMemory @ 0x82C1DA26 -> HOOKED (Unknown @ 0x859A3288)
[Address] SSDT[267] : NtRenameKey @ 0x82C9F88C -> HOOKED (Unknown @ 0x85992B08)
[Address] SSDT[289] : NtSetContextThread @ 0x82CDE25F -> HOOKED (Unknown @ 0x859A34E0)
[Address] SSDT[303] : NtSetInformationKey @ 0x82C9ED35 -> HOOKED (Unknown @ 0x85992A90)
[Address] SSDT[305] : NtSetInformationProcess @ 0x82C5F9EE -> HOOKED (Unknown @ 0x859A3738)
[Address] SSDT[306] : NtSetInformationThread @ 0x82C442DD -> HOOKED (Unknown @ 0x859A3558)
[Address] SSDT[324] : NtSetValueKey @ 0x82C293FF -> HOOKED (Unknown @ 0x85992A18)
[Address] SSDT[330] : NtSuspendProcess @ 0x82CDE6EF -> HOOKED (Unknown @ 0x859A36C0)
[Address] SSDT[331] : NtSuspendThread @ 0x82BE5945 -> HOOKED (Unknown @ 0x859A3468)
[Address] SSDT[334] : NtTerminateProcess @ 0x82C3C173 -> HOOKED (Unknown @ 0x859A37B0)
[Address] SSDT[335] : NtTerminateThread @ 0x82C67670 -> HOOKED (Unknown @ 0x859A35D0)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x82C58A2F -> HOOKED (Unknown @ 0x859A3300)
[Address] SSDT[383] : NtCreateUserProcess @ 0x82C14C47 -> HOOKED (Unknown @ 0x859A3210)
[inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36641B66)
[inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36641B66)
[inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36641B66)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6B5278EA)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6B528732)
[Address] IAT @iexplore.exe (SHEnumValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6B527831)
[Address] IAT @iexplore.exe (PathCombineW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6B526533)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6B526E45)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6B528235)

Â¤Â¤Â¤ Infection : Â¤Â¤Â¤

Â¤Â¤Â¤ HOSTS File: Â¤Â¤Â¤
--> %SystemRoot%\System32\drivers\etc\hosts

::1 localhost

Â¤Â¤Â¤ MBR Check: Â¤Â¤Â¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160821A ATA Device +++++
--- User ---
[MBR] 31adc4f1c2c6f2b689e347e8abea5d72
[bSP] 2129a2df68e4292f422b12295973d001 : Legit.B MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10150 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20788110 | Size: 142474 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12022013_075358.txt >>
RKreport[0]_D_12012013_225547.txt;RKreport[0]_S_12022013_074930.txt

December 2, 2013

^{will send list in separate post when rogue killer is complete, may be in the a.m.}

December 2, 2013

rougue killer in process

December 2, 2013

While waiting for a reply, I tried it again and it loaded 2 more pay programs. will follow your next instructions.

December 2, 2013

so far that program has installed two other programs that want money to clear errors?

December 2, 2013

Farbar Recovery Scan in process

December 2, 2013

didn't think so.

December 2, 2013

Quick question, although I think I know the answer, does this infect any of the Apple products?

December 2, 2013

ok where do we start and do you want ot pick this up in the a.m. I have the next week off from work so i have time, have some appointments but we can work around them I think.

December 2, 2013

Well i have a few questions. First I do not do any banking or purchasing on this computer. What about all of my ms documents i.e. word, excell, pdfs? Then comes i do not even think I know or could find the original install cd's alot of the programs were already installed on the computer when i bought it. any thoughts?

December 1, 2013

RK Report

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 12/01/2013 13:35:18
| ARK || FAK || MBR |

Â¤Â¤Â¤ Bad processes : 1 Â¤Â¤Â¤
[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{e0d7cc16-5e05-1245-8340-5d9ba132bca1}\ \...\???ï¯¹à¹›\{e0d7cc16-5e05-1245-8340-5d9ba132bca1}\GoogleUpdate.exe" < [x] -> STOPPED

Â¤Â¤Â¤ Registry Entries : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Scheduled tasks : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Startup Entries : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Web browsers : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Particular Files / Folders: Â¤Â¤Â¤

Â¤Â¤Â¤ Driver : [LOADED] Â¤Â¤Â¤
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x82C8F6AD -> HOOKED (Unknown @ 0x85970370)
[Address] SSDT[64] : NtCreateKey @ 0x82C36170 -> HOOKED (Unknown @ 0x859A7A78)
[Address] SSDT[72] : NtCreateProcess @ 0x82CD8F95 -> HOOKED (Unknown @ 0x85970898)
[Address] SSDT[73] : NtCreateProcessEx @ 0x82CD8FE0 -> HOOKED (Unknown @ 0x85970820)
[Address] SSDT[78] : NtCreateThread @ 0x82CD8DC8 -> HOOKED (Unknown @ 0x85970640)
[Address] SSDT[123] : NtDeleteKey @ 0x82BF9749 -> HOOKED (Unknown @ 0x85970AF0)
[Address] SSDT[126] : NtDeleteValueKey @ 0x82BF4CEA -> HOOKED (Unknown @ 0x85970910)
[Address] SSDT[255] : NtQueueApcThread @ 0x82BF8889 -> HOOKED (Unknown @ 0x859703E8)
[Address] SSDT[261] : NtReadVirtualMemory @ 0x82C19A26 -> HOOKED (Unknown @ 0x859ABE98)
[Address] SSDT[267] : NtRenameKey @ 0x82C9B88C -> HOOKED (Unknown @ 0x85970A78)
[Address] SSDT[289] : NtSetContextThread @ 0x82CDA25F -> HOOKED (Unknown @ 0x859704D8)
[Address] SSDT[303] : NtSetInformationKey @ 0x82C9AD35 -> HOOKED (Unknown @ 0x85970A00)
[Address] SSDT[305] : NtSetInformationProcess @ 0x82C5B9EE -> HOOKED (Unknown @ 0x85970730)
[Address] SSDT[306] : NtSetInformationThread @ 0x82C402DD -> HOOKED (Unknown @ 0x85970550)
[Address] SSDT[324] : NtSetValueKey @ 0x82C253FF -> HOOKED (Unknown @ 0x85970988)
[Address] SSDT[330] : NtSuspendProcess @ 0x82CDA6EF -> HOOKED (Unknown @ 0x859706B8)
[Address] SSDT[331] : NtSuspendThread @ 0x82BE1945 -> HOOKED (Unknown @ 0x85970460)
[Address] SSDT[334] : NtTerminateProcess @ 0x82C38173 -> HOOKED (Unknown @ 0x859707A8)
[Address] SSDT[335] : NtTerminateThread @ 0x82C63670 -> HOOKED (Unknown @ 0x859705C8)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x82C54A2F -> HOOKED (Unknown @ 0x859702F8)
[Address] SSDT[383] : NtCreateUserProcess @ 0x82C10C47 -> HOOKED (Unknown @ 0x859ABE20)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x88047F30)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8804F020)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88047EB8)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88047E40)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x86F98EB8)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x880601B8)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x88047FA8)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x86809E30)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x87DD30E0)
[inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36772E66)
[inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36772E66)
[inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36772E66)

Â¤Â¤Â¤ Infection : ZeroAccess Â¤Â¤Â¤

Â¤Â¤Â¤ HOSTS File: Â¤Â¤Â¤
--> %SystemRoot%\System32\drivers\etc\hosts

::1 localhost

Â¤Â¤Â¤ MBR Check: Â¤Â¤Â¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160821A ATA Device +++++
--- User ---
[MBR] 31adc4f1c2c6f2b689e347e8abea5d72
[bSP] 2129a2df68e4292f422b12295973d001 : Legit.B MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10150 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20788110 | Size: 142474 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12012013_133518.txt >>
RKreport[0]_D_12012013_133108.txt;RKreport[0]_S_12012013_132943.txt

December 1, 2013

Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
MicrosoftÂ® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/26/2007 6:29:25 AM
System Uptime: 12/1/2013 9:03:02 AM (3 hours ago)
.
Motherboard: Gateway | |
Processor: AMD Turion 64 X2 Mobile Technology TL-52 | Socket M2/S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 52.288 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.634 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
==== System Restore Points ===================
.
RP3265: 11/29/2013 12:00:03 AM - Scheduled Checkpoint
RP3266: 11/29/2013 3:00:20 AM - Windows Update
RP3267: 11/30/2013 12:00:02 AM - Scheduled Checkpoint
RP3268: 11/30/2013 3:00:20 AM - Windows Update
RP3269: 12/1/2013 12:00:03 AM - Scheduled Checkpoint
RP3270: 12/1/2013 3:00:21 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.6
AIO_Scan
Apple Mobile Device Support
ATI Catalyst Install Manager
ATI Uninstaller
Autodesk DWF Viewer
BigFix
BufferChm
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Arabic
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Spanish
ccc-core-static
ccc-localization-da
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Command & Conquer The First Decade
Command & Conquerâ„¢ 4 Tiberian Twilight
Copy
CustomerResearchQFolder
CutePDF Writer 2.8
Destinations
DeviceManagementQFolder
DISH Optimizer Ver 2011-06-01
DivX Free Codec
DivX Setup
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Drivers Install For Linksys Easylink Advisor
Employee Scheduling Assistant
eSupportQFolder
F4100
F4100_Help
Gateway Recovery Center Installer
Google Chrome
HGTV Home & Landscape Platinum Suite
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Java SE Runtime Environment 6
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Motorola SM56 Data Fax Modem
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OGA Notifier 2.0.0048.0
PC Fixer
Power2Go 5.0
QuickBooks
QuickBooks Pro 2010
QuickTime
REALTEK RTL8187 Wireless LAN Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SigmaTel Audio
Skins
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Spy Sweeper
Status
swMSM
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TimeCurve Scheduler Demo
TIPCI
Toolbox
TrayApp
Uninstall 1.0.0.1
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
WebReg
WebSlingPlayer ActiveX
Widevine Media Transformer Plugin 5.0.0
WModem Driver Installer
Wondershare 1-Click PC Care (Version 7.5.0)
Zip995
.
==== Event Viewer Messages From Past Week ========
.
12/1/2013 9:05:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/1/2013 9:04:21 AM, Error: Microsoft-Windows-TaskScheduler [412] - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.
12/1/2013 9:03:28 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
.
==== End Of File ===========================

December 1, 2013

DDS log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18928
Run by Owner at 12:35:01 on 2013-12-01
MicrosoftÂ® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.1917.598 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wondershare\1-Click PC Care\CareMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [startCCC] "c:\program files\ati" technologies\ati.ace\core-static\CLIStart.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [sMSERIAL] "c:\program files\motorola\smserial\sm56hlpr.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4A852085-0994-4D10-A7C7-3AFD957332FD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7840614F-02D1-4405-9E3B-A5D2CEF6D027} : DHCPNameServer = 4.2.2.1 4.2.2.2 4.2.2.3
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: WRNotifier - WRLogonNTF.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: ccc-core-static - msiexec /fums {9EB1C655-331C-5034-CCF8-436FA4B4A3DA} /qb
.
============= SERVICES / DRIVERS ===============
.
R?2 CareMon;CareMon;c:\program files\wondershare\1-click pc care\CareMon.exe [2013-5-8 146792]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-6 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-6 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-6 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2013-10-6 40384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-6 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104768]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2007-4-20 3572592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-1 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-1 40776]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-11-19 288256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-12-01 17:00:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-01 16:30:52 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{949d561d-cb26-4bce-8e0c-195e0089ef99}\offreg.dll
2013-12-01 16:16:57 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2013-12-01 16:16:27 -------- d-----w- c:\programdata\Malwarebytes
2013-12-01 16:16:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-01 16:16:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-01 15:52:52 -------- d-----w- c:\windows\ERUNT
2013-12-01 15:29:44 -------- d-----w- C:\AdwCleaner
2013-12-01 08:36:16 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{949d561d-cb26-4bce-8e0c-195e0089ef99}\mpengine.dll
2013-11-30 09:28:50 7772552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-11-12 23:36:26 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ec099350-56ee-477a-a272-b7fe2d190fbe}\gapaengine.dll
.
==================== Find3M ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-09-27 16:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 16:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
============= FINISH: 12:36:56.94 ===============

December 1, 2013

_{security check results}

_{_{Results of screen317's Security Check version 0.99.77
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spy Sweeper
Malwarebytes Anti-Malware version 1.75.0.1300
Java SE Runtime Environment 6
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 31.0.1650.48
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````}}

December 1, 2013

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18928
Owner :: GMB [administrator]

Protection: Enabled

12/1/2013 10:57:29 AM
MBAM-log-2013-12-01 (11-13-56).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Owner\AppData\Local\Temp\ct3298566 (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 0
(No malicious items detected)

(end)

Sign In

urtreasured

Content Count

Joined

Last visited

Content Type

Profiles

Forums

Calendar

Posts posted by urtreasured

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Fix my PC

Browse

Activity