someone harvesting bitcoin on my laptop

Alchemy · Dec 21, 2012

Hello Everyone,

I was just informed on Malwarebytes forum that I was hacked and that someone is using my laptop to harvest bitcoin. My laptop hardware info is in profile. Experience terrible start time, lagging throughout everything, Mozilla experiences freezes and terrible lag. Working on becoming a Whitehat but still new to the whole ordeal so I am in need of serious help. Neither Avast nor M.S.E. were able to find anything. Spybot on the other hand found:

SweetIM: [SBI $A2B8532B] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\priam_bho.DLL

SweetIM: [SBI $A2B8532B] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\priam_bho.DLL

SweetIM: [SBI $9C9B9F12] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

I ran cmd.exe and here is my current tasklist:

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 2,916 K
smss.exe 400 Services 0 1,228 K
csrss.exe 556 Services 0 7,272 K
wininit.exe 600 Services 0 4,672 K
csrss.exe 624 Console 1 43,064 K
services.exe 660 Services 0 10,648 K
lsass.exe 680 Services 0 12,968 K
lsm.exe 692 Services 0 4,524 K
svchost.exe 800 Services 0 10,484 K
svchost.exe 892 Services 0 9,808 K
MsMpEng.exe 952 Services 0 78,460 K
winlogon.exe 1004 Console 1 7,216 K
svchost.exe 560 Services 0 27,512 K
svchost.exe 736 Services 0 157,236 K
svchost.exe 1036 Services 0 53,024 K
svchost.exe 1128 Services 0 5,468 K
svchost.exe 1160 Services 0 20,012 K
svchost.exe 1232 Services 0 33,016 K
AvastSvc.exe 1332 Services 0 3,996 K
spoolsv.exe 1448 Services 0 13,792 K
svchost.exe 1484 Services 0 17,248 K
armsvc.exe 1556 Services 0 3,828 K
svchost.exe 1588 Services 0 8,944 K
AppleMobileDeviceService. 1612 Services 0 9,088 K
ASO3DefragSrv64.exe 1700 Services 0 4,892 K
mDNSResponder.exe 1744 Services 0 5,968 K
svchost.exe 1776 Services 0 25,392 K
svchost.exe 1816 Services 0 3,904 K
LMIGuardianSvc.exe 1844 Services 0 6,888 K
ramaint.exe 1900 Services 0 5,696 K
LMS.exe 1924 Services 0 5,272 K
LogMeIn.exe 1948 Services 0 26,028 K
lxdqcoms.exe 1188 Services 0 6,068 K
taskhost.exe 2760 Console 1 11,608 K
taskeng.exe 2792 Console 1 7,460 K
dwm.exe 2884 Console 1 68,768 K
explorer.exe 2944 Console 1 148,704 K
msseces.exe 2512 Console 1 19,460 K
igfxtray.exe 2552 Console 1 7,576 K
hkcmd.exe 2812 Console 1 17,048 K
igfxsrvc.exe 2012 Console 1 7,496 K
igfxpers.exe 536 Console 1 10,060 K
IAStorIcon.exe 2556 Console 1 20,904 K
AvastUI.exe 3152 Console 1 16,796 K
sua.exe 3324 Services 0 3,948 K
TCPSVCS.EXE 3384 Services 0 5,224 K
svchost.exe 3472 Services 0 9,244 K
TODDSrv.exe 3584 Services 0 5,796 K
svchost.exe 3616 Services 0 10,024 K
SearchIndexer.exe 3640 Services 0 47,824 K
IAStorDataMgrSvc.exe 3732 Services 0 17,356 K
SMSvcHost.exe 3968 Services 0 22,552 K
NDSTray.exe 2856 Console 1 1,248 K
alg.exe 4220 Services 0 5,744 K
NisSrv.exe 4264 Services 0 13,744 K
CFSwMgr.exe 4608 Console 1 528 K
KeNotify.exe 4776 Console 1 10,032 K
svchost.exe 4796 Services 0 17,844 K
ToshibaServiceStation.exe 5036 Console 1 64,860 K
wmpnetwk.exe 5052 Services 0 15,144 K
TMachInfo.exe 3208 Services 0 30,944 K
CFIWmxSvcs64.exe 4892 Services 0 4,520 K
CFSvcs.exe 3488 Services 0 2,996 K
UNS.exe 4352 Services 0 8,944 K
svchost.exe 2504 Services 0 5,216 K
ielowutil.exe 4068 Console 1 528 K
taskhost.exe 4216 Console 1 17,088 K
SpybotSD.exe 1880 Console 1 124,084 K
firefox.exe 3456 Console 1 326,896 K
notepad.exe 3008 Console 1 8,528 K
WUDFHost.exe 4256 Services 0 7,608 K
Speccy64.exe 3204 Console 1 50,716 K
WmiPrvSE.exe 1604 Services 0 16,512 K
WmiPrvSE.exe 5720 Services 0 28,592 K
WmiPrvSE.exe 6052 Services 0 10,888 K
Speccy64.exe 3576 Console 1 51,948 K
cmd.exe 5376 Console 1 3,820 K
conhost.exe 5288 Console 1 6,748 K
tasklist.exe 1888 Console 1 6,816

Not sure what to do from here or what to post. Please just point the way and I'll do whatever.

Thank you in advance

Borg 386 · Dec 21, 2012

Doing a Google search, SweetIM is listed as a toolbar and comes up for the majority as probable spyware. Click on this link and follow the directions for running this tool: (AdWareCleaner)

http://www.sevenforums.com/system-s...oolbar-conduit-search-engine.html#post2215141

Follow up by d/l ing & running Windows Offline Defender to be sure it hasn't introduced anything else into your system. Be sure you make this on a clean PC as making it on an infected one can compromise the integrity of the scanner.

Alchemy · Dec 21, 2012

Thank you much! Working on "whitesmoke" as we speak. Will keep posted.

Alchemy · Dec 21, 2012

Ha slight complication. I do not have access to a clean computer for Win Offline Defender. Then again, I am not at that step quite yet

Alchemy · Dec 21, 2012

Code:

# AdwCleaner v2.101 - Logfile created 12/21/2012 at 14:34:59
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Merlin - ARCHIMEDES
# Boot Mode : Normal
# Running from : C:\Users\Merlin\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : WajamUpdater
 
***** [Files / Folders] *****
 
File Deleted : C:\Users\Merlin\AppData\Roaming\Mozilla\Firefox\Profiles\jdrw4fxk.default\searchplugins\Web Search.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Merlin\AppData\Local\Conduit
Folder Deleted : C:\Users\Merlin\AppData\Local\Wajam
Folder Deleted : C:\Users\Merlin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Merlin\AppData\Roaming\OpenCandy
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=26d8c390-fcf9-45c8-bc53-488b53e15fab&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=US&userid=26d8c390-fcf9-45c8-bc53-488b53e15fab&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
 
-\\ Mozilla Firefox v17.0.1 (en-US)
 
Profile name : default 
File : C:\Users\Merlin\AppData\Roaming\Mozilla\Firefox\Profiles\jdrw4fxk.default\prefs.js
 
C:\Users\Merlin\AppData\Roaming\Mozilla\Firefox\Profiles\jdrw4fxk.default\user.js ... Deleted !
 
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
 
Profile name : default-1352467417422 [Profil par défaut]
File : C:\Users\Merlin\AppData\Roaming\Mozilla\Firefox\Profiles\7731e0oi.default-1352467417422\prefs.js
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [6038 octets] - [21/12/2012 14:33:54]
AdwCleaner[S1].txt - [6234 octets] - [21/12/2012 14:34:59]

Alchemy · Dec 21, 2012

Did full scan mwbytes. only thing that came up was:

ca_setup.exe (PUP.PasswordTool)

Removing that currently. Was going to run TDSSKiller.exe but if anyone has suggestions, it would be wonderful.

whs · Dec 21, 2012

You will really only be sure that you got rid of this bugger if you do a clean reinstall. And before you save your own files, run them thru here: https://www.virustotal.com/

Borg 386 · Dec 22, 2012

Looks like you had a lot of toolbars. I'm guessing you got these when you installed some of your programs. You have to be cautious when installing any program as a lot of them come bundled with toolbars/programs. Be sure to watch the installation windows and uncheck any toolbar/software options.

Best to run TDSSKiller just to be sure none of those introduced a rootkit. And run Windows Defender Offline as soon as you've made it on a clean PC. Be aware that if any rootkit is found, your best option will be to do a clean install.

As whs pointed out, once your system has been compromised the only 100% way to be sure you got it all is to do a clean install.

Alchemy · Dec 22, 2012

Good afternoon! Thank you so much for taking the time to work with me, Borg 686 and whs! I ran a few things in safe mode with networking (have had a sneaky feeling it might have been wrong to have the networking) and will post up the logs. The programs helped tremendously and the https://www.virustotal.com is a gem. Afraid to say that I think the culprit might be more devious than normal because I am exceedingly meticulous about not installing extras: carelessly installed the Babylon one a while ago when I was pushing 72 hours awake and after manually cleaning it up, I have yet to forget the tedious pain the cleanup took. Without further ado. the logs:

Alchemy · Dec 22, 2012

OH! Forgot to ask a question before I post logs. I had the idea to do this since I do not have any access whatsoever to a clean computer.

Boot into safe mode with networking.
Download and install a VirtualBox (Suggestions for what to run inside are needed. I was just going to do the most readily available Linux distribution).
Once the VirtualBox is ready and an OS is setup in Safe Mode with Networking, download the Win Offline Defender and make a bootable CD or Flash drive with it.

Theoretically, the idea sounded great to me and fun to test but I do not have the knowledge, nor the experience to know if that would even be a "'clean" environment much less if any other minute or grandiose factors/variables apply. Some that I can think of would be: If downloading and installing/setting up VirtualBox was even possible in Safe Mode with networking? Would making a bootable CD or flashdrive be possible in S.M.w.N.? Even if the environment inside of the VB which would be inside of S.M.w.N. ended up being "clean," would the download still be a failure as a result of coming from the internet where my infected computer has had plenty of time to apart of? Should the download prove to be in a .zip or similar format proven to be clean by various scans, even if the environment was clean or infected, could a switch from Safe Mode with Networking to Safe Mode allow the extraction and creation of the bootable item to remain clean? Last, if the computer was known to have been infected, could it even be trusted to test any of the previous ideas or should one say lesson learned, clean Win install and post to make others aware of the new information?

Think I might post this for everyone to take a swing at and share experience/ideas or dismiss while laughing at me.

Borg 386 · Dec 22, 2012

I couldn't tell you offhand if that would work or not. When you d/l WDO, it's a small file that will connect to the MS site, d/l an ISO file & burn it to disk or FD. You do have the option to create a bootable ISO file as listed in the tutorial.

Other options you can try are ESET Online scanner. Detailed directions on using it can be found at this post:

http://www.sevenforums.com/system-s...irtool-win32-obfuscator-xz-3.html#post2209760

Another online scanner you can try is Symantec Security Check. Click on the Virus Detection button to start the scan, you'll be prompted to d/l some items. It will only run in IE.

What you decide to do is your choice, however, as me & whs stated, if you want to be 100% sure that it's clean again, then a clean reinstall is your best option. In the future you may wish to consider making a System Image & when something like this happens down the road, you won't have to reinstall.

http://www.sevenforums.com/tutorials/663-backup-complete-computer-create-image-backup.html

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

Alchemy · Dec 24, 2012

I do not know if anything can be done with either because they were not made when the laptop was used first and therefore, I am unsure if they are clean or not but I have a backup and a windows image on my external hd. Both made within past two months but have had this laptop for 2 years

Borg 386 · Dec 24, 2012

Did you have any success in running ESET or Symantec on your laptop? This looks like your only option (online scanners) since you said you don't have access to clean PC to make WDO. Either that or a clean install.

The image file is going to be your call. If your problems started after you made the file, then it might be worth it to give it a shot since it's more recent & you won't have to catch up on too many updates.

Alchemy · Dec 24, 2012

Hey and Merry Christmas or Happy Holidays to everyone. I did and posted the log but for some reason, it did not show up. ESET found this but I do not know what if I should click delete quarantined files and then click finish or what:

C:\Users\Merlin\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120802210106249.rsc a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined

Borg 386 · Dec 24, 2012

Go ahead & delete it, then click finish. Make sure you have the latest version of Java (Version 7 Update 10).

Information on TrojanDownloader.Agent.NDJ

Encyclopedia entry: Exploit:Java/CVE-2011-3544.T - Learn more about malware - Microsoft Malware Protection Center

Once you have completed the scan, run additional scans with Malwarebytes & MS Safety Scanner

The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

Happy & Safe Holidays to you also.

Alchemy · Dec 28, 2012

Scanned with Microsoft Safety Scanner in normal windows and MWB Anti-Mal and received both logs stating this:

Alchemy · Dec 28, 2012

Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download

Database version: v2012.12.21.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Merlin :: ARCHIMEDES [administrator]

12/27/2012 9:44:20 PM
mbam-log-2012-12-28 (00-34-28).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466088
Time elapsed: 1 hour(s), 3 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Merlin\Downloads\D7\3rd Party Tools\iehv.exe (PUP.HistoryTool) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\mailpv.exe (PUP.MailPassView) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\produkey.exe (PUP.PSWTool.ProductKey) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\webbrowserpassview.exe (PUP.PassView) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\WirelessKeyView-x64.exe (PUP.WirelessKeyView) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\WirelessKeyView.exe (PUP.WirelessKeyView) -> No action taken.

(end)

Borg 386 · Dec 28, 2012

What you have there are listed as Potentially Unwanted Programs, they usually come bundled with other programs. They can contain spyware, malware or viruses depending on the source you got them from.

A PUP is similar to malware in that it may cause problems once it is installed on your computer. However, unlike malware, you consent to a PUP being installed, rather than it installing itself without your knowledge.

Most PUPs are spyware or adware programs that cause undesirable behavior on your computer. Some may simply display annoying advertisements, while others may run background processes that cause your computer to slow down. The label "potentially unwanted program" is a fitting description of these applications because you may not find out about their obnoxious behavior until after they are installed.

Go ahead & re-run Malwarebytes, when finished be sure to check the boxes next to the problems found & put them in quarantine. Malwarebytes, by default, will not remove these unless you specify it to.

someone harvesting bitcoin on my laptop

New member

My Computer My Computer

At a glance

ADHD Senior Member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

ADHD Senior Member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

ADHD Senior Member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

ADHD Senior Member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

ADHD Senior Member

My Computer My Computer

At a glance

New member

Attachments

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

ADHD Senior Member

My Computer My Computer

At a glance

Similar threads

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer