Solved Windows has encountered a critical error and will restart in one minute windows 7

kmorford

kmorford

Posts: 49   +0
Windows has encountered a critical error and will restart in one minute please save your work.
windows 7 64-bit, work PC on domain.have tried windows repair, malwarebytes, housecall, backtrack5, and symantiec network managed client is installed.
I was able to stop the shutdowns by making a shortcut on the desktop "shutdown -r" but nothing will run meaning no anti-virus no internet, no intranet, mt snap ins are all disabled, no win explorer nothing. my logs have all been deleted(not by me). I can get to safe mode with networking, but when I scan all I get is adware stuff nothing that would be causing this. I have found that if I leave my lan cable unplugged and use wi-fi it does not happen every time I reboot??? any help would be great...this one has got me baffled...
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Farbar Recovery Scan Tool (x64) Version: 20-09-2012
Ran by SYSTEM at 2012-09-21 16:10:10
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2012
Ran by SYSTEM at 21-09-2012 16:07:11
Running from I:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2828072 2011-09-15] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [615584 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379040 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start [299576 2011-01-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [76344 2011-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2010-08-10] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\moradm\...\Run: [Google Update] "C:\Users\moradm\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-10] (Google Inc.)
HKU\moradm\...\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [1261512 2012-07-27] (Adobe Systems Incorporated)
HKU\moradm\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Tcpip\Parameters: [DhcpNameServer] 172.16.2.1 172.16.2.3
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\Users\moradm\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros)
2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-08-10] (Symantec Corporation)
2 CcmExec; C:\windows\CCM\CcmExec.exe [1684848 2012-02-20] (Microsoft Corporation)
2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-08-10] (Symantec Corporation)
4 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [605040 2012-02-20] (Microsoft Corporation)
2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
2 DWMRCS; C:\Windows\SysWOW64\DWRCS.EXE -service [241688 2010-04-07] (DameWare Development LLC)
2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [70280 2012-06-15] (CHENGDU YIWO Tech Development Co., Ltd)
3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [24712 2012-05-03] (CHENGDU YIWO Tech Development Co., Ltd)
3 HP ProtectTools Service; "C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe" [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1094712 2011-04-05] (Hewlett-Packard Development Company L.P.)
2 HPDayStarterService; "C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe" [133688 2011-01-28] (Hewlett-Packard Company)
2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2010-09-07] (Symantec Corporation)
3 lpasvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [50472 2011-12-06] (Microsoft Corporation)
3 lppsvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [50472 2011-12-06] (Microsoft Corporation)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
4 McAfee Endpoint Encryption Agent; "C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe" [1318912 2011-02-09] ()
2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3249768 2010-11-12] (Symantec Corporation)
3 smstsmgr; C:\windows\CCM\TSManager.exe /service [374640 2012-02-20] (Microsoft Corporation)
4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [428912 2010-11-17] (Symantec Corporation)
2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1839776 2010-11-08] (Symantec Corporation)
2 TIRmtSvc; C:\WINDOWS\TIREMOTE\TIRemoteService.exe [210944 2012-05-04] (Numara Software, Inc.)
2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-10] (ArcSoft, Inc.)
4 XobniService; "C:\Program Files (x86)\Xobni\XobniService.exe" [62184 2011-03-07] (Xobni Corporation)
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

1 archlp; C:\Windows\System32\Drivers\archlp.sys [136192 2010-07-07] ()
3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-10] (ArcSoft, Inc.)
3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2007-02-15] (DameWare)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
3 epmntdrv; \??\C:\windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
0 EUBKMON; C:\Windows\System32\Drivers\EUBKMON.sys [48776 2012-05-03] ()
3 EuGdiDrv; \??\C:\windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120920.002\ENG64.SYS [126112 2012-09-13] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120920.002\EX64.SYS [2084000 2012-09-13] (Symantec Corporation)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 prepdrvr; \??\C:\windows\CCM\prepdrv.sys [26992 2012-02-20] (Microsoft Corporation)
3 rzjoystk; C:\Windows\System32\Drivers\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1826048 2010-12-21] ()
1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2010-09-17] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2010-09-17] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-09-17] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2012-01-04] (Symantec Corporation)
3 Teefer2; C:\Windows\System32\Drivers\Teefer2.sys [64048 2010-08-16] (Symantec Corporation)
1 WPS; \??\C:\windows\system32\drivers\wpsdrvnt.sys [53808 2010-11-12] (Symantec Corporation)
3 WpsHelper; C:\Windows\System32\Drivers\WpsHelper.sys [225328 2012-09-06] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-21 16:06 - 2012-09-21 16:07 - 00000000 ____D C:\FRST
2012-09-20 16:26 - 2012-09-20 16:26 - 17483288 ____A (Microsoft Corporation) C:\Users\moradm\Downloads\Windows-KB890830-x64-V4.12.exe
2012-09-20 16:21 - 2012-09-20 16:24 - 273991680 ____A C:\Users\moradm\Downloads\kav_rescue_10.iso
2012-09-20 15:10 - 2012-09-20 15:10 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\moradm\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-20 15:10 - 2012-09-20 15:10 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-20 15:10 - 2012-09-20 15:10 - 00000000 ____D C:\Users\moradm\AppData\Roaming\Malwarebytes
2012-09-20 15:10 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-20 14:28 - 2012-09-20 14:28 - 00000000 ____D C:\Users\moradm\AppData\Roaming\QuickScan
2012-09-20 13:26 - 2012-09-20 13:26 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\moradm\Downloads\tdsskiller (1).exe
2012-09-20 13:23 - 2012-09-20 13:23 - 00012279 ____A C:\Users\moradm\Downloads\tdsskiller.exe
2012-09-20 08:22 - 2012-09-20 17:07 - 00019899 ____A C:\Windows\WindowsUpdate.log
2012-09-20 07:01 - 2012-09-20 07:01 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-09-20 07:01 - 2012-09-20 07:01 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-20 07:01 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-09-20 07:00 - 2012-09-20 14:55 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-09-20 07:00 - 2012-09-20 07:00 - 00000000 ____D C:\Program Files\AVAST Software
2012-09-20 06:57 - 2012-09-20 06:57 - 93654616 ____A C:\Users\moradm\Downloads\avast_free_antivirus_setup.exe
2012-09-20 06:34 - 2012-09-20 06:34 - 00003120 ____A C:\Windows\KB41227.log
2012-09-20 06:32 - 2012-09-21 12:42 - 00001624 ____A C:\Windows\setupact.log
2012-09-20 06:32 - 2012-09-20 14:55 - 00001834 ____A C:\Windows\PFRO.log
2012-09-20 06:32 - 2012-09-20 06:32 - 00000000 ____A C:\Windows\setuperr.log
2012-09-20 06:27 - 2012-09-20 06:27 - 00413864 ____A C:\Users\moradm\Documents\cc_20120920_092744.reg
2012-09-20 06:26 - 2012-09-20 06:26 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-20 06:26 - 2012-09-20 06:26 - 00000000 ____D C:\Program Files\CCleaner
2012-09-18 17:49 - 2012-09-18 17:49 - 02406064 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher64 (1).exe
2012-09-18 08:03 - 2012-09-05 07:21 - 210565120 ____A C:\Users\moradm\Desktop\DeployMedia_x64_20120905.iso
2012-09-18 06:15 - 2012-09-18 06:15 - 00000791 ____A C:\Users\moradm\Documents\pim_installmgr.log
2012-09-18 06:03 - 2012-09-18 06:15 - 00000000 ____D C:\Users\moradm\AppData\Roaming\pim
2012-09-18 06:02 - 2012-09-18 06:02 - 28144392 ____A (PTC) C:\Users\moradm\Desktop\setup (2).exe
2012-09-18 06:01 - 2012-09-18 06:02 - 28144392 ____A (PTC) C:\Users\moradm\Downloads\setup (2).exe
2012-09-12 06:13 - 2012-09-12 06:13 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-09-12 05:52 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-09-12 05:51 - 2012-09-12 05:51 - 02002944 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher.exe
2012-09-11 18:18 - 2012-09-20 14:42 - 01194207 ____A C:\Users\moradm\AppData\Local\census.cache
2012-09-11 18:17 - 2012-09-20 14:42 - 00147790 ____A C:\Users\moradm\AppData\Local\ars.cache
2012-09-11 18:03 - 2012-09-11 18:03 - 02406064 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher64.exe
2012-09-11 18:03 - 2012-09-11 18:03 - 00000036 ____A C:\Users\moradm\AppData\Local\housecall.guid.cache
2012-09-11 13:35 - 2012-09-20 06:10 - 00000000 ____D C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-11 13:35 - 2012-09-11 13:35 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-09-11 12:26 - 2012-09-11 12:26 - 00001266 ____A C:\Users\moradm\Desktop\shutdown.exe.lnk
2012-09-11 10:31 - 2012-09-20 15:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-11 10:31 - 2012-09-11 10:31 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-06 17:48 - 2012-09-06 17:48 - 05207411 ____A C:\Users\moradm\Downloads\DuskDawn.themepack
2012-09-06 17:45 - 2012-09-06 17:45 - 15850235 ____A C:\Users\moradm\Downloads\MagicLandscapesMichaelBreitung.themepack
2012-09-06 17:45 - 2012-09-06 17:45 - 04878968 ____A C:\Users\moradm\Downloads\NengGaoMountain.themepack
2012-09-06 17:45 - 2012-09-06 17:45 - 04393694 ____A C:\Users\moradm\Downloads\LakeJiaming.themepack
2012-09-06 15:46 - 2012-09-06 15:46 - 00000000 ____D C:\ExamView1
2012-09-06 07:35 - 2012-09-05 11:09 - 189151232 ____A C:\Users\moradm\Desktop\ERD_Commander_2005_v5.0_BOOT_CD.iso
2012-09-05 10:10 - 2012-09-05 10:10 - 00000000 ____A C:\Users\moradm\Downloads\MDOP-Diagnostic-Recovery-Toolset.pptx.crdownload
2012-09-05 09:24 - 2012-09-05 11:09 - 189151232 ____A C:\Users\moradm\Downloads\ERD_Commander_2005_v5.0_BOOT_CD.iso
2012-09-05 09:22 - 2012-09-05 09:22 - 00000000 ____D C:\Users\moradm\AppData\Local\CRE
2012-09-05 05:58 - 2012-09-05 05:58 - 00000000 ____D C:\Users\moradm\AppData\Roaming\Autodesk
2012-09-05 05:58 - 2012-09-05 05:58 - 00000000 ____D C:\Users\All Users\Autodesk
2012-09-04 15:23 - 2012-09-04 15:23 - 00005743 ____A C:\Users\moradm\Documents\Jamie Sullivan Homework for.odt
2012-08-30 08:50 - 2012-08-30 08:50 - 00000000 ____D C:\Users\moradm\Documents\Fax
2012-08-24 13:51 - 2012-08-27 06:23 - 06643638 ____A C:\Users\moradm\Documents\RaineMorford.bmp

==================== 3 Months Modified Files ==================

2012-09-21 12:43 - 2012-01-03 10:04 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-09-21 12:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-21 12:42 - 2012-09-20 06:32 - 00001624 ____A C:\Windows\setupact.log
2012-09-21 10:12 - 2011-07-25 00:40 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2012-09-20 17:07 - 2012-09-20 08:22 - 00019899 ____A C:\Windows\WindowsUpdate.log
2012-09-20 16:55 - 2012-01-10 14:42 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131294493-1449412943-965413785-16775UA.job
2012-09-20 16:26 - 2012-09-20 16:26 - 17483288 ____A (Microsoft Corporation) C:\Users\moradm\Downloads\Windows-KB890830-x64-V4.12.exe
2012-09-20 16:24 - 2012-09-20 16:21 - 273991680 ____A C:\Users\moradm\Downloads\kav_rescue_10.iso
2012-09-20 16:20 - 2012-08-08 06:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-20 16:14 - 2009-07-13 21:13 - 00787500 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-20 16:01 - 2009-07-13 20:45 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-20 16:01 - 2009-07-13 20:45 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-20 15:56 - 2012-01-04 22:17 - 00000582 ____A C:\Windows\SMSCFG.ini
2012-09-20 15:10 - 2012-09-20 15:10 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\moradm\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-20 15:10 - 2012-09-20 15:10 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-20 14:55 - 2012-09-20 06:32 - 00001834 ____A C:\Windows\PFRO.log
2012-09-20 14:42 - 2012-09-11 18:18 - 01194207 ____A C:\Users\moradm\AppData\Local\census.cache
2012-09-20 14:42 - 2012-09-11 18:17 - 00147790 ____A C:\Users\moradm\AppData\Local\ars.cache
2012-09-20 13:26 - 2012-09-20 13:26 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\moradm\Downloads\tdsskiller (1).exe
2012-09-20 13:23 - 2012-09-20 13:23 - 00012279 ____A C:\Users\moradm\Downloads\tdsskiller.exe
2012-09-20 12:20 - 2012-08-08 06:17 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-20 12:20 - 2012-01-04 13:52 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-20 08:51 - 2012-01-03 10:07 - 00003266 _RASH C:\Users\moradm\ntuser.pol
2012-09-20 07:01 - 2012-09-20 07:01 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-09-20 07:01 - 2012-09-20 07:01 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-20 06:57 - 2012-09-20 06:57 - 93654616 ____A C:\Users\moradm\Downloads\avast_free_antivirus_setup.exe
2012-09-20 06:34 - 2012-09-20 06:34 - 00003120 ____A C:\Windows\KB41227.log
2012-09-20 06:34 - 2012-01-03 10:07 - 00111216 ____A C:\Users\moradm\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-20 06:32 - 2012-09-20 06:32 - 00000000 ____A C:\Windows\setuperr.log
2012-09-20 06:32 - 2009-07-13 20:45 - 00421160 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-20 06:27 - 2012-09-20 06:27 - 00413864 ____A C:\Users\moradm\Documents\cc_20120920_092744.reg
2012-09-20 06:26 - 2012-09-20 06:26 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-19 11:55 - 2012-01-10 14:42 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131294493-1449412943-965413785-16775Core.job
2012-09-18 17:49 - 2012-09-18 17:49 - 02406064 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher64 (1).exe
2012-09-18 17:08 - 2012-01-05 07:57 - 00002008 ___AH C:\Users\moradm\Documents\Default.rdp
2012-09-18 13:09 - 2012-01-31 17:12 - 00003604 ____A C:\Users\moradm\AppData\Roaming\evpro32.prf
2012-09-18 06:15 - 2012-09-18 06:15 - 00000791 ____A C:\Users\moradm\Documents\pim_installmgr.log
2012-09-18 06:02 - 2012-09-18 06:02 - 28144392 ____A (PTC) C:\Users\moradm\Desktop\setup (2).exe
2012-09-18 06:02 - 2012-09-18 06:01 - 28144392 ____A (PTC) C:\Users\moradm\Downloads\setup (2).exe
2012-09-17 08:01 - 2011-05-02 10:48 - 00803188 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-12 06:13 - 2012-09-12 06:13 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-09-12 05:51 - 2012-09-12 05:51 - 02002944 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher.exe
2012-09-11 18:03 - 2012-09-11 18:03 - 02406064 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher64.exe
2012-09-11 18:03 - 2012-09-11 18:03 - 00000036 ____A C:\Users\moradm\AppData\Local\housecall.guid.cache
2012-09-11 12:26 - 2012-09-11 12:26 - 00001266 ____A C:\Users\moradm\Desktop\shutdown.exe.lnk
2012-09-11 12:20 - 2012-01-03 10:05 - 00013056 _RASH C:\Users\All Users\ntuser.pol
2012-09-07 14:04 - 2012-09-20 15:10 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 17:48 - 2012-09-06 17:48 - 05207411 ____A C:\Users\moradm\Downloads\DuskDawn.themepack
2012-09-06 17:45 - 2012-09-06 17:45 - 15850235 ____A C:\Users\moradm\Downloads\MagicLandscapesMichaelBreitung.themepack
2012-09-06 17:45 - 2012-09-06 17:45 - 04878968 ____A C:\Users\moradm\Downloads\NengGaoMountain.themepack
2012-09-06 17:45 - 2012-09-06 17:45 - 04393694 ____A C:\Users\moradm\Downloads\LakeJiaming.themepack
2012-09-06 15:49 - 2012-03-08 14:08 - 00001198 ____A C:\Users\moradm\AppData\Roaming\evmanage.prf
2012-09-06 08:06 - 2012-06-14 06:08 - 00000065 ____H C:\TrackitAudit.id
2012-09-06 06:20 - 2012-01-04 12:22 - 00225328 ____A (Symantec Corporation) C:\Windows\System32\Drivers\wpshelper.sys
2012-09-05 11:09 - 2012-09-06 07:35 - 189151232 ____A C:\Users\moradm\Desktop\ERD_Commander_2005_v5.0_BOOT_CD.iso
2012-09-05 11:09 - 2012-09-05 09:24 - 189151232 ____A C:\Users\moradm\Downloads\ERD_Commander_2005_v5.0_BOOT_CD.iso
2012-09-05 10:10 - 2012-09-05 10:10 - 00000000 ____A C:\Users\moradm\Downloads\MDOP-Diagnostic-Recovery-Toolset.pptx.crdownload
2012-09-05 07:21 - 2012-09-18 08:03 - 210565120 ____A C:\Users\moradm\Desktop\DeployMedia_x64_20120905.iso
2012-09-04 15:23 - 2012-09-04 15:23 - 00005743 ____A C:\Users\moradm\Documents\Jamie Sullivan Homework for.odt
2012-09-04 10:51 - 2012-01-10 14:42 - 00002416 ____A C:\Users\moradm\Desktop\Google Chrome.lnk
2012-08-31 08:36 - 2012-08-17 13:29 - 00055296 ____A C:\Users\moradm\Desktop\Travel_Sheet_July_Aug12.xls
2012-08-30 21:43 - 2012-01-03 14:10 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-27 06:23 - 2012-08-24 13:51 - 06643638 ____A C:\Users\moradm\Documents\RaineMorford.bmp
2012-08-21 15:38 - 2012-08-21 15:38 - 21683544 ____A (Hewlett-Packard Company ) C:\Users\moradm\Downloads\sp49541.exe
2012-08-21 15:29 - 2012-08-21 15:29 - 15724512 ____A (Hewlett-Packard Company ) C:\Users\moradm\Downloads\sp51096.exe
2012-08-21 13:29 - 2012-08-21 13:29 - 00000218 ____A C:\Users\moradm\.recently-used.xbel
2012-08-21 13:26 - 2012-08-21 13:26 - 00001221 ____A C:\Users\Public\Desktop\EaseUS Todo Backup Technician 4.6.lnk
2012-08-21 13:23 - 2012-08-21 13:23 - 00001472 ____A C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Technician Edition.lnk
2012-08-21 01:12 - 2012-09-20 07:01 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-20 09:19 - 2012-08-20 09:19 - 29408768 ____A (Impresys) C:\Users\moradm\Downloads\DART Installer.exe
2012-08-20 06:12 - 2012-08-20 06:36 - 2433216512 ____A C:\Users\moradm\Documents\en_windows_7_professional_with_sp1_vl_build_x86_dvd_623530.iso
2012-08-17 13:29 - 2012-08-17 10:06 - 00014008 ____A C:\Users\moradm\Downloads\Travel+Mileage+Chart+Between+Sites+073012.xlsx
2012-08-17 10:06 - 2012-08-17 10:06 - 00054784 ____A C:\Users\moradm\Downloads\Travel_Sheet_+070112.xls
2012-08-17 08:47 - 2012-08-17 08:47 - 00020992 ____A C:\Users\moradm\Downloads\Mileage_Chart.xls
2012-08-14 13:26 - 2012-08-14 13:26 - 00001548 ____A C:\Users\moradm\Downloads\launch (7).ica
2012-08-14 13:24 - 2012-08-14 13:24 - 00001578 ____A C:\Users\moradm\Downloads\launch (6).ica
2012-08-14 09:24 - 2012-08-14 09:24 - 14153672 ____A (Citrix Systems, Inc.) C:\Users\moradm\Downloads\citrixonlinepluginweb (1).exe
2012-08-14 09:24 - 2012-08-14 09:24 - 00000070 ____A C:\Users\moradm\Desktop\Citrix Access Gateway.url
2012-08-09 08:54 - 2012-08-09 08:54 - 05708913 ____A C:\Users\moradm\Documents\forktruck saftey.tdp
2012-08-06 11:21 - 2012-08-06 11:21 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-08-06 11:21 - 2012-08-06 11:21 - 00157488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-08-06 11:21 - 2012-08-06 11:21 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-08-06 11:21 - 2012-08-06 11:21 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-08-06 11:21 - 2012-01-04 14:01 - 00472880 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-08-03 10:26 - 2009-07-13 21:08 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-31 10:02 - 2012-07-31 10:02 - 00063978 ____A C:\Users\moradm\Downloads\kellys texts july 2012.xls
2012-07-31 09:51 - 2012-07-31 09:51 - 00004714 ____A C:\Users\moradm\Downloads\kellys phone july2012.xls
2012-07-30 14:42 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-30 12:31 - 2012-07-30 12:31 - 00004764 ____A C:\Windows\System32\CcmFramework.ini
2012-07-30 12:31 - 2012-07-30 12:31 - 00000621 ____A C:\Windows\System32\CcmFramework.h
2012-07-12 08:25 - 2012-07-12 08:25 - 00009927 ____A C:\Users\moradm\Downloads\slmgr - Software Licensing Management Tool.htm
2012-07-03 15:19 - 2012-07-03 15:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RzSynapse_01009.Wdf
2012-07-03 15:15 - 2012-07-03 15:11 - 25788752 ____A (Razer USA Ltd. ) C:\Users\moradm\Downloads\Razer_Nostromo_Driver_v2.02.exe
2012-07-01 15:44 - 2012-07-01 15:31 - 00002762 ____A C:\route.txt
2012-06-29 06:29 - 2012-06-29 06:29 - 00946352 ____A (Skype Technologies S.A.) C:\Users\moradm\Downloads\SkypeSetup.exe
2012-06-28 06:18 - 2012-06-28 06:18 - 00000035 ____A C:\Users\moradm\Downloads\01-May-2012_to_28-Jun-2012.csv
2012-06-28 06:18 - 2012-06-28 06:18 - 00000035 ____A C:\Users\moradm\Downloads\01-May-2012_to_28-Jun-2012 (1).csv


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-20 12:52:23
Restore point made on: 2012-09-20 14:53:37

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8126.36 MB
Available physical RAM: 7268.98 MB
Total Pagefile: 8124.56 MB
Available Pagefile: 7275.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:596.48 GB) (Free:484.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP_RECOVERY) (Fixed) (Total:16.87 GB) (Free:2.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32
5 Drive g: (GSP1RMCPRXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
6 Drive h: (New Volume) (Fixed) (Total:80 GB) (Free:77.82 GB) NTFS
7 Drive I: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 7168 KB *
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 992 KB 31 KB
Partition 2 Dynamic Data 300 MB 1024 KB
Partition 3 Dynamic Data 596 GB 301 MB
Partition 4 Dynamic Data 101 GB 596 GB

==================================================================================

Disk: 0
Partition 1
Type : 42
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 42
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D SYSTEM NTFS Simple 300 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 42
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Simple 596 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 42
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 H New Volume NTFS Simple 79 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT32 Removable 3818 MB Healthy

=========================================================

Last Boot: 2012-09-17 07:51

==================== End Of Log =============================
 
I don't actually see anything malicious there but let's see if we can make your computer bootable again.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    27 bytes · Views: 6
I did not see anything either thats why im here asking you lol I have looked over everything and I cannot find where it's coming from...



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-09-2012
Ran by SYSTEM at 2012-09-21 19:55:47 Run:1
Running from I:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
 
Seems to be ok now... the true test will be mon when I plug back into the network...but for now it seems ok. thank you. I am going to take an image just in case I have this problem again.
 
Any thoughts on this....your fix worked on my laptop...until I took it back to work and PLUGGED in the nic cable. A co-worker has the same laptop, he put his on my buildings network and it did the same thing to his laptop. Nothing else in the building is doing this (that I know of, I am running scans on everything but we have a lot of labs). If I just use the network wireless it does not happen. Any thoughts on this???
 
I'm sorry, The same thing as before. windows has encountered a critical problem and will shutdown in one min. please save your work. the logs are in this thread its the same problem. I have it cleaned now, but I was just wondering if you had any idea what could be causing this or where its coming from...
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Someone created a video game with nothing but AI tools ChatGPT, Dall-E, and Midjourney
Replies
15
Views
532
havok585
havok585
A
0patch offers two more years of updates for Windows 7 and Windows Server 2008 R2
Replies
4
Views
1K
Bullwinkle M
B
Bob O'Donnell
Qualcomm's next-gen Arm SoC runs Windows, can beat Intel and Apple in some applications...
Replies
18
Views
654
hwertz
hwertz

Latest posts

Back