Trouble with new FBI ransomware virus

E

edtrx65

New Member
Thread author
May 17, 2013
13
Thanks for all of your help in trying to rid my PC of this ransomware trojan. I wish I had the easier one to delete, but as other forums have mentioned it is getting more difficult to delete.
I took a look at the above scan log and noticed that there was malware still present on my PC along with two instances of "Zero Access" programs as seen here:

ZeroAccess:
C:\Windows\Installer\{60d3883d-ede6-cba3-2c1b-65724798c5cf}
C:\Windows\Installer\{60d3883d-ede6-cba3-2c1b-65724798c5cf}\@

ZeroAccess:
C:\Users\ED\AppData\Local\{60d3883d-ede6-cba3-2c1b-65724798c5cf}
C:\Users\ED\AppData\Local\{60d3883d-ede6-cba3-2c1b-65724798c5cf}\@
C:\Users\ED\AppData\Local\{60d3883d-ede6-cba3-2c1b-65724798c5cf}\L
C:\Users\ED\AppData\Local\{60d3883d-ede6-cba3-2c1b-65724798c5cf}\U

Other Malware:
===========
C:\Users\ED\UPDATE.EXE
C:\ProgramData\kp_0loor.pad
C:\ProgramData\ntuser.dat

I havde also seen some corrupt files mentioned at the top of the scan log and think this in addition to the malware might be preventing me from starting my PC normally.

My last option is to either place the Windows CD back into my PC to restore it back to factory settings or to run my Dell DataSafe Restore and Emergency backup, if you can't help me. I have thought of another option, in which I remove my PC's HD and move my files to a PC already loaded with Hitman Pro, FRST, and my Kaspersky Anti-Virus so I can save my files before I try any of the above mentioned options that would reformat my HD.

Thnaks for your help!
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

It seem the FRST Log you have added is not complete. Some of the Log files are missing....... Please attach the full log file...
 
E

edtrx65

New Member
Thread author
May 17, 2013
13
Hi Kuttus,

Sorry for the delay in sending this the FRST scan, but I just got home from work.
I have also attached file from my flash drive that was attached to my PC when the scan was ran.

Here is a copy of the scan that I saved on my PC:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-05-2013
Ran by SYSTEM on 17-05-2013 11:42:38
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-11-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-06-11] (Google)
HKLM-x32\...\Run: [Guardian PC Security Tools] "C:\Program Files (x86)\Boomerang Software\Guardian PC Security Tools\Pfft.exe" [306176 2007-06-21] (Boomerang Software)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [885760 2011-05-30] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [614400 2009-09-11] ()
HKLM-x32\...\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui [136416 2010-07-28] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent [144608 2010-04-16] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent [236816 2010-07-20] ()
HKLM-x32\...\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2011-06-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-09-25] (Sony Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1297728 2013-02-23] (Spigot, Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1644680 2013-02-08] (Ask)
HKLM-x32\...\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [4474832 2012-12-25] (IObit)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-02-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKU\ED\...\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [412560 2011-05-28] (IObit)
HKU\ED\...\Run: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP [1713288 2013-04-12] (Inbox.com, Inc.)
HKU\ED\...\Run: [Google Update] "C:\Users\ED\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-13] (Google Inc.)
HKU\ED\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\ED\...\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe [7065224 2012-08-20] ()
HKU\ED\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-22] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AGAMA K-330.lnk
ShortcutTarget: AGAMA K-330.lnk -> C:\Program Files (x86)\AGAMA K-330\MagicKey.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)
Startup: C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) =================

S2 AdvancedSystemCareService; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [353168 2011-05-28] (IObit)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-02-13] (Kaspersky Lab ZAO)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-06-11] (Google)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-09-25] (Sony Corporation)
S2 ZDManager Service; C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [176640 2012-10-18] ()

==================== Drivers (Whitelisted) ====================

S3 330Fltr; C:\Windows\System32\drivers\330Fltr.sys [11008 2009-11-02] (Monterey)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-04-22] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33224 2012-07-05] (IObit.com)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21904 2012-07-05] (IObit.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-17 11:23 - 2013-05-17 11:23 - 00000000 ____D C:\FRST
2013-05-17 01:15 - 2013-05-17 02:17 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-17 01:15 - 2013-05-17 02:17 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-05-17 01:13 - 2013-05-17 01:13 - 00000000 __SHD C:\found.000
2013-05-16 11:20 - 2013-05-16 11:20 - 00174410 ____A C:\Users\ED\Application Data\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174410 ____A C:\Users\ED\AppData\Roaming\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174355 ____A C:\Users\ED\Local Settings\Application Data\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174355 ____A C:\Users\ED\Local Settings\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174355 ____A C:\Users\ED\AppData\Local\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174344 ____A C:\ProgramData\Application Data\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174344 ____A C:\ProgramData\2433f433
2013-05-15 23:27 - 2013-05-15 23:27 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{040480C9-8E9A-4B80-986C-C4E14382E71C}
2013-05-15 23:27 - 2013-05-15 23:27 - 00000000 ____D C:\Users\ED\Local Settings\{040480C9-8E9A-4B80-986C-C4E14382E71C}
2013-05-15 23:27 - 2013-05-15 23:27 - 00000000 ____D C:\Users\ED\AppData\Local\{040480C9-8E9A-4B80-986C-C4E14382E71C}
2013-05-15 00:03 - 2013-05-15 00:03 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{E9E733A0-8478-447C-BEDF-681707E82141}
2013-05-15 00:03 - 2013-05-15 00:03 - 00000000 ____D C:\Users\ED\Local Settings\{E9E733A0-8478-447C-BEDF-681707E82141}
2013-05-15 00:03 - 2013-05-15 00:03 - 00000000 ____D C:\Users\ED\AppData\Local\{E9E733A0-8478-447C-BEDF-681707E82141}
2013-05-14 13:07 - 2013-05-14 17:48 - 00000000 ____D C:\05-14-2013_13-06
2013-05-14 10:56 - 2013-05-14 10:56 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{149BF9E7-4FEA-41F6-94DD-CF5CF4200051}
2013-05-14 10:56 - 2013-05-14 10:56 - 00000000 ____D C:\Users\ED\Local Settings\{149BF9E7-4FEA-41F6-94DD-CF5CF4200051}
2013-05-14 10:56 - 2013-05-14 10:56 - 00000000 ____D C:\Users\ED\AppData\Local\{149BF9E7-4FEA-41F6-94DD-CF5CF4200051}
2013-05-14 00:25 - 2013-05-14 00:25 - 00262144 ____A C:\Windows\System32\config\elam
2013-05-14 00:23 - 2013-05-14 00:23 - 00000585 ____A C:\Users\ED\Desktop\Amateur babe with big naturals at Sensual Girls.url
2013-05-14 00:23 - 2013-05-14 00:23 - 00000371 ____A C:\Users\ED\Desktop\Black Sheets - Monroe Lee teen pics and nude babes join2babes.com.url
2013-05-14 00:22 - 2013-05-14 00:22 - 00000190 ____A C:\Users\ED\Desktop\Busty Leila - 100buckbabes.com.url
2013-05-13 22:55 - 2013-05-13 22:55 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{F26F42A9-1A99-4324-9556-115ACCC2B159}
2013-05-13 22:55 - 2013-05-13 22:55 - 00000000 ____D C:\Users\ED\Local Settings\{F26F42A9-1A99-4324-9556-115ACCC2B159}
2013-05-13 22:55 - 2013-05-13 22:55 - 00000000 ____D C:\Users\ED\AppData\Local\{F26F42A9-1A99-4324-9556-115ACCC2B159}
2013-05-13 11:49 - 2013-05-17 02:15 - 00000000 ____D C:\Users\ED\My Documents\MHS Blog Military Doc Explains How to Choose and Use Sunscreen to Avoid Skin Damage_files
2013-05-13 11:49 - 2013-05-17 02:15 - 00000000 ____D C:\Users\ED\Documents\MHS Blog Military Doc Explains How to Choose and Use Sunscreen to Avoid Skin Damage_files
2013-05-13 11:49 - 2013-05-13 11:49 - 00051780 ____A C:\Users\ED\My Documents\MHS Blog Military Doc Explains How to Choose and Use Sunscreen to Avoid Skin Damage.htm
2013-05-13 11:49 - 2013-05-13 11:49 - 00051780 ____A C:\Users\ED\Documents\MHS Blog Military Doc Explains How to Choose and Use Sunscreen to Avoid Skin Damage.htm
2013-05-13 11:47 - 2013-05-13 11:47 - 00000220 ____A C:\Users\ED\Desktop\Tiffany Selby - Free playboyplus.com Pics sexykittenporn.com.url
2013-05-13 11:42 - 2013-05-13 11:42 - 00000600 ____A C:\Users\ED\Desktop\ExGfs Heaven thelifeerotic.com Rumiko A - Rustic.url
2013-05-13 10:55 - 2013-05-13 10:55 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{8FF238D4-C034-4095-895D-AE6B34F7801E}
2013-05-13 10:55 - 2013-05-13 10:55 - 00000000 ____D C:\Users\ED\Local Settings\{8FF238D4-C034-4095-895D-AE6B34F7801E}
2013-05-13 10:55 - 2013-05-13 10:55 - 00000000 ____D C:\Users\ED\AppData\Local\{8FF238D4-C034-4095-895D-AE6B34F7801E}
2013-05-12 22:54 - 2013-05-12 22:54 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{21D12C5F-ABB9-45DC-B8B7-0D43AC426D93}
2013-05-12 22:54 - 2013-05-12 22:54 - 00000000 ____D C:\Users\ED\Local Settings\{21D12C5F-ABB9-45DC-B8B7-0D43AC426D93}
2013-05-12 22:54 - 2013-05-12 22:54 - 00000000 ____D C:\Users\ED\AppData\Local\{21D12C5F-ABB9-45DC-B8B7-0D43AC426D93}
2013-05-12 18:58 - 2013-05-12 18:58 - 00000222 ____A C:\Users\ED\Desktop\Busty Sexy Girl Looks Amaizing - playboygirls.com teen pussy pussystate.com.url
2013-05-12 18:56 - 2013-05-12 18:56 - 00000208 ____A C:\Users\ED\Desktop\Sexy Girl Ahmo Hight - foxes.com - babeuniversum.com.url
2013-05-12 10:54 - 2013-05-12 10:54 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{13475A41-8482-4D92-B199-D1DF509CF4E1}
2013-05-12 10:54 - 2013-05-12 10:54 - 00000000 ____D C:\Users\ED\Local Settings\{13475A41-8482-4D92-B199-D1DF509CF4E1}
2013-05-12 10:54 - 2013-05-12 10:54 - 00000000 ____D C:\Users\ED\AppData\Local\{13475A41-8482-4D92-B199-D1DF509CF4E1}
2013-05-11 14:17 - 2013-05-11 14:18 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{C2F383C9-FFCF-411B-9028-7B16A1B99B78}
2013-05-11 14:17 - 2013-05-11 14:18 - 00000000 ____D C:\Users\ED\Local Settings\{C2F383C9-FFCF-411B-9028-7B16A1B99B78}
2013-05-11 14:17 - 2013-05-11 14:18 - 00000000 ____D C:\Users\ED\AppData\Local\{C2F383C9-FFCF-411B-9028-7B16A1B99B78}
2013-05-11 13:07 - 2013-05-11 14:18 - 00000000 ____D C:\Users\ED\My Documents\Joe DePalma
2013-05-11 13:07 - 2013-05-11 14:18 - 00000000 ____D C:\Users\ED\Documents\Joe DePalma
2013-05-11 02:17 - 2013-05-11 02:17 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{B78A1256-6883-46D5-A326-17A61E15241C}
2013-05-11 02:17 - 2013-05-11 02:17 - 00000000 ____D C:\Users\ED\Local Settings\{B78A1256-6883-46D5-A326-17A61E15241C}
2013-05-11 02:17 - 2013-05-11 02:17 - 00000000 ____D C:\Users\ED\AppData\Local\{B78A1256-6883-46D5-A326-17A61E15241C}
2013-05-10 17:41 - 2013-05-10 17:41 - 00000178 ____A C:\Users\ED\Desktop\Novoboobs.com - Mercedes.url
2013-05-10 17:40 - 2013-05-10 17:40 - 00000184 ____A C:\Users\ED\Desktop\Novoboobs.com - We Love You.url
2013-05-10 14:17 - 2013-05-10 14:17 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{755F0E6E-8C43-4247-BC25-535DD0D78285}
2013-05-10 14:17 - 2013-05-10 14:17 - 00000000 ____D C:\Users\ED\Local Settings\{755F0E6E-8C43-4247-BC25-535DD0D78285}
2013-05-10 14:17 - 2013-05-10 14:17 - 00000000 ____D C:\Users\ED\AppData\Local\{755F0E6E-8C43-4247-BC25-535DD0D78285}
2013-05-10 12:58 - 2013-05-10 18:28 - 00000000 ____D C:\05-10-2013_12-58
2013-05-10 02:16 - 2013-05-10 02:16 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{73A0C640-163A-4FBA-93CA-4E91AAFE5D6F}
2013-05-10 02:16 - 2013-05-10 02:16 - 00000000 ____D C:\Users\ED\Local Settings\{73A0C640-163A-4FBA-93CA-4E91AAFE5D6F}
2013-05-10 02:16 - 2013-05-10 02:16 - 00000000 ____D C:\Users\ED\AppData\Local\{73A0C640-163A-4FBA-93CA-4E91AAFE5D6F}
2013-05-09 19:26 - 2013-05-09 19:26 - 00000192 ____A C:\Users\ED\Desktop\Novoboobs.com - Kellie Connolly.url
2013-05-09 19:03 - 2013-05-09 19:03 - 00000226 ____A C:\Users\ED\Desktop\Buffy Tyler - Free playboycyberclub.com Pics sexykittenporn.com.url
2013-05-09 19:02 - 2013-05-09 19:02 - 00000184 ____A C:\Users\ED\Desktop\Krystal Webb.url
2013-05-09 18:58 - 2013-05-09 18:58 - 00000639 ____A C:\Users\ED\Desktop\ExGfs Heaven photodromm.com Valeria The Twin.url
2013-05-09 18:53 - 2013-05-09 18:53 - 00000186 ____A C:\Users\ED\Desktop\Novoboobs.com - Raquel Ryann.url
2013-05-09 11:08 - 2013-05-09 11:09 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{D99D2118-953F-4C81-8A39-654F7384B83B}
2013-05-09 11:08 - 2013-05-09 11:09 - 00000000 ____D C:\Users\ED\Local Settings\{D99D2118-953F-4C81-8A39-654F7384B83B}
2013-05-09 11:08 - 2013-05-09 11:09 - 00000000 ____D C:\Users\ED\AppData\Local\{D99D2118-953F-4C81-8A39-654F7384B83B}
2013-05-09 03:35 - 2013-05-09 03:35 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{E1F0D4A3-B470-4524-AD72-F95EA3792F7D}
2013-05-09 03:35 - 2013-05-09 03:35 - 00000000 ____D C:\Users\ED\Local Settings\{E1F0D4A3-B470-4524-AD72-F95EA3792F7D}
2013-05-09 03:35 - 2013-05-09 03:35 - 00000000 ____D C:\Users\ED\AppData\Local\{E1F0D4A3-B470-4524-AD72-F95EA3792F7D}
2013-05-09 02:51 - 2013-05-09 02:51 - 00000000 ____D C:\ProgramData\Application Data\Affinegy
2013-05-09 02:51 - 2013-05-09 02:51 - 00000000 ____D C:\ProgramData\Affinegy
2013-05-09 02:35 - 2013-05-09 02:35 - 00000000 ____D C:\ProgramData\Belkin
2013-05-09 02:35 - 2013-05-09 02:35 - 00000000 ____D C:\ProgramData\Application Data\Belkin
2013-05-09 01:56 - 2013-05-09 02:51 - 00000000 ____D C:\Program Files (x86)\Belkin
2013-05-08 20:04 - 2013-05-08 20:04 - 00000597 ____A C:\Users\ED\Desktop\Ira from just-nude.com at WildFanny.com Free gallery.url
2013-05-08 15:33 - 2013-05-08 15:34 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{59F447F8-8682-412D-BAA7-1DC7FD408640}
2013-05-08 15:33 - 2013-05-08 15:34 - 00000000 ____D C:\Users\ED\Local Settings\{59F447F8-8682-412D-BAA7-1DC7FD408640}
2013-05-08 15:33 - 2013-05-08 15:34 - 00000000 ____D C:\Users\ED\AppData\Local\{59F447F8-8682-412D-BAA7-1DC7FD408640}
2013-05-08 14:47 - 2013-05-08 14:47 - 00000648 ____A C:\Users\ED\Desktop\Amazon.com Customer Discussions Kindle forum.url
2013-05-08 03:33 - 2013-05-08 03:33 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{4AA44A2B-F1A2-4E9C-BC83-B2C8FADE98D0}
2013-05-08 03:33 - 2013-05-08 03:33 - 00000000 ____D C:\Users\ED\Local Settings\{4AA44A2B-F1A2-4E9C-BC83-B2C8FADE98D0}
2013-05-08 03:33 - 2013-05-08 03:33 - 00000000 ____D C:\Users\ED\AppData\Local\{4AA44A2B-F1A2-4E9C-BC83-B2C8FADE98D0}
2013-05-08 03:30 - 2013-05-08 03:30 - 00000184 ____A C:\Users\ED\Desktop\Novoboobs.com - Gemma Hiles.url
2013-05-06 23:46 - 2013-05-06 23:46 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{8F31C4A4-B160-40B9-BE49-AB04087AF2E5}
2013-05-06 23:46 - 2013-05-06 23:46 - 00000000 ____D C:\Users\ED\Local Settings\{8F31C4A4-B160-40B9-BE49-AB04087AF2E5}
2013-05-06 23:46 - 2013-05-06 23:46 - 00000000 ____D C:\Users\ED\AppData\Local\{8F31C4A4-B160-40B9-BE49-AB04087AF2E5}
2013-05-06 23:42 - 2013-05-06 23:42 - 00000208 ____A C:\Users\ED\Desktop\Novoboobs.com - Brunette With Huge Tits.url
2013-05-05 23:25 - 2013-05-05 23:26 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{0A832AB9-E850-46A1-9293-48A95C52936C}
2013-05-05 23:25 - 2013-05-05 23:26 - 00000000 ____D C:\Users\ED\Local Settings\{0A832AB9-E850-46A1-9293-48A95C52936C}
2013-05-05 23:25 - 2013-05-05 23:26 - 00000000 ____D C:\Users\ED\AppData\Local\{0A832AB9-E850-46A1-9293-48A95C52936C}
2013-05-05 00:11 - 2013-05-05 00:11 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{9D928973-D00B-48C2-81E7-6B2A774F1AC7}
2013-05-05 00:11 - 2013-05-05 00:11 - 00000000 ____D C:\Users\ED\Local Settings\{9D928973-D00B-48C2-81E7-6B2A774F1AC7}
2013-05-05 00:11 - 2013-05-05 00:11 - 00000000 ____D C:\Users\ED\AppData\Local\{9D928973-D00B-48C2-81E7-6B2A774F1AC7}
2013-05-03 23:22 - 2013-05-03 23:22 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{9F4EF16E-897F-4315-9A83-619B46E0B910}
2013-05-03 23:22 - 2013-05-03 23:22 - 00000000 ____D C:\Users\ED\Local Settings\{9F4EF16E-897F-4315-9A83-619B46E0B910}
2013-05-03 23:22 - 2013-05-03 23:22 - 00000000 ____D C:\Users\ED\AppData\Local\{9F4EF16E-897F-4315-9A83-619B46E0B910}
2013-05-03 19:46 - 2013-05-03 19:46 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3905647088-3695039963-704346221-1000Core1ce4860c6724806.job
2013-05-03 11:19 - 2013-05-03 11:19 - 00002455 ____A C:\Users\ED\Desktop\Celebrity Models in Bikinis Gallery Wonderwall.url
2013-05-02 23:43 - 2013-05-02 23:43 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{4888FA6E-0A6D-42D6-B466-91729EB8255C}
2013-05-02 23:43 - 2013-05-02 23:43 - 00000000 ____D C:\Users\ED\Local Settings\{4888FA6E-0A6D-42D6-B466-91729EB8255C}
2013-05-02 23:43 - 2013-05-02 23:43 - 00000000 ____D C:\Users\ED\AppData\Local\{4888FA6E-0A6D-42D6-B466-91729EB8255C}
2013-05-02 00:15 - 2013-05-02 10:19 - 00000000 ____D C:\05-02-2013_00-15
2013-05-02 00:05 - 2013-05-02 00:05 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{69B67EFF-4DF3-4B28-9E39-8B632E5D0F9A}
2013-05-02 00:05 - 2013-05-02 00:05 - 00000000 ____D C:\Users\ED\Local Settings\{69B67EFF-4DF3-4B28-9E39-8B632E5D0F9A}
2013-05-02 00:05 - 2013-05-02 00:05 - 00000000 ____D C:\Users\ED\AppData\Local\{69B67EFF-4DF3-4B28-9E39-8B632E5D0F9A}
2013-05-01 08:38 - 2013-05-01 08:39 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{714DC145-D2CE-4D8F-8C7F-8CD2E1502D46}
2013-05-01 08:38 - 2013-05-01 08:39 - 00000000 ____D C:\Users\ED\Local Settings\{714DC145-D2CE-4D8F-8C7F-8CD2E1502D46}
2013-05-01 08:38 - 2013-05-01 08:39 - 00000000 ____D C:\Users\ED\AppData\Local\{714DC145-D2CE-4D8F-8C7F-8CD2E1502D46}
2013-04-30 13:09 - 2013-04-30 13:10 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{1B122ED5-37BB-4E60-8D85-D7CDF0D25EA3}
2013-04-30 13:09 - 2013-04-30 13:10 - 00000000 ____D C:\Users\ED\Local Settings\{1B122ED5-37BB-4E60-8D85-D7CDF0D25EA3}
2013-04-30 13:09 - 2013-04-30 13:10 - 00000000 ____D C:\Users\ED\AppData\Local\{1B122ED5-37BB-4E60-8D85-D7CDF0D25EA3}
2013-04-29 18:53 - 2013-04-29 18:53 - 00000409 ____A C:\Users\ED\Desktop\Google Play.url
2013-04-29 18:40 - 2013-04-29 18:40 - 00000573 ____A C:\Users\ED\Desktop\ExGfs Heaven mc-nudes.com Carnal - Carina.url
2013-04-29 17:12 - 2013-04-29 17:12 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{90C1B9FA-7355-41BC-B93F-A8CA71C1FB32}
2013-04-29 17:12 - 2013-04-29 17:12 - 00000000 ____D C:\Users\ED\Local Settings\{90C1B9FA-7355-41BC-B93F-A8CA71C1FB32}
2013-04-29 17:12 - 2013-04-29 17:12 - 00000000 ____D C:\Users\ED\AppData\Local\{90C1B9FA-7355-41BC-B93F-A8CA71C1FB32}
2013-04-29 04:50 - 2013-04-29 04:50 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{1B49DD32-8D6F-452A-B48F-AA883D1467AA}
2013-04-29 04:50 - 2013-04-29 04:50 - 00000000 ____D C:\Users\ED\Local Settings\{1B49DD32-8D6F-452A-B48F-AA883D1467AA}
2013-04-29 04:50 - 2013-04-29 04:50 - 00000000 ____D C:\Users\ED\AppData\Local\{1B49DD32-8D6F-452A-B48F-AA883D1467AA}
2013-04-28 19:34 - 2013-04-28 19:34 - 00000000 ____D C:\Users\ED\My Documents\Charts
2013-04-28 19:34 - 2013-04-28 19:34 - 00000000 ____D C:\Users\ED\Documents\Charts
2013-04-28 16:49 - 2013-04-28 16:50 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{D8A6D1BE-4371-4BC6-8D89-887758F3D087}
2013-04-28 16:49 - 2013-04-28 16:50 - 00000000 ____D C:\Users\ED\Local Settings\{D8A6D1BE-4371-4BC6-8D89-887758F3D087}
2013-04-28 16:49 - 2013-04-28 16:50 - 00000000 ____D C:\Users\ED\AppData\Local\{D8A6D1BE-4371-4BC6-8D89-887758F3D087}
2013-04-28 13:13 - 2013-04-28 13:13 - 00000269 ____A C:\Users\ED\Desktop\Radar Detector & Laser Jammer Forum.url
2013-04-28 09:25 - 2013-04-28 09:25 - 00000217 ____A C:\Users\ED\Desktop\AdultFax Escort Guide.url
2013-04-28 04:49 - 2013-04-28 04:49 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{8561917B-997D-473D-AC9E-20C68EB9E001}
2013-04-28 04:49 - 2013-04-28 04:49 - 00000000 ____D C:\Users\ED\Local Settings\{8561917B-997D-473D-AC9E-20C68EB9E001}
2013-04-28 04:49 - 2013-04-28 04:49 - 00000000 ____D C:\Users\ED\AppData\Local\{8561917B-997D-473D-AC9E-20C68EB9E001}
2013-04-28 03:06 - 2013-04-28 03:06 - 00000174 ____A C:\Users\ED\Desktop\Novoboobs.com - Jayden.url
2013-04-28 03:02 - 2013-04-28 03:02 - 00000212 ____A C:\Users\ED\Desktop\Novoboobs.com - Catalina Cruz Big Boobies.url
2013-04-28 02:27 - 2013-04-28 02:27 - 00000549 ____A C:\Users\ED\Desktop\Cara Brett from mnscash.com at WildFanny.com Free gallery.url
2013-04-28 02:25 - 2013-04-28 02:25 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{9BC7E091-F199-4E26-9B95-4478BEA44EDD}
2013-04-28 02:25 - 2013-04-28 02:25 - 00000000 ____D C:\Users\ED\Local Settings\{9BC7E091-F199-4E26-9B95-4478BEA44EDD}
2013-04-28 02:25 - 2013-04-28 02:25 - 00000000 ____D C:\Users\ED\AppData\Local\{9BC7E091-F199-4E26-9B95-4478BEA44EDD}
2013-04-28 01:46 - 2013-04-28 01:46 - 00000593 ____A C:\Users\ED\Desktop\ExGfs Heaven mplstudios.com Anyas Collectors Cut.url
2013-04-28 01:19 - 2013-04-28 01:19 - 00005846 ____A C:\Users\ED\Desktop\Sexy Nike Girl has Amazing Abs (Gallery) Total Pro Sports.url
2013-04-27 16:03 - 2013-04-27 16:03 - 00000286 ____A C:\Users\ED\Desktop\OnCamForYou - Sexy New Webcam Models.url
2013-04-27 14:15 - 2013-04-27 14:16 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{B630FE8E-56D8-433A-8A2C-84B06C5E63CE}
2013-04-27 14:15 - 2013-04-27 14:16 - 00000000 ____D C:\Users\ED\Local Settings\{B630FE8E-56D8-433A-8A2C-84B06C5E63CE}
2013-04-27 14:15 - 2013-04-27 14:16 - 00000000 ____D C:\Users\ED\AppData\Local\{B630FE8E-56D8-433A-8A2C-84B06C5E63CE}
2013-04-27 02:15 - 2013-04-27 02:15 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{1ECFBC8A-5172-4E0E-9150-F28A1711B44E}
2013-04-27 02:15 - 2013-04-27 02:15 - 00000000 ____D C:\Users\ED\Local Settings\{1ECFBC8A-5172-4E0E-9150-F28A1711B44E}
2013-04-27 02:15 - 2013-04-27 02:15 - 00000000 ____D C:\Users\ED\AppData\Local\{1ECFBC8A-5172-4E0E-9150-F28A1711B44E}
2013-04-26 11:15 - 2013-04-26 11:16 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{6D9EB004-E0BC-4ED3-B8C9-EE6D12F46BA4}
2013-04-26 11:15 - 2013-04-26 11:16 - 00000000 ____D C:\Users\ED\Local Settings\{6D9EB004-E0BC-4ED3-B8C9-EE6D12F46BA4}
2013-04-26 11:15 - 2013-04-26 11:16 - 00000000 ____D C:\Users\ED\AppData\Local\{6D9EB004-E0BC-4ED3-B8C9-EE6D12F46BA4}
2013-04-25 16:54 - 2013-04-25 16:55 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{6BF4539E-FDBE-4D39-9F9F-21DC81A98A45}
2013-04-25 16:54 - 2013-04-25 16:55 - 00000000 ____D C:\Users\ED\Local Settings\{6BF4539E-FDBE-4D39-9F9F-21DC81A98A45}
2013-04-25 16:54 - 2013-04-25 16:55 - 00000000 ____D C:\Users\ED\AppData\Local\{6BF4539E-FDBE-4D39-9F9F-21DC81A98A45}
2013-04-25 01:27 - 2013-04-25 01:27 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{280E424B-79A5-4509-B851-5A7CC87202AE}
2013-04-25 01:27 - 2013-04-25 01:27 - 00000000 ____D C:\Users\ED\Local Settings\{280E424B-79A5-4509-B851-5A7CC87202AE}
2013-04-25 01:27 - 2013-04-25 01:27 - 00000000 ____D C:\Users\ED\AppData\Local\{280E424B-79A5-4509-B851-5A7CC87202AE}
2013-04-24 13:16 - 2013-04-24 13:16 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{1939E96C-5734-4513-B47C-692A17420DEE}
2013-04-24 13:16 - 2013-04-24 13:16 - 00000000 ____D C:\Users\ED\Local Settings\{1939E96C-5734-4513-B47C-692A17420DEE}
2013-04-24 13:16 - 2013-04-24 13:16 - 00000000 ____D C:\Users\ED\AppData\Local\{1939E96C-5734-4513-B47C-692A17420DEE}
2013-04-24 12:55 - 2013-04-24 12:55 - 00008254 ____A C:\Users\ED\Desktop\theCHIVE - Funny Photos and Funny Videos – Keep Calm and Chive On.url
2013-04-23 23:41 - 2013-04-23 23:41 - 00000636 ____A C:\Users\ED\Desktop\Big boobs gallery, huge boobs photos, nice boobs pics, all natural boobs.url
2013-04-23 23:33 - 2013-04-23 23:33 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{F14E32CF-8D0A-4F5F-93D4-73F2EC5BF114}
2013-04-23 23:33 - 2013-04-23 23:33 - 00000000 ____D C:\Users\ED\Local Settings\{F14E32CF-8D0A-4F5F-93D4-73F2EC5BF114}
2013-04-23 23:33 - 2013-04-23 23:33 - 00000000 ____D C:\Users\ED\AppData\Local\{F14E32CF-8D0A-4F5F-93D4-73F2EC5BF114}
2013-04-23 00:40 - 2013-04-23 00:40 - 00000000 ____D C:\Program Files\Motorola Inc
2013-04-23 00:25 - 2013-04-23 00:26 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{198205CF-BFCF-4378-B194-170A0E01837F}
2013-04-23 00:25 - 2013-04-23 00:26 - 00000000 ____D C:\Users\ED\Local Settings\{198205CF-BFCF-4378-B194-170A0E01837F}
2013-04-23 00:25 - 2013-04-23 00:26 - 00000000 ____D C:\Users\ED\AppData\Local\{198205CF-BFCF-4378-B194-170A0E01837F}
2013-04-22 11:41 - 2013-04-22 11:42 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{AA2172C2-319F-46AF-A010-705B3FA221D1}
2013-04-22 11:41 - 2013-04-22 11:42 - 00000000 ____D C:\Users\ED\Local Settings\{AA2172C2-319F-46AF-A010-705B3FA221D1}
2013-04-22 11:41 - 2013-04-22 11:42 - 00000000 ____D C:\Users\ED\AppData\Local\{AA2172C2-319F-46AF-A010-705B3FA221D1}
2013-04-21 23:30 - 2013-04-21 23:30 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{9FCB18F4-7D57-4EBB-B6D9-29F06548924F}
2013-04-21 23:30 - 2013-04-21 23:30 - 00000000 ____D C:\Users\ED\Local Settings\{9FCB18F4-7D57-4EBB-B6D9-29F06548924F}
2013-04-21 23:30 - 2013-04-21 23:30 - 00000000 ____D C:\Users\ED\AppData\Local\{9FCB18F4-7D57-4EBB-B6D9-29F06548924F}
2013-04-21 11:26 - 2013-04-21 11:26 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{36787AEE-3E9D-471B-8111-6C11E79DFC1B}
2013-04-21 11:26 - 2013-04-21 11:26 - 00000000 ____D C:\Users\ED\Local Settings\{36787AEE-3E9D-471B-8111-6C11E79DFC1B}
2013-04-21 11:26 - 2013-04-21 11:26 - 00000000 ____D C:\Users\ED\AppData\Local\{36787AEE-3E9D-471B-8111-6C11E79DFC1B}
2013-04-20 23:26 - 2013-04-20 23:26 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{42B91FB7-3A62-4A27-8248-E7F092E524B9}
2013-04-20 23:26 - 2013-04-20 23:26 - 00000000 ____D C:\Users\ED\Local Settings\{42B91FB7-3A62-4A27-8248-E7F092E524B9}
2013-04-20 23:26 - 2013-04-20 23:26 - 00000000 ____D C:\Users\ED\AppData\Local\{42B91FB7-3A62-4A27-8248-E7F092E524B9}
2013-04-20 11:01 - 2013-05-17 09:42 - 00000000 ____D C:\Users\ED\Desktop\Hot Blondes
2013-04-20 03:01 - 2013-04-20 03:01 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{53A2B72A-D687-4B7E-8A67-9ECB345945B7}
2013-04-20 03:01 - 2013-04-20 03:01 - 00000000 ____D C:\Users\ED\Local Settings\{53A2B72A-D687-4B7E-8A67-9ECB345945B7}
2013-04-20 03:01 - 2013-04-20 03:01 - 00000000 ____D C:\Users\ED\AppData\Local\{53A2B72A-D687-4B7E-8A67-9ECB345945B7}
2013-04-20 02:44 - 2013-04-20 02:44 - 00000212 ____A C:\Users\ED\Desktop\Sexy Milf Goldie Jones Big Boobs by BabesMachine Young Sexy Girls.url
2013-04-20 02:42 - 2013-04-20 02:42 - 00000216 ____A C:\Users\ED\Desktop\Suzanne Stokes juicy breasts at Grab Pussy.url
2013-04-20 02:41 - 2013-04-20 02:41 - 00000220 ____A C:\Users\ED\Desktop\Devin Justine by Playboy at The Omega Project.url
2013-04-20 02:35 - 2013-04-20 02:35 - 00000228 ____A C:\Users\ED\Desktop\Brooke D Williams - Free playboyplus.com Pics sexykittenporn.com.url
2013-04-20 02:33 - 2013-04-20 02:33 - 00000403 ____A C:\Users\ED\Desktop\Curvy Queen Aryane Steinkopf - Celeb Matrix teen pics and nude babes join2babes.com.url
2013-04-20 02:26 - 2013-04-20 02:26 - 00000192 ____A C:\Users\ED\Desktop\Gorgeous Anastasia.url
2013-04-20 02:25 - 2013-04-20 02:25 - 00000200 ____A C:\Users\ED\Desktop\Hot Blonde Cara Brett - Twistys Porn Pics novoporn.com.url
2013-04-19 15:03 - 2013-04-19 15:03 - 00000377 ____A C:\Users\ED\Desktop\Brandi Mae Braxton in the Grass - Spicy Bunnies - The Best Source for Spicy Playboy Playmates!.url
2013-04-19 13:03 - 2013-04-19 13:03 - 00000178 ____A C:\Users\ED\Desktop\Kelly Bell - BabeFox Photo Gallery morazzia.com.url
2013-04-19 12:57 - 2013-04-19 12:58 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{112D8FC4-FDCD-4CDD-A715-52152BBF8655}
2013-04-19 12:57 - 2013-04-19 12:58 - 00000000 ____D C:\Users\ED\Local Settings\{112D8FC4-FDCD-4CDD-A715-52152BBF8655}
2013-04-19 12:57 - 2013-04-19 12:58 - 00000000 ____D C:\Users\ED\AppData\Local\{112D8FC4-FDCD-4CDD-A715-52152BBF8655}
2013-04-19 00:52 - 2013-04-19 00:52 - 00000214 ____A C:\Users\ED\Desktop\Eve Angel big round ass on Thousandbabes.com.url
2013-04-19 00:36 - 2013-04-19 00:36 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{76F85995-BE3C-4829-A983-F98090C4EFAA}
2013-04-19 00:36 - 2013-04-19 00:36 - 00000000 ____D C:\Users\ED\Local Settings\{76F85995-BE3C-4829-A983-F98090C4EFAA}
2013-04-19 00:36 - 2013-04-19 00:36 - 00000000 ____D C:\Users\ED\AppData\Local\{76F85995-BE3C-4829-A983-F98090C4EFAA}
2013-04-18 12:36 - 2013-04-18 12:36 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{AFF790FC-C97B-4DFC-8C89-0F4B21E7E861}
2013-04-18 12:36 - 2013-04-18 12:36 - 00000000 ____D C:\Users\ED\Local Settings\{AFF790FC-C97B-4DFC-8C89-0F4B21E7E861}
2013-04-18 12:36 - 2013-04-18 12:36 - 00000000 ____D C:\Users\ED\AppData\Local\{AFF790FC-C97B-4DFC-8C89-0F4B21E7E861}
2013-04-18 10:54 - 2013-04-18 10:54 - 00000375 ____A C:\Users\ED\Desktop\Sarah E - Met - Art teen pics and nude babes join2babes.com.url
2013-04-18 00:12 - 2013-04-18 00:12 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{5C4F3299-6274-458C-9AE7-64D5AE91C387}
2013-04-18 00:12 - 2013-04-18 00:12 - 00000000 ____D C:\Users\ED\Local Settings\{5C4F3299-6274-458C-9AE7-64D5AE91C387}
2013-04-18 00:12 - 2013-04-18 00:12 - 00000000 ____D C:\Users\ED\AppData\Local\{5C4F3299-6274-458C-9AE7-64D5AE91C387}
2013-04-17 23:48 - 2013-04-17 23:48 - 00000381 ____A C:\Windows\LkmdfCoInst.log
2013-04-17 10:22 - 2013-04-17 10:22 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{C8574341-FD30-47E8-96D0-649A6CB3F8D6}
2013-04-17 10:22 - 2013-04-17 10:22 - 00000000 ____D C:\Users\ED\Local Settings\{C8574341-FD30-47E8-96D0-649A6CB3F8D6}
2013-04-17 10:22 - 2013-04-17 10:22 - 00000000 ____D C:\Users\ED\AppData\Local\{C8574341-FD30-47E8-96D0-649A6CB3F8D6}

==================== One Month Modified Files and Folders =======

2013-05-17 11:23 - 2013-05-17 11:23 - 00000000 ____D C:\FRST
2013-05-17 09:44 - 2013-03-28 02:37 - 00000000 ____D C:\Users\ED\My Documents\CCleaner
2013-05-17 09:44 - 2013-03-28 02:37 - 00000000 ____D C:\Users\ED\Documents\CCleaner
2013-05-17 09:44 - 2013-03-20 00:50 - 00000000 ____D C:\Users\ED\My Documents\Amazon_com incredicharge Electronics_files
2013-05-17 09:44 - 2013-03-20 00:50 - 00000000 ____D C:\Users\ED\Documents\Amazon_com incredicharge Electronics_files
2013-05-17 09:44 - 2013-02-06 02:12 - 00000000 ___SD C:\Users\ED\My Documents\Passwords Database
2013-05-17 09:44 - 2013-02-06 02:12 - 00000000 ___SD C:\Users\ED\Documents\Passwords Database
2013-05-17 09:44 - 2012-10-29 09:58 - 00000000 ____D C:\Users\ED\Downloads\Memeo
2013-05-17 09:44 - 2012-09-30 10:18 - 00000000 ____D C:\Users\ED\My Documents\Medicare fines over hospitals' readmitted patients - Earthlink - Main News_files
2013-05-17 09:44 - 2012-09-30 10:18 - 00000000 ____D C:\Users\ED\Documents\Medicare fines over hospitals' readmitted patients - Earthlink - Main News_files
2013-05-17 09:44 - 2012-08-06 21:48 - 00000000 ____D C:\Users\ED\My Documents\Sculpt a Better Butt Women's Health Magazine_files
2013-05-17 09:44 - 2012-08-06 21:48 - 00000000 ____D C:\Users\ED\Documents\Sculpt a Better Butt Women's Health Magazine_files
2013-05-17 09:44 - 2012-08-06 21:41 - 00000000 ____D C:\Users\ED\My Documents\Building Strong Glutes Cycling Fitness Tips Bicycling Magazine_files
2013-05-17 09:44 - 2012-08-06 21:41 - 00000000 ____D C:\Users\ED\Documents\Building Strong Glutes Cycling Fitness Tips Bicycling Magazine_files
2013-05-17 09:44 - 2012-06-18 00:30 - 00000000 ____D C:\Users\ED\Desktop\Utilities
2013-05-17 09:44 - 2012-03-29 22:47 - 00000000 ____D C:\Users\ED\My Documents\FinePrint files
2013-05-17 09:44 - 2012-03-29 22:47 - 00000000 ____D C:\Users\ED\Documents\FinePrint files
2013-05-17 09:44 - 2012-02-22 01:52 - 00000000 ____D C:\Users\ED\My Documents\2012 Land Rover Range Rover Evoque Road Test – Review – Car and Driver_files
2013-05-17 09:44 - 2012-02-22 01:52 - 00000000 ____D C:\Users\ED\Documents\2012 Land Rover Range Rover Evoque Road Test – Review – Car and Driver_files
2013-05-17 09:44 - 2012-02-15 13:04 - 00000000 ____D C:\Users\ED\My Documents\Vitals - Amid shortages, rules force hospitals to trash scarce drugs_files
2013-05-17 09:44 - 2012-02-15 13:04 - 00000000 ____D C:\Users\ED\Documents\Vitals - Amid shortages, rules force hospitals to trash scarce drugs_files
2013-05-17 09:44 - 2012-02-15 12:50 - 00000000 ____D C:\Users\ED\My Documents\FCC plans to nix wireless network that may jam GPS EarthLink - Top News_files
2013-05-17 09:44 - 2012-02-15 12:50 - 00000000 ____D C:\Users\ED\Documents\FCC plans to nix wireless network that may jam GPS EarthLink - Top News_files
2013-05-17 09:44 - 2011-12-27 00:13 - 00000000 ____D C:\Users\ED\My Documents\Stop being duped by the 3D scam TechRepublic_files
2013-05-17 09:44 - 2011-12-27 00:13 - 00000000 ____D C:\Users\ED\Documents\Stop being duped by the 3D scam TechRepublic_files
2013-05-17 09:44 - 2011-11-17 00:24 - 00000000 ____D C:\Windows\System32\Macromed
2013-05-17 09:44 - 2011-11-10 02:20 - 00000000 ____D C:\Users\ED\My Documents\Drug helps 'couch potato' monkeys lose weight - Health - Diet and nutrition - msnbc_com_files
2013-05-17 09:44 - 2011-11-10 02:20 - 00000000 ____D C:\Users\ED\Documents\Drug helps 'couch potato' monkeys lose weight - Health - Diet and nutrition - msnbc_com_files
2013-05-17 09:44 - 2011-06-28 12:39 - 00000000 ___RD C:\Users\ED\My Documents\Offline Web Pages
2013-05-17 09:44 - 2011-06-28 12:39 - 00000000 ___RD C:\Users\ED\My Documents\My Stationery
2013-05-17 09:44 - 2011-06-28 12:39 - 00000000 ___RD C:\Users\ED\Documents\Offline Web Pages
2013-05-17 09:44 - 2011-06-28 12:39 - 00000000 ___RD C:\Users\ED\Documents\My Stationery
2013-05-17 09:44 - 2011-06-28 12:35 - 00000000 ____D C:\Users\ED\My Documents\DigitalLocker
2013-05-17 09:44 - 2011-06-28 12:35 - 00000000 ____D C:\Users\ED\Documents\DigitalLocker
2013-05-17 09:44 - 2011-06-28 12:34 - 00000000 ____D C:\Users\ED\My Documents\Branding
2013-05-17 09:44 - 2011-06-28 12:34 - 00000000 ____D C:\Users\ED\Documents\Branding
2013-05-17 09:44 - 2011-06-12 15:42 - 00000000 ____D C:\Users\ED\Downloads\SharePod
2013-05-17 09:44 - 2011-06-11 11:43 - 00000000 ____D C:\users\ED
2013-05-17 09:44 - 2011-06-08 02:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-05-17 09:44 - 2011-03-22 20:31 - 00000000 ___RD C:\Users\ED\My Documents\Notes
2013-05-17 09:44 - 2011-03-22 20:31 - 00000000 ___RD C:\Users\ED\Documents\Notes
2013-05-17 09:44 - 2011-03-22 00:25 - 00000000 ____D C:\Users\ED\My Documents\Samsung ML-2525_files
2013-05-17 09:44 - 2011-03-22 00:25 - 00000000 ____D C:\Users\ED\Documents\Samsung ML-2525_files
2013-05-17 09:44 - 2011-02-26 02:29 - 00000000 ____D C:\Users\ED\Downloads\TweakNow PowerPack3.0.1
2013-05-17 09:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-17 09:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-17 09:42 - 2013-04-20 11:01 - 00000000 ____D C:\Users\ED\Desktop\Hot Blondes
2013-05-17 09:42 - 2013-02-13 15:25 - 00000000 ____D C:\Users\ED\Local Settings\Zoom_Downloader
2013-05-17 09:42 - 2013-02-13 15:25 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\Zoom_Downloader
2013-05-17 09:42 - 2013-02-13 15:25 - 00000000 ____D C:\Users\ED\AppData\Local\Zoom_Downloader
2013-05-17 09:42 - 2013-02-11 01:37 - 00000000 ____D C:\Users\ED\Desktop\CrystalCPUID415
2013-05-17 09:42 - 2013-02-11 01:19 - 00000000 ____D C:\Users\ED\Local Settings\VisualBeeExe
2013-05-17 09:42 - 2013-02-11 01:19 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\VisualBeeExe
2013-05-17 09:42 - 2013-02-11 01:19 - 00000000 ____D C:\Users\ED\AppData\Local\VisualBeeExe
2013-05-17 09:42 - 2012-11-22 00:41 - 00000000 ____D C:\Users\ED\Application Data\U3
2013-05-17 09:42 - 2012-11-22 00:41 - 00000000 ____D C:\Users\ED\AppData\Roaming\U3
2013-05-17 09:42 - 2012-06-18 00:47 - 00000000 ____D C:\Users\ED\Desktop\GAMES
2013-05-17 09:42 - 2012-06-15 02:55 - 00000000 ____D C:\Users\ED\Application Data\Motorola Mobility
2013-05-17 09:42 - 2012-06-15 02:55 - 00000000 ____D C:\Users\ED\AppData\Roaming\Motorola Mobility
2013-05-17 09:42 - 2012-04-19 01:23 - 00000000 ____D C:\Users\ED\Application Data\MotoCast
2013-05-17 09:42 - 2012-04-19 01:23 - 00000000 ____D C:\Users\ED\AppData\Roaming\MotoCast
2013-05-17 09:42 - 2012-03-29 22:47 - 00000000 ____D C:\Program Files (x86)\I Want This
2013-05-17 09:42 - 2011-10-24 02:19 - 00000000 ____D C:\Users\ED\Application Data\Mozilla
2013-05-17 09:42 - 2011-10-24 02:19 - 00000000 ____D C:\Users\ED\AppData\Roaming\Mozilla
2013-05-17 09:42 - 2011-06-13 14:55 - 00000000 ____D C:\Users\ED\Local Settings\Stardock_Corporation
2013-05-17 09:42 - 2011-06-13 14:55 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\Stardock_Corporation
2013-05-17 09:42 - 2011-06-13 14:55 - 00000000 ____D C:\Users\ED\AppData\Local\Stardock_Corporation
2013-05-17 09:42 - 2011-06-11 16:31 - 00000000 ____D C:\Users\ED\Application Data\IObit
2013-05-17 09:42 - 2011-06-11 16:31 - 00000000 ____D C:\Users\ED\AppData\Roaming\IObit
2013-05-17 09:42 - 2010-11-25 01:51 - 00000000 ____D C:\Users\ED\Desktop\Icons
2013-05-17 09:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-17 09:39 - 2013-04-16 03:08 - 00000000 ____D C:\Users\ED\Desktop\Tracking
2013-05-17 09:39 - 2013-03-01 12:09 - 00000000 ____D C:\Users\ED\My Documents\Aimersoft DVD Creator
2013-05-17 09:39 - 2013-03-01 12:09 - 00000000 ____D C:\Users\ED\Documents\Aimersoft DVD Creator
2013-05-17 09:39 - 2012-08-22 00:10 - 00000000 ____D C:\Users\ED\My Documents\Cannondale SuperSix Ultegra Di2
2013-05-17 09:39 - 2012-08-22 00:10 - 00000000 ____D C:\Users\ED\Documents\Cannondale SuperSix Ultegra Di2
2013-05-17 09:39 - 2012-07-02 00:12 - 00000000 ____D C:\Users\ED\My Documents\IV Compatability
2013-05-17 09:39 - 2012-07-02 00:12 - 00000000 ____D C:\Users\ED\Documents\IV Compatability
2013-05-17 09:39 - 2012-06-14 03:05 - 00000000 ____D C:\Users\ED\My Documents\Interbike 2013
2013-05-17 09:39 - 2012-06-14 03:05 - 00000000 ____D C:\Users\ED\Documents\Interbike 2013
2013-05-17 09:39 - 2012-05-30 01:01 - 00000000 ____D C:\Users\ED\Desktop\PICS
2013-05-17 09:39 - 2012-05-28 03:31 - 00000000 ____D C:\Users\ED\My Documents\Kaspersky Lab
2013-05-17 09:39 - 2012-05-28 03:31 - 00000000 ____D C:\Users\ED\Documents\Kaspersky Lab
2013-05-17 09:39 - 2012-03-28 02:11 - 00000000 ____D C:\Users\ED\My Documents\CISCO DPC3010
2013-05-17 09:39 - 2012-03-28 02:11 - 00000000 ____D C:\Users\ED\Documents\CISCO DPC3010
2013-05-17 09:39 - 2012-01-28 01:38 - 00000000 ____D C:\Users\ED\My Documents\BFF
2013-05-17 09:39 - 2012-01-28 01:38 - 00000000 ____D C:\Users\ED\Documents\BFF
2013-05-17 09:39 - 2011-11-23 01:22 - 00000000 ____D C:\Users\ED\My Documents\Specialized Razor waterbottle
2013-05-17 09:39 - 2011-11-23 01:22 - 00000000 ____D C:\Users\ED\Documents\Specialized Razor waterbottle
2013-05-17 09:39 - 2011-08-14 11:25 - 00000000 ____D C:\Users\ED\My Documents\The Truth About Six Pack Abs
2013-05-17 09:39 - 2011-08-14 11:25 - 00000000 ____D C:\Users\ED\Documents\The Truth About Six Pack Abs
2013-05-17 09:39 - 2011-06-28 12:43 - 00000000 ____D C:\Users\ED\My Documents\Samsung
2013-05-17 09:39 - 2011-06-28 12:43 - 00000000 ____D C:\Users\ED\Documents\Samsung
2013-05-17 09:39 - 2011-06-28 12:42 - 00000000 ____D C:\Users\ED\My Documents\Purchases
2013-05-17 09:39 - 2011-06-28 12:42 - 00000000 ____D C:\Users\ED\Documents\Purchases
2013-05-17 09:39 - 2011-06-28 12:38 - 00000000 ____D C:\Users\ED\My Documents\Legacy.com
2013-05-17 09:39 - 2011-06-28 12:38 - 00000000 ____D C:\Users\ED\My Documents\Law of Attraction
2013-05-17 09:39 - 2011-06-28 12:38 - 00000000 ____D C:\Users\ED\Documents\Legacy.com
2013-05-17 09:39 - 2011-06-28 12:38 - 00000000 ____D C:\Users\ED\Documents\Law of Attraction
2013-05-17 09:39 - 2011-06-28 12:37 - 00000000 ____D C:\Users\ED\My Documents\Horoscopes
2013-05-17 09:39 - 2011-06-28 12:37 - 00000000 ____D C:\Users\ED\Documents\Horoscopes
2013-05-17 09:39 - 2011-06-28 12:34 - 00000000 ____D C:\Users\ED\My Documents\Career
2013-05-17 09:39 - 2011-06-28 12:34 - 00000000 ____D C:\Users\ED\Documents\Career
2013-05-17 09:39 - 2011-03-29 11:05 - 00000000 ____D C:\Users\ED\My Documents\Shelley McMurtry
2013-05-17 09:39 - 2011-03-29 11:05 - 00000000 ____D C:\Users\ED\Documents\Shelley McMurtry
2013-05-17 09:39 - 2011-03-22 21:38 - 00000000 ____D C:\Users\ED\My Documents\Advice
2013-05-17 09:39 - 2011-03-22 21:38 - 00000000 ____D C:\Users\ED\Documents\Advice
2013-05-17 09:39 - 2011-03-13 01:07 - 00000000 ____D C:\Users\ED\My Documents\W215 CL Class
2013-05-17 09:39 - 2011-03-13 01:07 - 00000000 ____D C:\Users\ED\Documents\W215 CL Class
2013-05-17 09:39 - 2010-10-27 21:19 - 00000000 ____D C:\Users\ED\Desktop\Photo Additions
2013-05-17 09:38 - 2011-06-28 12:29 - 00000000 ____D C:\Users\ED\Desktop\Photo Additions PRIME
2013-05-17 09:36 - 2012-10-24 19:57 - 00000000 ____D C:\Users\ED\Desktop\Photo Additions DONE
2013-05-17 09:35 - 2012-07-11 01:15 - 00000000 ____D C:\Users\ED\Application Data\Seagate
2013-05-17 09:35 - 2012-07-11 01:15 - 00000000 ____D C:\Users\ED\AppData\Roaming\Seagate
2013-05-17 09:35 - 2012-04-19 01:23 - 00000000 ____D C:\Users\ED\Application Data\Motorola
2013-05-17 09:35 - 2012-04-19 01:23 - 00000000 ____D C:\Users\ED\AppData\Roaming\Motorola
2013-05-17 09:35 - 2012-02-14 00:51 - 00000000 ____D C:\Users\ED\Local Settings\Sonic_Solutions
2013-05-17 09:35 - 2012-02-14 00:51 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\Sonic_Solutions
2013-05-17 09:35 - 2012-02-14 00:51 - 00000000 ____D C:\Users\ED\AppData\Local\Sonic_Solutions
2013-05-17 09:35 - 2011-09-06 19:54 - 00000000 ____D C:\Users\ED\Application Data\Memeo
2013-05-17 09:35 - 2011-09-06 19:54 - 00000000 ____D C:\Users\ED\AppData\Roaming\Memeo
2013-05-17 09:35 - 2011-09-06 14:04 - 00000000 ____D C:\Users\ED\Application Data\RapidBackup 2
2013-05-17 09:35 - 2011-09-06 14:04 - 00000000 ____D C:\Users\ED\AppData\Roaming\RapidBackup 2
2013-05-17 09:35 - 2011-08-26 00:36 - 00000000 ____D C:\Users\ED\Application Data\GlarySoft
2013-05-17 09:35 - 2011-08-26 00:36 - 00000000 ____D C:\Users\ED\AppData\Roaming\GlarySoft
2013-05-17 09:35 - 2011-06-13 20:38 - 00000000 ____D C:\Users\ED\Application Data\SoftGrid Client
2013-05-17 09:35 - 2011-06-13 20:38 - 00000000 ____D C:\Users\ED\AppData\Roaming\SoftGrid Client
2013-05-17 09:35 - 2011-06-12 14:53 - 00000000 ____D C:\Users\ED\Application Data\Sony Corporation
2013-05-17 09:35 - 2011-06-12 14:53 - 00000000 ____D C:\Users\ED\AppData\Roaming\Sony Corporation
2013-05-17 09:35 - 2011-06-11 13:00 - 00000000 ____D C:\Users\ED\Application Data\PCDr
2013-05-17 09:35 - 2011-06-11 13:00 - 00000000 ____D C:\Users\ED\AppData\Roaming\PCDr
2013-05-17 09:35 - 2011-06-11 12:04 - 00000000 ____D C:\Users\ED\Application Data\Macrovision
2013-05-17 09:35 - 2011-06-11 12:04 - 00000000 ____D C:\Users\ED\AppData\Roaming\Macrovision
2013-05-17 09:35 - 2011-06-11 11:58 - 00000000 ____D C:\Users\ED\Application Data\Adobe
2013-05-17 09:35 - 2011-06-11 11:58 - 00000000 ____D C:\Users\ED\AppData\Roaming\Adobe
2013-05-17 09:35 - 2011-06-11 11:47 - 00000000 ____D C:\Users\ED\Application Data\Roxio
2013-05-17 09:35 - 2011-06-11 11:47 - 00000000 ____D C:\Users\ED\AppData\Roaming\Roxio
2013-05-17 09:35 - 2011-06-11 11:46 - 00000000 ____D C:\Users\ED\Local Settings\VirtualStore
2013-05-17 09:35 - 2011-06-11 11:46 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\VirtualStore
2013-05-17 09:35 - 2011-06-11 11:46 - 00000000 ____D C:\Users\ED\AppData\Local\VirtualStore
2013-05-17 09:34 - 2013-02-19 01:05 - 00000000 ____D C:\Users\ED\Local Settings\Cyberlink
2013-05-17 09:34 - 2013-02-19 01:05 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\Cyberlink
2013-05-17 09:34 - 2013-02-19 01:05 - 00000000 ____D C:\Users\ED\AppData\Local\Cyberlink
2013-05-17 09:34 - 2011-09-05 21:05 - 00000000 ____D C:\Users\ED\Local Settings\Logitech
2013-05-17 09:34 - 2011-09-05 21:05 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\Logitech
2013-05-17 09:34 - 2011-09-05 21:05 - 00000000 ____D C:\Users\ED\AppData\Local\Logitech
2013-05-17 09:34 - 2011-06-11 14:38 - 00000000 ____D C:\Users\ED\Local Settings\ArcSoft
2013-05-17 09:34 - 2011-06-11 14:38 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\ArcSoft
2013-05-17 09:34 - 2011-06-11 14:38 - 00000000 ____D C:\Users\ED\AppData\Local\ArcSoft
2013-05-17 09:34 - 2011-06-11 12:28 - 00000000 ____D C:\Users\ED\Local Settings\Google
2013-05-17 09:34 - 2011-06-11 12:28 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\Google
2013-05-17 09:34 - 2011-06-11 12:28 - 00000000 ____D C:\Users\ED\AppData\Local\Google
2013-05-17 09:34 - 2011-06-11 11:47 - 00000000 ____D C:\Users\ED\Local Settings\Dell
2013-05-17 09:34 - 2011-06-11 11:47 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\Dell
2013-05-17 09:34 - 2011-06-11 11:47 - 00000000 ____D C:\Users\ED\AppData\Local\Dell
2013-05-17 09:33 - 2012-05-30 00:38 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-17 09:33 - 2012-05-30 00:38 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-05-17 09:33 - 2011-06-08 02:48 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-05-17 09:33 - 2011-06-08 02:48 - 00000000 ____D C:\ProgramData\Adobe
2013-05-17 09:33 - 2011-06-08 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-17 03:22 - 2013-02-17 00:38 - 00000000 ____D C:\Users\ED\Desktop\Kaspersky
2013-05-17 02:17 - 2013-05-17 01:15 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-17 02:17 - 2013-05-17 01:15 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-05-17 02:15 - 2013-05-13 11:49 - 00000000 ____D C:\Users\ED\My Documents\MHS Blog Military Doc Explains How to Choose and Use Sunscreen to Avoid Skin Damage_files
2013-05-17 02:15 - 2013-05-13 11:49 - 00000000 ____D C:\Users\ED\Documents\MHS Blog Military Doc Explains How to Choose and Use Sunscreen to Avoid Skin Damage_files
2013-05-17 01:13 - 2013-05-17 01:13 - 00000000 __SHD C:\found.000
2013-05-16 11:20 - 2013-05-16 11:20 - 00174410 ____A C:\Users\ED\Application Data\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174410 ____A C:\Users\ED\AppData\Roaming\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174355 ____A C:\Users\ED\Local Settings\Application Data\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174355 ____A C:\Users\ED\Local Settings\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174355 ____A C:\Users\ED\AppData\Local\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174344 ____A C:\ProgramData\Application Data\2433f433
2013-05-16 11:20 - 2013-05-16 11:20 - 00174344 ____A C:\ProgramData\2433f433
2013-05-15 23:44 - 2013-03-29 12:28 - 00000000 ____D C:\Users\ED\Downloads\Kaspersky PURE 2.0 Total Internet Security
2013-05-15 23:27 - 2013-05-15 23:27 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{040480C9-8E9A-4B80-986C-C4E14382E71C}
2013-05-15 23:27 - 2013-05-15 23:27 - 00000000 ____D C:\Users\ED\Local Settings\{040480C9-8E9A-4B80-986C-C4E14382E71C}
2013-05-15 23:27 - 2013-05-15 23:27 - 00000000 ____D C:\Users\ED\AppData\Local\{040480C9-8E9A-4B80-986C-C4E14382E71C}
2013-05-15 00:03 - 2013-05-15 00:03 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{E9E733A0-8478-447C-BEDF-681707E82141}
2013-05-15 00:03 - 2013-05-15 00:03 - 00000000 ____D C:\Users\ED\Local Settings\{E9E733A0-8478-447C-BEDF-681707E82141}
2013-05-15 00:03 - 2013-05-15 00:03 - 00000000 ____D C:\Users\ED\AppData\Local\{E9E733A0-8478-447C-BEDF-681707E82141}
2013-05-14 17:48 - 2013-05-14 13:07 - 00000000 ____D C:\05-14-2013_13-06
2013-05-14 10:56 - 2013-05-14 10:56 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{149BF9E7-4FEA-41F6-94DD-CF5CF4200051}
2013-05-14 10:56 - 2013-05-14 10:56 - 00000000 ____D C:\Users\ED\Local Settings\{149BF9E7-4FEA-41F6-94DD-CF5CF4200051}
2013-05-14 10:56 - 2013-05-14 10:56 - 00000000 ____D C:\Users\ED\AppData\Local\{149BF9E7-4FEA-41F6-94DD-CF5CF4200051}
2013-05-14 00:25 - 2013-05-14 00:25 - 00262144 ____A C:\Windows\System32\config\elam
2013-05-14 00:23 - 2013-05-14 00:23 - 00000585 ____A C:\Users\ED\Desktop\Amateur babe with big naturals at Sensual Girls.url
2013-05-14 00:23 - 2013-05-14 00:23 - 00000371 ____A C:\Users\ED\Desktop\Black Sheets - Monroe Lee teen pics and nude babes join2babes.com.url
2013-05-14 00:22 - 2013-05-14 00:22 - 00000190 ____A C:\Users\ED\Desktop\Busty Leila - 100buckbabes.com.url
2013-05-13 22:55 - 2013-05-13 22:55 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{F26F42A9-1A99-4324-9556-115ACCC2B159}
2013-05-13 22:55 - 2013-05-13 22:55 - 00000000 ____D C:\Users\ED\Local Settings\{F26F42A9-1A99-4324-9556-115ACCC2B159}
2013-05-13 22:55 - 2013-05-13 22:55 - 00000000 ____D C:\Users\ED\AppData\Local\{F26F42A9-1A99-4324-9556-115ACCC2B159}
2013-05-13 11:49 - 2013-05-13 11:49 - 00051780 ____A C:\Users\ED\My Documents\MHS Blog Military Doc Explains How to Choose and Use Sunscreen to Avoid Skin Damage.htm
2013-05-13 11:49 - 2013-05-13 11:49 - 00051780 ____A C:\Users\ED\Documents\MHS Blog Military Doc Explains How to Choose and Use Sunscreen to Avoid Skin Damage.htm
2013-05-13 11:47 - 2013-05-13 11:47 - 00000220 ____A C:\Users\ED\Desktop\Tiffany Selby - Free playboyplus.com Pics sexykittenporn.com.url
2013-05-13 11:42 - 2013-05-13 11:42 - 00000600 ____A C:\Users\ED\Desktop\ExGfs Heaven thelifeerotic.com Rumiko A - Rustic.url
2013-05-13 11:23 - 2011-06-28 12:29 - 00000000 ____D C:\Users\ED\Desktop\Movies
2013-05-13 10:55 - 2013-05-13 10:55 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{8FF238D4-C034-4095-895D-AE6B34F7801E}
2013-05-13 10:55 - 2013-05-13 10:55 - 00000000 ____D C:\Users\ED\Local Settings\{8FF238D4-C034-4095-895D-AE6B34F7801E}
2013-05-13 10:55 - 2013-05-13 10:55 - 00000000 ____D C:\Users\ED\AppData\Local\{8FF238D4-C034-4095-895D-AE6B34F7801E}
2013-05-12 22:54 - 2013-05-12 22:54 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{21D12C5F-ABB9-45DC-B8B7-0D43AC426D93}
2013-05-12 22:54 - 2013-05-12 22:54 - 00000000 ____D C:\Users\ED\Local Settings\{21D12C5F-ABB9-45DC-B8B7-0D43AC426D93}
2013-05-12 22:54 - 2013-05-12 22:54 - 00000000 ____D C:\Users\ED\AppData\Local\{21D12C5F-ABB9-45DC-B8B7-0D43AC426D93}
2013-05-12 18:58 - 2013-05-12 18:58 - 00000222 ____A C:\Users\ED\Desktop\Busty Sexy Girl Looks Amaizing - playboygirls.com teen pussy pussystate.com.url
2013-05-12 18:56 - 2013-05-12 18:56 - 00000208 ____A C:\Users\ED\Desktop\Sexy Girl Ahmo Hight - foxes.com - babeuniversum.com.url
2013-05-12 10:54 - 2013-05-12 10:54 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{13475A41-8482-4D92-B199-D1DF509CF4E1}
2013-05-12 10:54 - 2013-05-12 10:54 - 00000000 ____D C:\Users\ED\Local Settings\{13475A41-8482-4D92-B199-D1DF509CF4E1}
2013-05-12 10:54 - 2013-05-12 10:54 - 00000000 ____D C:\Users\ED\AppData\Local\{13475A41-8482-4D92-B199-D1DF509CF4E1}
2013-05-11 14:18 - 2013-05-11 14:17 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{C2F383C9-FFCF-411B-9028-7B16A1B99B78}
2013-05-11 14:18 - 2013-05-11 14:17 - 00000000 ____D C:\Users\ED\Local Settings\{C2F383C9-FFCF-411B-9028-7B16A1B99B78}
2013-05-11 14:18 - 2013-05-11 14:17 - 00000000 ____D C:\Users\ED\AppData\Local\{C2F383C9-FFCF-411B-9028-7B16A1B99B78}
2013-05-11 14:18 - 2013-05-11 13:07 - 00000000 ____D C:\Users\ED\My Documents\Joe DePalma
2013-05-11 14:18 - 2013-05-11 13:07 - 00000000 ____D C:\Users\ED\Documents\Joe DePalma
2013-05-11 13:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2013-05-11 02:17 - 2013-05-11 02:17 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{B78A1256-6883-46D5-A326-17A61E15241C}
2013-05-11 02:17 - 2013-05-11 02:17 - 00000000 ____D C:\Users\ED\Local Settings\{B78A1256-6883-46D5-A326-17A61E15241C}
2013-05-11 02:17 - 2013-05-11 02:17 - 00000000 ____D C:\Users\ED\AppData\Local\{B78A1256-6883-46D5-A326-17A61E15241C}
2013-05-10 18:28 - 2013-05-10 12:58 - 00000000 ____D C:\05-10-2013_12-58
2013-05-10 17:41 - 2013-05-10 17:41 - 00000178 ____A C:\Users\ED\Desktop\Novoboobs.com - Mercedes.url
2013-05-10 17:40 - 2013-05-10 17:40 - 00000184 ____A C:\Users\ED\Desktop\Novoboobs.com - We Love You.url
2013-05-10 14:17 - 2013-05-10 14:17 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{755F0E6E-8C43-4247-BC25-535DD0D78285}
2013-05-10 14:17 - 2013-05-10 14:17 - 00000000 ____D C:\Users\ED\Local Settings\{755F0E6E-8C43-4247-BC25-535DD0D78285}
2013-05-10 14:17 - 2013-05-10 14:17 - 00000000 ____D C:\Users\ED\AppData\Local\{755F0E6E-8C43-4247-BC25-535DD0D78285}
2013-05-10 02:52 - 2011-06-28 12:34 - 00000000 ____D C:\Users\ED\My Documents\Banking & Finance
2013-05-10 02:52 - 2011-06-28 12:34 - 00000000 ____D C:\Users\ED\Documents\Banking & Finance
2013-05-10 02:16 - 2013-05-10 02:16 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{73A0C640-163A-4FBA-93CA-4E91AAFE5D6F}
2013-05-10 02:16 - 2013-05-10 02:16 - 00000000 ____D C:\Users\ED\Local Settings\{73A0C640-163A-4FBA-93CA-4E91AAFE5D6F}
2013-05-10 02:16 - 2013-05-10 02:16 - 00000000 ____D C:\Users\ED\AppData\Local\{73A0C640-163A-4FBA-93CA-4E91AAFE5D6F}
2013-05-09 19:51 - 2012-11-23 16:20 - 00000000 ____D C:\Users\ED\Desktop\Pharmacy Medical Info
2013-05-09 19:43 - 2012-06-18 01:26 - 00000000 ____D C:\Users\ED\Desktop\Diet
2013-05-09 19:26 - 2013-05-09 19:26 - 00000192 ____A C:\Users\ED\Desktop\Novoboobs.com - Kellie Connolly.url
2013-05-09 19:03 - 2013-05-09 19:03 - 00000226 ____A C:\Users\ED\Desktop\Buffy Tyler - Free playboycyberclub.com Pics sexykittenporn.com.url
2013-05-09 19:02 - 2013-05-09 19:02 - 00000184 ____A C:\Users\ED\Desktop\Krystal Webb.url
2013-05-09 18:58 - 2013-05-09 18:58 - 00000639 ____A C:\Users\ED\Desktop\ExGfs Heaven photodromm.com Valeria The Twin.url
2013-05-09 18:53 - 2013-05-09 18:53 - 00000186 ____A C:\Users\ED\Desktop\Novoboobs.com - Raquel Ryann.url
2013-05-09 11:09 - 2013-05-09 11:08 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{D99D2118-953F-4C81-8A39-654F7384B83B}
2013-05-09 11:09 - 2013-05-09 11:08 - 00000000 ____D C:\Users\ED\Local Settings\{D99D2118-953F-4C81-8A39-654F7384B83B}
2013-05-09 11:09 - 2013-05-09 11:08 - 00000000 ____D C:\Users\ED\AppData\Local\{D99D2118-953F-4C81-8A39-654F7384B83B}
2013-05-09 03:35 - 2013-05-09 03:35 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{E1F0D4A3-B470-4524-AD72-F95EA3792F7D}
2013-05-09 03:35 - 2013-05-09 03:35 - 00000000 ____D C:\Users\ED\Local Settings\{E1F0D4A3-B470-4524-AD72-F95EA3792F7D}
2013-05-09 03:35 - 2013-05-09 03:35 - 00000000 ____D C:\Users\ED\AppData\Local\{E1F0D4A3-B470-4524-AD72-F95EA3792F7D}
2013-05-09 02:51 - 2013-05-09 02:51 - 00000000 ____D C:\ProgramData\Application Data\Affinegy
2013-05-09 02:51 - 2013-05-09 02:51 - 00000000 ____D C:\ProgramData\Affinegy
2013-05-09 02:51 - 2013-05-09 01:56 - 00000000 ____D C:\Program Files (x86)\Belkin
2013-05-09 02:48 - 2011-06-08 02:52 - 00000000 ____D C:\ProgramData\Sonic
2013-05-09 02:48 - 2011-06-08 02:52 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-05-09 02:35 - 2013-05-09 02:35 - 00000000 ____D C:\ProgramData\Belkin
2013-05-09 02:35 - 2013-05-09 02:35 - 00000000 ____D C:\ProgramData\Application Data\Belkin
2013-05-09 01:56 - 2011-06-11 15:54 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\Adobe
2013-05-09 01:56 - 2011-06-11 15:54 - 00000000 ____D C:\Users\ED\Local Settings\Adobe
2013-05-09 01:56 - 2011-06-11 15:54 - 00000000 ____D C:\Users\ED\AppData\Local\Adobe
2013-05-08 20:04 - 2013-05-08 20:04 - 00000597 ____A C:\Users\ED\Desktop\Ira from just-nude.com at WildFanny.com Free gallery.url
2013-05-08 15:34 - 2013-05-08 15:33 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{59F447F8-8682-412D-BAA7-1DC7FD408640}
2013-05-08 15:34 - 2013-05-08 15:33 - 00000000 ____D C:\Users\ED\Local Settings\{59F447F8-8682-412D-BAA7-1DC7FD408640}
2013-05-08 15:34 - 2013-05-08 15:33 - 00000000 ____D C:\Users\ED\AppData\Local\{59F447F8-8682-412D-BAA7-1DC7FD408640}
2013-05-08 14:47 - 2013-05-08 14:47 - 00000648 ____A C:\Users\ED\Desktop\Amazon.com Customer Discussions Kindle forum.url
2013-05-08 03:33 - 2013-05-08 03:33 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{4AA44A2B-F1A2-4E9C-BC83-B2C8FADE98D0}
2013-05-08 03:33 - 2013-05-08 03:33 - 00000000 ____D C:\Users\ED\Local Settings\{4AA44A2B-F1A2-4E9C-BC83-B2C8FADE98D0}
2013-05-08 03:33 - 2013-05-08 03:33 - 00000000 ____D C:\Users\ED\AppData\Local\{4AA44A2B-F1A2-4E9C-BC83-B2C8FADE98D0}
2013-05-08 03:30 - 2013-05-08 03:30 - 00000184 ____A C:\Users\ED\Desktop\Novoboobs.com - Gemma Hiles.url
2013-05-06 23:46 - 2013-05-06 23:46 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{8F31C4A4-B160-40B9-BE49-AB04087AF2E5}
2013-05-06 23:46 - 2013-05-06 23:46 - 00000000 ____D C:\Users\ED\Local Settings\{8F31C4A4-B160-40B9-BE49-AB04087AF2E5}
2013-05-06 23:46 - 2013-05-06 23:46 - 00000000 ____D C:\Users\ED\AppData\Local\{8F31C4A4-B160-40B9-BE49-AB04087AF2E5}
2013-05-06 23:42 - 2013-05-06 23:42 - 00000208 ____A C:\Users\ED\Desktop\Novoboobs.com - Brunette With Huge Tits.url
2013-05-05 23:26 - 2013-05-05 23:25 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{0A832AB9-E850-46A1-9293-48A95C52936C}
2013-05-05 23:26 - 2013-05-05 23:25 - 00000000 ____D C:\Users\ED\Local Settings\{0A832AB9-E850-46A1-9293-48A95C52936C}
2013-05-05 23:26 - 2013-05-05 23:25 - 00000000 ____D C:\Users\ED\AppData\Local\{0A832AB9-E850-46A1-9293-48A95C52936C}
2013-05-05 18:57 - 2011-08-22 21:27 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-05 18:27 - 2012-03-29 18:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-05 14:00 - 2011-06-11 11:46 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-05-05 06:57 - 2011-08-22 21:27 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-05 00:11 - 2013-05-05 00:11 - 00000000 ____D C:\Users\ED\Local Settings\Application Data\{9D928973-D00B-48C2-81E7-6B2A774F1AC7}
2013-05-05 00:11 - 2013-05-05 00:11 - 00000000 ____D C:\Users\ED\Local Settings\{9D928973-D00B-48C2-81E7-6B2A774F1AC7}
2013-05-05 00:11 - 2013-05-05 00:11 - 00000000 ____D C:\Users\ED\AppData\Local\{9D928973-D00B-48C2-81E7-6B2A774F1AC7}
2013-05-04 23:54 - 2012-11-22 00:29 - 00000105 ____A C:\Users\ED\Local Settings\ZDManager.ini
2013-05-04 23:54 - 2012-11-22 00:29 - 00000105 ____A C:\Users\ED\Local Settings\Application Data\ZDManager.ini
2013-05-04 23:54 - 2012-11-22 00:29 - 00000105 ____A C:\Users\ED\AppData\Local\ZDManager.ini
2013-05-04 11:07 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A2
 

Attachments

  • FRST.txt
    84 KB · Views: 143
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Now please download this file and save it to your Flash Drive.

[attachment=4536]


Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.
 

Attachments

  • fixlist.txt
    2.9 KB · Views: 89
E

edtrx65

New Member
Thread author
May 17, 2013
13
I ran the fixlist and the fixlog resulted in the attay or chment below:

I rebooted in normal mode & still got the error meesage that "Windows failed to start". It only gives me two choices to either start windows normally or Launch Startup Repair.

I looked at the Problem details and under Problem signature 07, the reason listed is a corrupt file.

I ran the FRST scan after running the fixlist and checked it for any malware or Zero mAccess and there was none in the system.

My only problem now is that I can't start Windows. Do you have any ideas how to fix other than putting my Windows Recovery CD in my PC to reset to factory standard?

Thanks for all of your help!



kuttus said:
Now please download this file and save it to your Flash Drive.




Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.
Click to expand...
 

Attachments

  • Fixlog.txt
    2.5 KB · Views: 81
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
  1. Turn on or restart the computer.
  2. Press and tap the F8 key about every second until you see the Advanced Boot Options.
  3. Select Repair your computer and press Enter.
  4. Select your keyboard language preferences and click on Next.
  5. Select your user name and type in the password, and then click on OK.
  6. Select the option “Command promt and press enter.
  7. You will get a command prompt window. Type the following command the command prompt
    C: (Then press enter)
    bootrec /fixmbr (Press enter)
    Click to expand...
 
E

edtrx65

New Member
Thread author
May 17, 2013
13
I executed the above fixlog under FRST and the window for the Advanced Boot Options looked normal. But once I hit "Repair your Computer", it ran for a moment, but I got the same message that "Windows cannot repair this computer automatically". I checked the Startup Repair log found - Root Cause Found: Startup Repair has tried several times but still cannot determine the cause of the problem.

When I try to restart the PC, a blue screen with yellow-colored words flashes briefly, then I get the same message: "Windows failed to start".
 
E

edtrx65

New Member
Thread author
May 17, 2013
13
I did do this and it took me back to the same Windows Error Recovery screen that says "Windows failed to start. A recent hardware or software change might be the cause.

I found the System Repair Disk that I created when I first bought my PC and tried fixing my PC and this also failed.

Any suggestions?
 
E

edtrx65

New Member
Thread author
May 17, 2013
13
The last time my PC crashed, i bought a TransImp SATA/IDE to USB 2.0 adapter and used it to transferr all of my data, pictures, music, and files onto a clean PC as a backup, then reisnserted the HD into my PC and inserted the Windows OS CD into my PC in order to bring my PC back to factory settings. This is my only other alternative, other than going out to buy another PC, which I have been researching as well.

I want to thank you for all of your help! At least this time around I will have all the anti-malware tools at my disposal.

Thanks Again!
 
E

edtrx65

New Member
Thread author
May 17, 2013
13
Tes, I ran System Restore and it failed on both 14 and 30 days attempts. I tried again after yesterday's fixlog in FRST and as I said in my previous post the Windows Safe Mode screen reappeared. I ran System Restore from my last Restore Point of 5/12/13 and it was successful. I restarted my PC, but I still get the same error message that "Windows has failed to start".

I don't really know what else to do. Right now I am about to transfer files from my HD to my laptop with Hitman Pro loaded on it. Next I will reinsert my Windows OS CD to rstore the OS to factory settings. At least I know there is no malware in my PC before my file transfer. Also, have a 3 TB Seagate external HD that I have been running backups to on a daily basis, so I shouldn't lose any files. I just want to make sure I don't lose anything just in case.

Thanks for all of your help!
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
It seems the issue we are having is due to some corruptions in Windows Files... It may not be due to any virus...
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
  1. Turn on or restart the computer.
  2. Press and tap the F8 key about every second until you see the Advanced Boot Options.
  3. Select Repair your computer and press Enter.
  4. Select your keyboard language preferences and click on Next.
  5. Select your user name and type in the password, and then click on OK.
  6. Select the option “Command promt and press enter.
  7. You will get a command prompt window. Type the following command the command prompt
1)      X:\Sources> Bcdedit /export C:\BCD_Backup 
2)      X:\Sources> C:                            { Change the drive to c: } 
3)      C:\ cd boot                                  { Access boot directory } 
4)      C:\ boot\ attrib bcd -s -h –r         
5)      C:\ boot\ ren bcd  bcd.old   
6)      C:\boot\Bootrec /rebuildbcd       { You will get a prompt  “  To add the entry to the BCD store ”, type  Yes.   Just type “ Y “ and press ENTER } 
7)      Restart the computer. 
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Try this.... Change the C to D.......

1) X:\Sources> Bcdedit /export D:\BCD_Backup
2) X:\Sources> D: { Change the drive to D: }
3) D:\ cd boot { Access boot directory }
4) D:\ boot\ attrib bcd -s -h –r
5) D:\ boot\ ren bcd bcd.old
6) D:\boot\Bootrec /rebuildbcd { You will get a prompt “ To add the entry to the BCD store ”, type Yes. Just type “ Y “ and press ENTER }
7) Restart the computer.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
No problem. Please try with D also. Some time in Recovery Drove C drive may be act as D, E etc...
 
E

edtrx65

New Member
Thread author
May 17, 2013
13
I tried both letters "C" and "D". It was working fine until I got to the CD boot and I got the reply that the computer didn't recognize the path on both occasions.
 

Similar threads

tanner_doriano
  • Locked
No Reply PC Infected with Persistent Malware Downloading Files Hourly
Replies
7
Views
430
Windows Malware Removal Help & Support
icotonev
icotonev
Ross Craig
  • Locked
Need Help with bangsearch removal
Replies
3
Views
663
Windows Malware Removal Help & Support
nasdaq
nasdaq
R
Question Can anyone with a virtual machine try this?
Replies
1
Views
392
General Security Discussions
rashmi
R

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top