Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-02-2013
Ran by Owner at 03-03-2013 20:09:34
Running from E:\
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.
ERROR: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
==================== One Month Created Files and Folders ========
2013-03-03 20:09 - 2013-03-03 20:09 - 00000000 ____D C:\FRST
2013-02-15 18:07 - 2013-02-15 18:07 - 00011618 ____A C:\Users\Owner\Downloads\048-21SP.FAA.TXT
2013-02-14 03:02 - 2013-01-08 17:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 03:02 - 2013-01-08 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 03:02 - 2013-01-08 17:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 03:02 - 2013-01-08 17:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 03:02 - 2013-01-08 17:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 03:02 - 2013-01-08 17:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 03:02 - 2013-01-08 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 03:02 - 2013-01-08 17:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 03:02 - 2013-01-08 16:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 03:02 - 2013-01-08 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 03:02 - 2013-01-08 16:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 03:02 - 2013-01-08 16:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 03:02 - 2013-01-08 16:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 03:02 - 2013-01-08 16:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 03:02 - 2013-01-08 16:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 03:02 - 2013-01-08 16:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-13 08:51 - 2013-01-04 06:28 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 08:51 - 2013-01-03 20:38 - 02048512 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 08:51 - 2012-11-07 22:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-02-13 08:50 - 2013-01-05 00:26 - 03602808 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-02-13 08:50 - 2013-01-05 00:26 - 03550072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
==================== One Month Modified Files and Folders ========
2013-03-03 20:09 - 2013-03-03 20:09 - 00000000 ____D C:\FRST
2013-03-03 20:09 - 2006-11-02 05:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-03 20:04 - 2006-11-02 08:01 - 00031574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-03-03 20:04 - 2006-11-02 08:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-03 20:03 - 2011-01-17 21:28 - 00017408 ____A C:\Windows\System32\rpcnetp.exe
2013-03-03 20:03 - 2011-01-17 20:54 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2013-03-03 20:03 - 2006-11-02 07:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-03 20:03 - 2006-11-02 07:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-03 20:01 - 2006-11-02 07:52 - 00030433 ____A C:\Windows\setupact.log
2013-03-03 19:59 - 2006-11-02 07:47 - 00033792 ____A C:\Windows\System32\umstartup.etl
2013-03-03 19:58 - 2011-01-17 21:29 - 00017408 ____A C:\Windows\System32\rpcnetp.dll
2013-03-03 19:58 - 2006-11-02 08:00 - 00011372 ____A C:\Windows\PFRO.log
2013-03-03 19:51 - 2011-01-18 12:37 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3778235527-2258101365-941280508-1000UA.job
2013-03-03 19:51 - 2008-01-20 20:39 - 01368461 ____A C:\Windows\WindowsUpdate.log
2013-03-03 19:50 - 2012-10-16 17:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-01 18:52 - 2006-11-02 07:47 - 00046080 ____A C:\Windows\System32\umstartup000.etl
2013-03-01 17:10 - 2011-01-17 19:09 - 00000000 ____D C:\users\Owner
2013-03-01 16:57 - 2012-06-25 20:49 - 00000000 ____D C:\Users\Owner\Desktop\AutoShopperPaperWork
2013-03-01 16:22 - 2012-06-25 20:50 - 00000000 ____D C:\Users\Owner\Desktop\AutoShopper Photos
2013-03-01 08:50 - 2012-10-16 07:39 - 00000000 ____D C:\Users\Owner\.startmeeting
2013-02-28 22:12 - 2012-08-24 06:59 - 00000071 __RSH C:\ProgramData\3002.xml
2013-02-28 20:17 - 2011-01-18 12:37 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3778235527-2258101365-941280508-1000Core.job
2013-02-26 19:57 - 2012-10-16 17:33 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-02-26 19:57 - 2012-10-16 17:33 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-02-19 08:29 - 2012-10-16 07:39 - 00000916 ____A C:\Users\Owner\Desktop\StartMeeting.lnk
2013-02-15 18:07 - 2013-02-15 18:07 - 00011618 ____A C:\Users\Owner\Downloads\048-21SP.FAA.TXT
2013-02-14 03:27 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-14 03:20 - 2006-11-02 07:47 - 00273088 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 03:02 - 2006-11-02 05:24 - 67823584 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-02-01 20:05 - 2011-01-17 19:09 - 00001356 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-11 21:59] - [2012-08-21 06:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 3316.7 MB
Available physical RAM: 2929.31 MB
Total Pagefile: 6827.41 MB
Available Pagefile: 6603.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.81 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:149.01 GB) (Free:124.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:0.12 GB) (Free:0.08 GB) FAT
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 122 MB 0 B
Partitions of Disk 0:
===============
Disk ID: 94A1E83E
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 149 GB Healthy System (partition with boot components)
=========================================================
Partitions of Disk 1:
===============
Disk ID: 0051E3AF
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 121 MB 16 KB
=========================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT Removable 121 MB Healthy
=========================================================
Last Boot: 2013-03-03 13:58
==================== End Of Log ============================