Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 14-07-2012
Ran by PLCO0603 at 15-07-2012 00:13:25
Running from C:\Users\plco0603\Desktop
  Service Pack 1 (X86) OS Language: English(US) 
Attention: Could not load system hive.ERROR: A required privilege is not held by the client.

Attention: System hive is missing.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-15 00:13 - 2012-07-15 00:13 - 00000000 ____D C:\FRST
2012-07-15 00:12 - 2012-07-15 00:13 - 00891094 ____A (Farbar) C:\Users\plco0603\Desktop\FRST.exe
2012-07-14 23:25 - 2012-07-14 23:25 - 00049152 ____A C:\Users\plco0603\0.575601725916877.exe
2012-07-14 23:25 - 2012-07-14 23:25 - 00049152 ____A C:\Users\All Users\vvgqgsqy.exe
2012-07-14 23:25 - 2012-07-14 23:25 - 00000051 ____A C:\Users\All Users\xesphowhrrhurnm
2012-07-14 23:25 - 2012-07-14 23:25 - 00000000 ____D C:\Users\All Users\umauojyczactwme
2012-07-09 10:38 - 2012-07-09 10:38 - 00000326 ____A C:\Users\plco0603\Desktop\snap.prp
2012-07-06 15:53 - 2012-07-06 15:53 - 01228288 ____A C:\Users\plco0603\Desktop\KV Sales.xls
2012-07-06 15:41 - 2012-07-06 15:41 - 05165728 ____A C:\Users\plco0603\Desktop\PL01 Pipeline for May 2012.xlsx
2012-07-06 12:24 - 2012-07-06 15:46 - 19148288 ____A C:\Users\plco0603\Desktop\201206 Financials for Monthly Reporting.xls
2012-07-06 10:32 - 2012-07-06 10:32 - 00000000 ____D C:\Users\plco0603\AppData\Roaming\Microsoft Shared
2012-07-06 10:32 - 2012-07-06 10:32 - 00000000 ____D C:\Users\plco0603\AppData\Roaming\Microsoft Office
2012-07-06 10:31 - 2012-07-06 10:31 - 00000000 ____D C:\Users\All Users\Applications
2012-07-05 09:38 - 2012-07-05 09:38 - 04887552 ____A C:\Users\plco0603\Desktop\scope   list.xls
2012-07-04 14:09 - 2012-07-04 14:09 - 00001040 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-07-04 14:00 - 2012-07-04 14:00 - 00008835 ____A C:\Users\plco0603\Desktop\CRP.xlsx
2012-06-29 12:51 - 2012-07-09 12:59 - 00000000 ____D C:\Users\plco0603\AppData\Roaming\Skype
2012-06-29 12:50 - 2012-06-29 12:51 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-29 12:50 - 2012-06-29 12:50 - 00000000 ___RD C:\Program Files\Skype
2012-06-29 12:50 - 2012-06-29 12:50 - 00000000 ____D C:\Users\All Users\Skype
2012-06-28 09:23 - 2012-04-28 06:41 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-28 09:23 - 2012-04-28 05:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-28 09:21 - 2012-05-18 00:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 09:21 - 2012-05-18 00:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 09:21 - 2012-05-18 00:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 09:21 - 2012-05-18 00:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 09:21 - 2012-05-18 00:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 09:21 - 2012-05-18 00:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 09:21 - 2012-05-18 00:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 09:21 - 2012-05-18 00:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 09:20 - 2012-05-18 01:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 09:20 - 2012-05-18 00:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 09:20 - 2012-05-18 00:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 09:20 - 2012-05-18 00:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 09:20 - 2012-05-18 00:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 09:20 - 2012-05-18 00:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 09:19 - 2012-04-26 06:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-28 09:19 - 2012-04-26 06:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-28 09:19 - 2012-04-26 06:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-28 09:14 - 2012-05-15 03:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-27 15:01 - 2012-06-27 15:02 - 00010209 ____A C:\Users\plco0603\Desktop\New Microsoft Excel Worksheet.xlsx
2012-06-27 14:19 - 2012-06-27 14:19 - 01160704 ____A C:\Users\plco0603\Desktop\SCN DATA.xls
2012-06-27 12:41 - 2012-06-27 12:41 - 07113216 ____A C:\Users\plco0603\Desktop\Keep_cancel list PL01 AC-MPK PL+ 2.xls
2012-06-27 11:32 - 2012-06-27 11:32 - 07113216 ____A C:\Users\plco0603\Desktop\Keep_cancel list PL01 AC-MPK PL+.xls
2012-06-21 21:56 - 2012-06-26 08:41 - 00395690 ____A C:\Users\plco0603\Desktop\CRP presentation.pptx
2012-06-21 10:41 - 2012-06-21 10:41 - 03111424 ____A C:\Users\plco0603\Downloads\Latest Quotation.xls
2012-06-20 16:37 - 2012-06-21 10:07 - 00040203 ____A C:\Users\plco0603\Desktop\WVO EMA and APA.xlsx
2012-06-20 11:36 - 2012-07-05 10:41 - 08431104 ____A C:\Users\plco0603\Desktop\BP.xls
2012-06-20 09:29 - 2012-06-20 11:33 - 00040077 ____A C:\Users\plco0603\Desktop\OUB Future.xlsx
2012-06-19 15:36 - 2012-06-19 15:55 - 00040033 ____A C:\Users\plco0603\Desktop\HE Future.xlsx
2012-06-19 14:28 - 2012-06-19 15:36 - 00039991 ____A C:\Users\plco0603\Desktop\KVV NAM Market.xlsx
2012-06-19 14:19 - 2012-06-19 14:27 - 00038401 ____A C:\Users\plco0603\Desktop\Action plan & Status follow up_template v 1.11.xlsx
2012-06-19 13:54 - 2012-06-19 13:54 - 00040596 ____A C:\Users\plco0603\Desktop\KVV India Market.xlsx
2012-06-19 13:20 - 2012-06-19 13:59 - 00045770 ____A C:\Users\plco0603\Desktop\KVV China Market.xlsx
2012-06-19 09:24 - 2012-06-19 11:31 - 00045518 ____A C:\Users\plco0603\Desktop\Action plan Supporting Growth in BRIC.xlsx
2012-06-16 09:36 - 2012-06-16 10:11 - 00000000 ____D C:\Users\plco0603\Desktop\foty
2012-06-15 23:02 - 2012-06-13 18:40 - 465687040 ____A C:\Users\plco0603\Desktop\Movie.avi

============ 3 Months Modified Files ========================

2012-07-14 23:51 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-14 23:51 - 2009-07-14 06:39 - 00049584 ____A C:\Windows\setupact.log
2012-07-14 23:49 - 2011-10-27 12:57 - 01963726 ____A C:\Windows\WindowsUpdate.log
2012-07-14 23:25 - 2012-07-14 23:25 - 00049152 ____A C:\Users\plco0603\0.575601725916877.exe
2012-07-14 23:25 - 2012-07-14 23:25 - 00049152 ____A C:\Users\All Users\vvgqgsqy.exe
2012-07-14 23:25 - 2012-07-14 23:25 - 00000051 ____A C:\Users\All Users\xesphowhrrhurnm
2012-07-14 23:20 - 2009-07-14 06:34 - 00019104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-14 23:20 - 2009-07-14 06:34 - 00019104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-13 21:58 - 2011-10-27 13:14 - 00751012 ____A C:\Windows\System32\perfh015.dat
2012-07-13 21:58 - 2011-10-27 13:14 - 00161352 ____A C:\Windows\System32\perfc015.dat
2012-07-13 21:58 - 2010-11-20 23:01 - 01701904 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-09 14:54 - 2011-10-28 09:17 - 00101584 _RASH C:\Users\plco0603\ntuser.pol
2012-07-09 14:40 - 2011-10-27 14:22 - 00146578 _RASH C:\Users\All Users\ntuser.pol
2012-07-09 10:38 - 2012-07-09 10:38 - 00000326 ____A C:\Users\plco0603\Desktop\snap.prp
2012-07-06 15:53 - 2012-07-06 15:53 - 01228288 ____A C:\Users\plco0603\Desktop\KV Sales.xls
2012-07-06 15:46 - 2012-07-06 12:24 - 19148288 ____A C:\Users\plco0603\Desktop\201206 Financials for Monthly Reporting.xls
2012-07-06 15:41 - 2012-07-06 15:41 - 05165728 ____A C:\Users\plco0603\Desktop\PL01 Pipeline for May 2012.xlsx
2012-07-05 10:41 - 2012-06-20 11:36 - 08431104 ____A C:\Users\plco0603\Desktop\BP.xls
2012-07-05 09:38 - 2012-07-05 09:38 - 04887552 ____A C:\Users\plco0603\Desktop\scope   list.xls
2012-07-05 08:00 - 2011-09-28 14:35 - 00000496 ____A C:\Windows\SMSCFG.INI
2012-07-04 14:09 - 2012-07-04 14:09 - 00001040 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-07-04 14:00 - 2012-07-04 14:00 - 00008835 ____A C:\Users\plco0603\Desktop\CRP.xlsx
2012-06-29 12:51 - 2012-06-29 12:50 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-29 12:25 - 2009-07-14 06:33 - 02378704 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-28 09:27 - 2011-10-27 13:55 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-27 15:02 - 2012-06-27 15:01 - 00010209 ____A C:\Users\plco0603\Desktop\New Microsoft Excel Worksheet.xlsx
2012-06-27 14:19 - 2012-06-27 14:19 - 01160704 ____A C:\Users\plco0603\Desktop\SCN DATA.xls
2012-06-27 12:41 - 2012-06-27 12:41 - 07113216 ____A C:\Users\plco0603\Desktop\Keep_cancel list PL01 AC-MPK PL+ 2.xls
2012-06-27 11:32 - 2012-06-27 11:32 - 07113216 ____A C:\Users\plco0603\Desktop\Keep_cancel list PL01 AC-MPK PL+.xls
2012-06-26 08:41 - 2012-06-21 21:56 - 00395690 ____A C:\Users\plco0603\Desktop\CRP presentation.pptx
2012-06-25 07:34 - 2010-11-20 23:48 - 00014446 ____A C:\Windows\PFRO.log
2012-06-21 10:41 - 2012-06-21 10:41 - 03111424 ____A C:\Users\plco0603\Downloads\Latest Quotation.xls
2012-06-21 10:07 - 2012-06-20 16:37 - 00040203 ____A C:\Users\plco0603\Desktop\WVO EMA and APA.xlsx
2012-06-20 11:33 - 2012-06-20 09:29 - 00040077 ____A C:\Users\plco0603\Desktop\OUB Future.xlsx
2012-06-19 15:55 - 2012-06-19 15:36 - 00040033 ____A C:\Users\plco0603\Desktop\HE Future.xlsx
2012-06-19 15:36 - 2012-06-19 14:28 - 00039991 ____A C:\Users\plco0603\Desktop\KVV NAM Market.xlsx
2012-06-19 14:27 - 2012-06-19 14:19 - 00038401 ____A C:\Users\plco0603\Desktop\Action plan & Status follow up_template v 1.11.xlsx
2012-06-19 13:59 - 2012-06-19 13:20 - 00045770 ____A C:\Users\plco0603\Desktop\KVV China Market.xlsx
2012-06-19 13:54 - 2012-06-19 13:54 - 00040596 ____A C:\Users\plco0603\Desktop\KVV India Market.xlsx
2012-06-19 11:31 - 2012-06-19 09:24 - 00045518 ____A C:\Users\plco0603\Desktop\Action plan Supporting Growth in BRIC.xlsx
2012-06-14 11:05 - 2012-06-11 15:35 - 00417537 ____A C:\Users\plco0603\Desktop\Perspective input.pptx
2012-06-13 18:40 - 2012-06-15 23:02 - 465687040 ____A C:\Users\plco0603\Desktop\Movie.avi
2012-06-13 10:30 - 2012-06-13 10:30 - 00120832 ____A C:\Users\plco0603\Desktop\Copy of Charge Media Replacement - Water Valves_.xls
2012-06-11 14:03 - 2012-06-11 14:02 - 00000546 ____A C:\Users\plco0603\Desktop\rfc09020_07420.trc
2012-06-11 14:03 - 2012-06-11 13:59 - 00001701 ____A C:\Users\plco0603\Desktop\dev_rfc.trc
2012-06-11 09:48 - 2012-06-11 09:48 - 05303082 ____A C:\Users\plco0603\Desktop\PL01 Pipeline for Apr 2012.xlsx
2012-06-11 07:20 - 2011-10-06 13:50 - 00001732 ____A C:\Windows\Cisco_WebEx_ProductivityTools.mif
2012-06-11 07:18 - 2012-06-11 07:17 - 00001734 ____A C:\Windows\Cisco_WebEx_Recorder_and_Player.mif
2012-06-11 07:18 - 2011-10-06 13:49 - 00001730 ____A C:\Windows\Cisco_WebEx_TrainingManager.mif
2012-06-11 07:15 - 2012-06-11 07:15 - 00001739 ____A C:\Windows\Cisco_WebEx_Network_Recording_Player.mif
2012-06-11 07:15 - 2011-10-06 13:49 - 00001728 ____A C:\Windows\Cisco_WebEx_MeetingCenter.mif
2012-06-11 07:14 - 2012-06-11 07:14 - 00001918 ____A C:\Users\Default\Desktop\WebEx Recording Editor.LNK
2012-06-11 07:14 - 2012-06-11 07:14 - 00001918 ____A C:\Users\Default User\Desktop\WebEx Recording Editor.LNK
2012-06-11 07:14 - 2012-06-11 07:14 - 00001898 ____A C:\Users\Default\Desktop\WebEx Player.LNK
2012-06-11 07:14 - 2012-06-11 07:14 - 00001898 ____A C:\Users\Default User\Desktop\WebEx Player.LNK
2012-06-11 07:14 - 2012-06-11 07:14 - 00001886 ____A C:\Users\Default\Desktop\WebEx Recorder.LNK
2012-06-11 07:14 - 2012-06-11 07:14 - 00001886 ____A C:\Users\Default User\Desktop\WebEx Recorder.LNK
2012-06-11 07:13 - 2012-06-11 07:13 - 00001727 ____A C:\Windows\Cisco_WebEx_EventManager.mif
2012-06-06 16:13 - 2012-06-06 16:13 - 15560192 ____A C:\Users\plco0603\Desktop\201205 MCG Financials for Monthly Reporting.xls
2012-06-06 16:12 - 2012-06-06 16:12 - 15557120 ____A C:\Users\plco0603\Desktop\201205 KVV Financials for Monthly Reporting.xls
2012-06-06 15:54 - 2012-06-06 15:54 - 15609856 ____A C:\Users\plco0603\Desktop\201205 Financials for Monthly Reporting.xls
2012-06-06 10:48 - 2012-06-06 10:48 - 00030720 ____A C:\Users\plco0603\Desktop\JPR Market Launch Test Questionnaire.xls
2012-06-04 11:28 - 2012-06-04 11:28 - 00392704 ____A C:\Users\plco0603\Desktop\Business Case Template Example_V3.4.2 June 8 2010.xls
2012-06-02 12:42 - 2012-06-02 12:42 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-06-02 12:42 - 2012-06-02 12:42 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-06-02 12:42 - 2012-06-02 12:42 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-06-02 12:42 - 2012-06-02 12:41 - 00001710 ____A C:\Windows\Sun_Java_1.6.0_31_DIT.mif
2012-06-02 12:42 - 2011-10-06 13:59 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-25 16:23 - 2012-05-25 16:23 - 00098636 ____A C:\Users\plco0603\Desktop\Copy of MCG_On OFF KV slow movers plant 0041 May 2012.xlsx
2012-05-18 01:11 - 2012-06-28 09:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-18 00:48 - 2012-06-28 09:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-18 00:45 - 2012-06-28 09:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-18 00:36 - 2012-06-28 09:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-18 00:35 - 2012-06-28 09:21 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-18 00:35 - 2012-06-28 09:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-18 00:33 - 2012-06-28 09:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-18 00:31 - 2012-06-28 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-18 00:29 - 2012-06-28 09:21 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-18 00:29 - 2012-06-28 09:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-18 00:27 - 2012-06-28 09:21 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-18 00:25 - 2012-06-28 09:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-18 00:24 - 2012-06-28 09:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-18 00:20 - 2012-06-28 09:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 03:05 - 2012-06-28 09:14 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 13:58 - 2012-05-10 13:58 - 00000096 ____A C:\Users\plco0603\AppData\Local\fusioncache.dat
2012-05-09 11:39 - 2012-03-15 12:21 - 00010232 ____A C:\Users\plco0603\Desktop\rozliczenie konta blizniaczkowego.xlsx
2012-05-07 13:57 - 2012-05-07 13:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2012-05-07 13:38 - 2011-10-27 13:37 - 00027520 ____A C:\Windows\DPINST.LOG
2012-05-07 13:36 - 2012-05-07 13:29 - 160724984 ____A (HTC Corporation                                              ) C:\Users\plco0603\Downloads\setup_3.2.10.exe
2012-05-04 11:41 - 2011-12-08 12:20 - 00001349 ____A C:\Windows\SecuniaPackage.log
2012-04-29 12:55 - 2012-04-29 12:54 - 00001727 ____A C:\Windows\CapaSystems_PerformanceGuardAgent_5.9.6_X86.mif
2012-04-29 12:55 - 2009-07-14 04:04 - 00042758 ____A C:\Windows\System32\Drivers\etc\services
2012-04-28 06:41 - 2012-06-28 09:23 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-28 05:17 - 2012-06-28 09:23 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 06:45 - 2012-06-28 09:19 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 06:45 - 2012-06-28 09:19 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 06:41 - 2012-06-28 09:19 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ====================== 

Percentage of memory in use: 38%
Total physical RAM: 1942.01 MB
Available physical RAM: 1203.59 MB
Total Pagefile: 3884.02 MB
Available Pagefile: 3191.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.98 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:148.95 GB) (Free:45.39 GB) NTFS
2 Drive p: (Offline) (Network) (Total:148.95 GB) (Free:45.39 GB) CSC-CACHE

======================= End Of Log ==========================