Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01 Ran by SYSTEM at 22-07-2012 15:35:52 Running from E:\ Windows (TM) Code Name "Longhorn" Preinstallation Environment (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [x ] () ================================ Services (Whitelisted) ================== 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation) 3 sacsvr; C:\Windows\System32\sacsvr.dll [14848 2006-11-02] (Microsoft Corporation) ========================== Drivers (Whitelisted) ============= 0 FBWF; C:\Windows\System32\DRIVERS\fbwf.sys [69120 2006-11-02] (Microsoft Corporation) 0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2006-11-02] (Microsoft Corporation) 0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [83560 2006-11-02] (Microsoft Corporation) 0 WimFsf; C:\Windows\System32\Drivers\WimFsf.sys [52224 2006-11-02] (Microsoft Corporation) ========================== NetSvcs (Whitelisted) =========== NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) ============ One Month Created Files and Folders ============== 2012-07-22 15:35 - 2012-07-22 15:35 - 00000000 ____D C:\FRST 2012-07-22 15:14 - 2012-07-22 15:14 - 00130162 ____A C:\OTL.Txt ============ 3 Months Modified Files ======================== 2012-07-22 15:14 - 2012-07-22 15:14 - 00130162 ____A C:\OTL.Txt 2012-07-02 19:27 - 2007-05-18 00:01 - 00060048 ____A C:\Windows\System32\FNTCACHE.DAT ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2006-11-02 04:38] - [2006-11-02 05:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2006-11-02 04:52] - [2006-11-02 05:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 2045.84 MB Available physical RAM: 1787.82 MB Total Pagefile: 1876.54 MB Available Pagefile: 1796.2 MB Total Virtual: 2047.88 MB Available Virtual: 2002.02 MB ======================= Partitions ========================= 2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 3 Drive c: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.83 GB) NTFS 4 Drive d: (OS) (Fixed) (Total:222.78 GB) (Free:24.05 GB) NTFS 5 Drive e: (KINGSTON) (Removable) (Total:1.87 GB) (Free:0.76 GB) FAT 6 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 55 MB 32 KB Partition 2 Primary 10 GB 55 MB Partition 3 Primary 223 GB 10 GB Partition 4 Unknown 1609 KB 233 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 FAT Partition 55 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C RECOVERY NTFS Partition 10 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D OS NTFS Partition 223 GB Healthy ================================================================================== Disk: 0 Partition 4 Type : 17 (Suspicious Type) Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 Partition 2048 KB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-02 19:23 ======================= End Of Log ==========================