Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02 Ran by SYSTEM (administrator) on MINWINPC on 30-06-2014 18:59:58 Running from f:\Files Platform: Windows (TM) Code Name "Longhorn" Preinstallation Environment (X86) OS Language: English (United States) Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) X:\Windows\System32\winpeshl.exe (Microsoft Corporation) X:\sources\recovery\RecEnv.exe (Microsoft Corporation) X:\Windows\System32\wbengine.exe (Microsoft Corporation) X:\Windows\System32\vds.exe (Microsoft Corporation) X:\Windows\System32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [x ] () <=== ATTENTION BootExecute: ==================== Internet (Whitelisted) ==================== URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM - DefaultScope value is missing. Winsock: Catalog5 02 %SystemRoot%\System32\winrnr.dll File Not found () FireFox: ======== ========================== Services (Whitelisted) ================= S3 sacsvr; X:\windows\system32\sacsvr.dll [14848 2006-11-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R0 FBWF; X:\windows\System32\DRIVERS\fbwf.sys [69120 2006-11-02] (Microsoft Corporation) R0 Pnp680; X:\windows\System32\drivers\pnp680.sys [59776 2006-06-20] (Silicon Image, Inc.) R0 Ramdisk; X:\windows\System32\DRIVERS\ramdisk.sys [22528 2006-11-02] (Microsoft Corporation) S0 sacdrv; X:\windows\System32\DRIVERS\sacdrv.sys [83560 2006-11-02] (Microsoft Corporation) R0 SI3112; X:\windows\System32\drivers\si3112.sys [62336 2006-10-23] (Silicon Image, Inc.) R0 SiFilter; X:\windows\System32\drivers\siwinacc.sys [10368 2004-11-01] (Silicon Image, Inc.) R0 SiRemFil; X:\windows\System32\drivers\siremfil.sys [5504 2006-10-18] (Silicon Image, Inc.) R0 WimFsf; X:\windows\system32\Drivers\WimFsf.sys [52224 2006-11-02] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== NETSVC: sacsvr -> X:\Windows\system32\sacsvr.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-06-30 18:58 - 2014-06-30 18:58 - 00000000 ____D () X:\FRST 2014-06-30 18:39 - 2014-06-30 18:39 - 00061640 _____ () X:\windows\system32\FNTCACHE.DAT 2014-06-30 18:39 - 2014-06-30 18:39 - 00000094 _____ () X:\windows\SETUPAPI.LOG 2014-06-30 18:39 - 2014-06-30 18:39 - 00000094 _____ () X:\Windows\SETUPAPI.LOG 2014-06-30 18:39 - 2014-06-30 18:39 - 00000034 _____ () X:\Windows\setupact.log 2014-06-30 18:39 - 2014-06-30 18:39 - 00000034 _____ () X:\windows\setupact.log 2014-06-30 18:39 - 2014-06-30 18:39 - 00000000 _____ () X:\Windows\setuperr.log 2014-06-30 18:39 - 2014-06-30 18:39 - 00000000 _____ () X:\windows\setuperr.log ==================== One Month Modified Files and Folders ======= 2014-06-30 19:00 - 2014-06-30 18:39 - 00061640 _____ () X:\windows\system32\FNTCACHE.DAT 2014-06-30 18:58 - 2014-06-30 18:58 - 00000000 ____D () X:\FRST 2014-06-30 18:39 - 2014-06-30 18:39 - 00000094 _____ () X:\windows\SETUPAPI.LOG 2014-06-30 18:39 - 2014-06-30 18:39 - 00000094 _____ () X:\Windows\SETUPAPI.LOG 2014-06-30 18:39 - 2014-06-30 18:39 - 00000034 _____ () X:\Windows\setupact.log 2014-06-30 18:39 - 2014-06-30 18:39 - 00000034 _____ () X:\windows\setupact.log 2014-06-30 18:39 - 2014-06-30 18:39 - 00000000 _____ () X:\Windows\setuperr.log 2014-06-30 18:39 - 2014-06-30 18:39 - 00000000 _____ () X:\windows\setuperr.log ==================== Bamital & volsnap Check ================= X:\windows\explorer.exe IS MISSING <==== ATTENTION!. X:\windows\system32\winlogon.exe => File is digitally signed X:\windows\system32\wininit.exe => File is digitally signed X:\windows\system32\svchost.exe => File is digitally signed X:\windows\system32\services.exe => File is digitally signed X:\windows\system32\User32.dll => File is digitally signed X:\windows\system32\userinit.exe => File is digitally signed X:\windows\system32\rpcss.dll => File is digitally signed X:\windows\system32\Drivers\volsnap.sys => File is digitally signed X:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!. ==================== End Of Log ============================