Farbar Service Scanner Version: 22-07-2012 Ran by Hannibal (administrator) on 25-07-2012 at 21:31:59 Running from "C:\Users\Hannibal\Desktop" Microsoft Windows 7 Enterprise Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is set to Disabled. The default start type is 3. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll". Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is set to Auto The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys [2011-11-02 23:04] - [2011-11-02 23:04] - 0024576 ____A (Microsoft Corporation) 436EE51D8F206B79DF7B9CBB057299C0 C:\Windows\System32\dhcpcore.dll [2011-11-02 22:14] - [2011-11-02 22:14] - 0317952 ____A (Microsoft Corporation) 0DAF7DA005BCA551672217F880B7CABC C:\Windows\System32\drivers\afd.sys [2012-02-16 21:00] - [2011-12-28 06:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-06-18 19:41] - [2012-03-30 12:26] - 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9 C:\Windows\System32\dnsrslvr.dll [2011-11-02 22:29] - [2011-11-02 22:29] - 0183296 ____A (Microsoft Corporation) A06098E823EE2E63D42691C0D7BCDE46 C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll [2011-11-02 19:12] - [2011-11-02 19:12] - 0706560 ____A (Microsoft Corporation) CD5F2506D814F812BC4996D081D1BF03 C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED. C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\svchost.exe [2011-11-02 22:24] - [2011-11-02 22:24] - 0027648 ____A (Microsoft Corporation) 635455A95EB8EC47AC72142E501465ED C:\Windows\System32\rpcss.dll [2011-11-02 22:12] - [2011-11-02 22:12] - 0512000 ____A (Microsoft Corporation) 225EFEE8960E554F3AB9A4A91790C039 **** End of log ****