Farbar Service Scanner Version: 06-08-2012 Ran by Administrator (administrator) on 25-08-2012 at 12:00:13 Running from "G:\docs\download" Microsoft(R) Windows(R) Server 2003, Enterprise Edition Dodatek Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is set to Demand. The default start type is Auto. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Nsi Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist. nsiproxy Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open nsiproxy registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open nsiproxy registry key. The service key does not exist. tdx Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist. Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open mpsdrv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open mpsdrv registry key. The service key does not exist. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ SDRSVC Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist. System Restore Disabled Policy: ======================== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"=DWORD:1 Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is set to Disabled. The default start type is Auto. Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Disabled. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll". BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll". EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is set to Disabled. The default start type is Auto. The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs". The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll". cryptsvc Service is not running. Checking service configuration: The start type of cryptsvc service is set to Demand. The default start type is Auto. The ImagePath of cryptsvc: "%SystemRoot%\system32\svchost.exe -k netsvcs". The ServiceDll of cryptsvc service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Other Services: ============== Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist. Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist. Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist. File Check: ======== ATTENTION!=====> C:\WINDOWS\system32\nsisvc.dll FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\WINDOWS\system32\Drivers\nsiproxy.sys FILE IS MISSING AND SHOULD BE RESTORED. C:\WINDOWS\system32\Drivers\afd.sys [2007-02-17 07:59] - [2007-02-17 07:59] - 0150528 ____A (Microsoft Corporation) E55AD49AD3DF929D9858DB4274784DC0 ATTENTION!=====> C:\WINDOWS\system32\Drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED. C:\WINDOWS\system32\Drivers\tcpip.sys [2007-02-17 08:07] - [2007-02-17 08:07] - 0383488 ____A (Microsoft Corporation) 76788FA017C0FD42E32D21555AB4FD89 C:\WINDOWS\system32\dnsrslvr.dll [2007-02-17 09:06] - [2007-02-17 09:06] - 0045568 ____A (Microsoft Corporation) C4A35A4F3E70081852DA10F9A3B67152 ATTENTION!=====> C:\WINDOWS\system32\mpssvc.dll FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\WINDOWS\system32\bfe.dll FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\WINDOWS\system32\Drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\WINDOWS\system32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED. C:\WINDOWS\system32\vssvc.exe [2007-02-17 08:35] - [2007-02-17 08:35] - 0839680 ____A (Microsoft Corporation) C0DB37E3C0D7F6EBDEEA35DC1C3CF760 ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED. C:\WINDOWS\system32\wbem\WMIsvc.dll [2007-09-27 12:27] - [2007-02-17 08:49] - 0143872 ____A (Microsoft Corporation) CA8CF558CF51048F3CCD6778F83B77A0 C:\WINDOWS\system32\wuaueng.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll [2007-09-27 12:30] - [2007-02-17 08:53] - 0380928 ____A (Microsoft Corporation) 53E23A0E587D7869C5F539772620DC4B C:\WINDOWS\system32\es.dll [2007-02-17 08:01] - [2007-02-17 08:01] - 0238592 ____A (Microsoft Corporation) C60E370018F61C09044710BE8E3E0920 C:\WINDOWS\system32\cryptsvc.dll [2007-02-17 09:04] - [2007-02-17 09:04] - 0056320 ____A (Microsoft Corporation) 7DB5020817BAFAC898E28D7DADB1B56E ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED. C:\WINDOWS\system32\ipnathlp.dll [2007-02-17 08:57] - [2007-02-17 08:57] - 0343552 ____A (Microsoft Corporation) 04698E531DB8EF8A21979D8E054735A5 C:\WINDOWS\system32\svchost.exe [2007-02-17 08:07] - [2007-02-17 08:07] - 0014848 ____A (Microsoft Corporation) 007E7B9113E6EAE9A886060D40B97C0B C:\WINDOWS\system32\rpcss.dll [2007-02-17 08:05] - [2007-02-17 08:05] - 0481792 ____A (Microsoft Corporation) 302E82D9EBE2081E28A0E3AB581A3C0C **** End of log ****