Farbar Service Scanner Version: 22-02-2012 Ran by Pawel (administrator) on 04-03-2012 at 16:24:06 Running from "E:\tools\antywir" Microsoft® Windows Vista™ Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. File Check: ======== C:\Windows\System32\nsisvc.dll [2009-08-31 07:28] - [2008-01-19 09:03] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcsvc.dll [2009-08-31 07:23] - [2008-01-19 09:01] - 0268288 ____A (Microsoft Corporation) FDAA0EDFCFB70CD529589AD654651B40 C:\Windows\System32\drivers\afd.sys [2011-06-16 07:32] - [2011-04-21 14:42] - 0407552 ____A (Microsoft Corporation) 9BB97042FA331A0FB4BDD98B9280A50A C:\Windows\System32\drivers\tdx.sys [2009-08-31 07:28] - [2008-01-19 07:36] - 0094208 ____A (Microsoft Corporation) 8C39C72E0E853DE04748C0337D9B9216 C:\Windows\System32\Drivers\tcpip.sys [2011-03-14 08:55] - [2010-06-16 17:40] - 1420176 ____A (Microsoft Corporation) 7D86275FB640011B372FD566C0EAFA8D C:\Windows\System32\dnsrslvr.dll [2011-04-14 06:32] - [2011-03-02 16:10] - 0117760 ____A (Microsoft Corporation) DAF05293C1264E251D3A25E7E24B2DDF C:\Windows\System32\mpssvc.dll [2009-08-31 07:30] - [2008-01-19 09:02] - 0601088 ____A (Microsoft Corporation) 8A670648C755867A3AA38DA50BA569AA C:\Windows\System32\bfe.dll [2009-08-31 07:26] - [2008-01-19 09:00] - 0458240 ____A (Microsoft Corporation) BC4737AAFFA5964E4F8827C9B8C0EB8E C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-08-31 07:27] - [2008-01-19 09:03] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018 C:\Windows\System32\vssvc.exe [2009-08-31 07:29] - [2008-01-19 09:00] - 1432576 ____A (Microsoft Corporation) 186BD53F8A408AD20F5A056C05678629 C:\Windows\System32\wscsvc.dll [2009-08-31 07:27] - [2008-01-19 09:04] - 0074752 ____A (Microsoft Corporation) CB8EA6D95949384925CCFCA21CC6DFD8 C:\Windows\System32\wbem\WMIsvc.dll [2009-08-31 07:29] - [2008-01-19 09:04] - 0221696 ____A (Microsoft Corporation) AC98F38FEAB066A8F983D54FF3F4FD4C C:\Windows\System32\wuaueng.dll [2009-10-21 08:21] - [2009-08-07 03:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D C:\Windows\System32\qmgr.dll [2009-08-31 07:22] - [2008-01-19 09:03] - 1082368 ____A (Microsoft Corporation) D896A0D43F8AB81ECB1FC6C24DECFD58 C:\Windows\System32\es.dll [2009-03-13 03:01] - [2009-03-13 03:01] - 0361984 ____A (Microsoft Corporation) 6B1A97BF9FEFBDC83F3C7C7D0F826C66 C:\Windows\System32\cryptsvc.dll [2009-08-31 07:22] - [2008-01-19 09:01] - 0165376 ____A (Microsoft Corporation) 4374F784121D8B3BB466B03F5E5EBD33 C:\Program Files\Windows Defender\MpSvc.dll [2009-08-31 07:30] - [2008-01-19 09:06] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2009-04-15 19:08] - [2009-03-03 05:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C **** End of log ****