Farbar Service Scanner Version: 07-12-2012 Ran by Sebastian (administrator) on 07-12-2012 at 09:33:15 Running from "C:\Users\Sebastian\Desktop" Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys [2009-07-14 00:21] - [2009-07-14 00:21] - 0024576 ____A () D41D8CD98F00B204E9800998ECF8427E ATTENTION!=====> C:\Windows\System32\drivers\nsiproxy.sys IS INFECTED AND SHOULD BE REPLACED. C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-02-16 22:31] - [2011-12-28 04:59] - 0498688 ____A () D41D8CD98F00B204E9800998ECF8427E ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED. C:\Windows\System32\drivers\tdx.sys [2010-11-21 04:24] - [2010-11-21 04:24] - 0119296 ____A () D41D8CD98F00B204E9800998ECF8427E ATTENTION!=====> C:\Windows\System32\drivers\tdx.sys IS INFECTED AND SHOULD BE REPLACED. C:\Windows\System32\Drivers\tcpip.sys [2012-11-15 15:21] - [2012-10-03 18:56] - 1914248 ____A () D41D8CD98F00B204E9800998ECF8427E ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys IS INFECTED AND SHOULD BE REPLACED. C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 01:08] - [2009-07-14 01:08] - 0077312 ____A () D41D8CD98F00B204E9800998ECF8427E ATTENTION!=====> C:\Windows\System32\drivers\mpsdrv.sys IS INFECTED AND SHOULD BE REPLACED. C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****