Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Started with google redirection now no network

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 8:13 pm

FSS Scan log:
Farbar Service Scanner Version: 01-02-2012 03
Ran by Admin (administrator) on 02-02-2012 at 23:38:37
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 20:01] - [2011-09-20 21:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am
Advertisement
Register to Remove

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 8:15 pm

FSS File search log:
Farbar Service Scanner Version: 01-02-2012 03
Ran by Admin (administrator) on 02-02-2012 at 23:39:59
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

************************************************
======== Search: "dfsc.sys" =========

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys
[2011-06-16 15:22] - [2011-04-14 14:36] - 0075264 ____A (Microsoft Corporation) 3A3436F7DFE0E0C58CD5C3B6C9F21634

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys
[2011-06-16 15:22] - [2011-04-14 14:59] - 0075264 ____A (Microsoft Corporation) 622C41A07CA7E6DD91770F50D532CB6C

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys
[2009-08-22 11:59] - [2009-04-11 04:14] - 0075264 ____A (Microsoft Corporation) 218D8AE46C88E82014F5D73D0236D9B2

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys
[2011-06-16 15:22] - [2011-04-13 13:22] - 0075264 ____A (Microsoft Corporation) E20FB30D720810646ED24FB7CA9899A2

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys
[2011-06-16 15:22] - [2011-04-14 14:24] - 0075264 ____A (Microsoft Corporation) A3E9FA213F443AC77C7746119D13FEEC

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys
[2009-05-29 10:27] - [2008-01-19 05:28] - 0075264 ____A (Microsoft Corporation) 9E635AE5E8AD93E2B5989E2E23679F97

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys
[2006-11-02 08:31] - [2006-11-02 08:31] - 0074752 ____A (Microsoft Corporation) A7179DE59AE269AB70345527894CCD7C

C:\Windows\System32\drivers\dfsc.sys
[2011-06-16 15:22] - [2011-04-14 14:59] - 0075264 ____A (Microsoft Corporation) 622C41A07CA7E6DD91770F50D532CB6C

====== End Of Search ======
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 8:16 pm

FSS Service export log:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dfsc]
"DisplayName"="@%systemroot%\\system32\\drivers\\dfsc.sys,-101"
"Group"="Network"
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,66,00,73,00,63,00,2e,00,73,\
00,79,00,73,00,00,00
"Description"="@%systemroot%\\system32\\drivers\\dfsc.sys,-102"
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000002
"DependOnService"=hex(7):4d,00,75,00,70,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dfsc\Enum]
"0"="Root\\LEGACY_DFSC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_dfsc]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_dfsc\0000]
"Service"="DfsC"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000020
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Dfs Client Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_dfsc\0000\Control]
"ActiveService"="DfsC"
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 8:17 pm

Command prompt sc query (export.txt):

SERVICE_NAME: dfsc
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 8:18 pm

MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912020107

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19170

03/02/2012 00:05:47
mbam-log-2012-02-03 (00-05-47).txt

Scan type: Quick scan
Objects scanned: 358494
Time elapsed: 19 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby Gary R » February 3rd, 2012, 2:50 am

This does not look good, it's looking like a re-format of your hard drive and a re-install of Windows may be your only resolution to your problem.

Several services are stopped, you have damage to one of your service keys, and one of your network drivers is missing. We'll need to do a little investigating to see whether it's possible to repair things or not, but if the damage is extensive then we may not be able to patch thing up.

First

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • In the Search box type ... MpsSvc
  • Click on Export Service
  • When the scan finishes a log will be produced.
  • Please post me the log.

Next

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • In the Search box type ... tdx.sys
  • Click on Search Files
  • When the scan finishes a log will be produced.
  • Please post me the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Started with google redirection now no network

Unread postby pompeyfan » February 3rd, 2012, 6:44 am

Ok. Well I'll keep fingers crossed just in case (although I guess the empty export for MpsSvc below doesn't look good)...

Fss export MpsSvc log:

Windows Registry Editor Version 5.00

Fss tdx.sys search log:

Farbar Service Scanner Version: 01-02-2012 03
Ran by Admin (administrator) on 03-02-2012 at 10:35:08
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

************************************************
======== Search: "tdx.sys" =========

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
[2009-05-29 10:27] - [2008-01-19 05:55] - 0071680 ____A (Microsoft Corporation) D09276B1FAB033CE1D40DCBDF303D10F

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys
[2006-11-02 08:57] - [2006-11-02 08:57] - 0068096 ____A (Microsoft Corporation) AB4FDE8AF4A0270A46A001C08CBCE1C2

====== End Of Search ======
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby Gary R » February 3rd, 2012, 7:28 am

It seems the whole service key for MpsSvc .... (Windows Firewall) .... is missing.

As this key is tied into a number of other services, and has a number of fairly complex permissions associated with it, I don't feel it is a viable or safe option to try and rebuild it, since the security of your computer depends in getting them right, and there are too many options for error.

The only practical course of action open to you now, is to backup your personal files and folders, then to reformat your hard drive and reinstall Windows, after that you'll have to reinstall any programs and drivers that you use.

I'm sorry it has come to this, and that we couldn't recover your machine for you.

Once you've got your computer up and running again, please read the following article, which makes a few suggestions on how to secure your computer .... viewtopic.php?f=4&t=54766
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Started with google redirection now no network

Unread postby pompeyfan » February 3rd, 2012, 7:34 am

Ok, well thanks for your time and efforts anyway, it is much appreciated.
Regarding backup of personal files etc, do you have any reccommendations for the best & safest way? Obviously I don't want to backup and restore anything that could infect the new installation again, or is it now not infected (and is it worth me doing another DDS and posting to confirm if its clean)?
Should I just copy things by hand or use a utility?

Many thanks
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby Gary R » February 3rd, 2012, 10:36 am

It's unlikely that your personal files and folders will contain any infection files, but since you're going to be saving them to some external device (like a USB drive), I'd scan the drive with an Anti-Virus before re-connecting it to your newly re-formatted computer.

Under Vista and Windows 7, drives do not auto start when they are connected, so you should be able to scan it before opening it.

However, if you're at all worried about doing this ....

  • Download Flash_Disinfector and save it to your Desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds, and your desktop will disappear during the process (this is normal).
  • When done, a message box will appear. Click OK.
  • Your desktop should now re-appear.
  • If it doesn't.
    • Press Ctrl + Alt + Del to open Task Manager.
    • Click on File > New Task (Run...).
    • Type in explorer.exe and press OK.
    • Your desktop should now appear.

As for backing up your files, it's probably best to do it manually, since automatic backups (using a utility) usually backup a number of system files as well, which would increase your chances of saving an infected file.

Don't forget to Export any Favorities (Bookmarks) for Internet Explorer or Firefox, it's a real nuisance trying to put them all back if you forget.

If you don't know how to do this, let me know, and I'll explain how.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Started with google redirection now no network

Unread postby Gary R » February 6th, 2012, 10:42 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware