CorvidMoon

Virus/malware that just wont go away and Google redirecting

43 posts in this topic

Yes, that should be working, delete your copy of Farbar Service Scanner and download and run a new one:

Please remove any usb or external drives from the computer before you run these scan!

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

MrC

Share this post


Link to post
Share on other sites

Here ya go!

Farbar Service Scanner Version: 05-02-2012

Ran by Atani (administrator) on 07-02-2012 at 19:24:35

Running from "C:\Users\Atani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4FWCWMIF"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

===========

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

Make sure the mpsdrv Service is running and set to automatic

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

also make sure MpsSvc Service is running and set to automatic.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

MrC

Share this post


Link to post
Share on other sites

How do I do either of those? I'm not sure where to find them. My computer is not letting me change any of the firewall settings.

Here's the message I get:

Windows firewall can't change some of your settings.

Error code 0x80070424

or this one:

The windows firewall with advanced security snap-in failed to load. Restart the windows firewall service on the computer that you are managing.

Error code: 0x6D9

Share this post


Link to post
Share on other sites

I'm sorry, the link below shows you how to view services:

http://www.sevenforu...rt-disable.html

--------------------------------

We can use Farbar Service Scanner to check them:

Please run Farbar Service Scanner

In the search box enter this:

MPSSVC

now click on Export Service

Notepad will open with the results

Copy and paste it back here.

Repeat the proceedure using

MPSDRV

MrC

Share this post


Link to post
Share on other sites

For some reason that didn't work right.

Please do this......

Go to the link below and install erunt and create a back-up of the registry:

http://www.geekstogo...ry-using-erunt/

Next......

Download these two files to your desktop:

MpsSvc

mpsdrv

Now right click on each one and choose "merge" allow them to merge into the registry

Reboot the computer and run me another scan with Farbar Service Scanner, post the results

MrC

Share this post


Link to post
Share on other sites

Like this......

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

MrC

Share this post


Link to post
Share on other sites

Alrighty here ya go!

arbar Service Scanner Version: 13-02-2012

Ran by Atani (administrator) on 14-02-2012 at 17:56:41

Running from "C:\Users\Atani\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

Looks Good :)

It should be working now, Let me know....MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.