Windows 7 Antivirus 2012 : Problems

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Windows 7 Antivirus 2012 : Problems

#1 Babaorum

Member

Group: Members
Posts: 36
Joined: 30-January 12

Posted 30 January 2012 - 08:36 PM

Hi!

I was infected by Windows 7 Antivirus 2012 malware. I think it's not gone completly.

I can't print on my wifi printer (other computer from network can)
Some program can't access internet, like gadget in windows 7 (Accuweather)

These 2 problems occurs only after the malware.

Here the Farbar scan:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 30-01-2012 at 20:29:21
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
Attention! C:\Windows\System32\drivers\nsiproxy.sys is missing.
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

The problem look like nsiproxy.sys. I tried sfc /scannow with no success.

I hope somebody will help me.

Thanks!

This post has been edited by Queen-Evie: 30 January 2012 - 08:39 PM
Reason for edit: moved from Windows 7

#2 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 31 January 2012 - 11:11 AM

Welcome aboard Posted Image

Please delete your FSS file, download fresh one and post new log.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#3 Babaorum

Member

Group: Members
Posts: 36
Joined: 30-January 12

Posted 31 January 2012 - 08:03 PM

Thanks Broni!

Here my new log... same thing:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 31-01-2012 at 19:59:08
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
Attention! C:\Windows\System32\drivers\nsiproxy.sys is missing.
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Do you what is nsiproxy.sys ? Do you think it's the reason that I have my problems with the wifi printer ?

Thanks

#4 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 31 January 2012 - 08:09 PM

Possibly.
Let's see if we can find a replacement.

Please run Farbar Service Scanner FSS).
Type the following in the edit box after "Search:".

nsiproxy.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#5 Babaorum

Member

Group: Members
Posts: 36
Joined: 30-January 12

Posted 31 January 2012 - 08:31 PM

Here the log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 31-01-2012 at 20:31:14
Windows 7 Home Premium Service Pack 1 (X64)

************************************************
================== Search: "nsiproxy.sys
" ===================

C:\Windows\winsxs\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_6.1.7600.16385_none_ce571486e124e749\nsiproxy.sys
[2009-07-13 18:21] - [2012-01-30 20:23] - 0024576 ____A (Microsoft Corporation) E7F5AE18AF4168178A642A9247C63001

====== End Of Search ======

#6 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 31 January 2012 - 08:39 PM

Download following batch file: http://www.bleepstatic.com/fhost/uploads/0/90-fix.bat
Double click on it to run the fix.
Command prompt window will open briefly.

Restart computer.
Check on your issue and post new FSS log.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#7 Babaorum

Member

Group: Members
Posts: 36
Joined: 30-January 12

Posted 31 January 2012 - 08:50 PM

Here the log after the batch file:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 31-01-2012 at 20:45:40
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
Attention! C:\Windows\System32\drivers\nsiproxy.sys is missing.
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 31-01-2012 at 20:46:40
Windows 7 Home Premium Service Pack 1 (X64)

************************************************
================== Search: "nsiproxy.sys" ===================

C:\Windows\winsxs\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_6.1.7600.16385_none_ce571486e124e749\nsiproxy.sys
[2009-07-13 18:21] - [2012-01-30 20:23] - 0024576 ____A (Microsoft Corporation) E7F5AE18AF4168178A642A9247C63001

====== End Of Search ======