Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Antivirus 2012 : Problems


  • This topic is locked This topic is locked
17 replies to this topic

#1 Babaorum

Babaorum

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 30 January 2012 - 08:36 PM

Hi!

I was infected by Windows 7 Antivirus 2012 malware. I think it's not gone completly.

I can't print on my wifi printer (other computer from network can)
Some program can't access internet, like gadget in windows 7 (Accuweather)

These 2 problems occurs only after the malware.

Here the Farbar scan:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 30-01-2012 at 20:29:21
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
Attention! C:\Windows\System32\drivers\nsiproxy.sys is missing.
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

The problem look like nsiproxy.sys. I tried sfc /scannow with no success.

I hope somebody will help me.

Thanks!

Edited by Queen-Evie, 30 January 2012 - 08:39 PM.
moved from Windows 7


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 31 January 2012 - 11:11 AM

Welcome aboard Posted Image

Please delete your FSS file, download fresh one and post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Babaorum

Babaorum
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 31 January 2012 - 08:03 PM

Thanks Broni!

Here my new log... same thing:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 31-01-2012 at 19:59:08
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
Attention! C:\Windows\System32\drivers\nsiproxy.sys is missing.
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Do you what is nsiproxy.sys ? Do you think it's the reason that I have my problems with the wifi printer ?

Thanks

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 31 January 2012 - 08:09 PM

Possibly.
Let's see if we can find a replacement.

Please run Farbar Service Scanner FSS).
Type the following in the edit box after "Search:".

nsiproxy.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Babaorum

Babaorum
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 31 January 2012 - 08:31 PM

Here the log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 31-01-2012 at 20:31:14
Windows 7 Home Premium Service Pack 1 (X64)

************************************************
================== Search: "nsiproxy.sys
" ===================

C:\Windows\winsxs\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_6.1.7600.16385_none_ce571486e124e749\nsiproxy.sys
[2009-07-13 18:21] - [2012-01-30 20:23] - 0024576 ____A (Microsoft Corporation) E7F5AE18AF4168178A642A9247C63001

====== End Of Search ======

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 31 January 2012 - 08:39 PM

Download following batch file: http://www.bleepstatic.com/fhost/uploads/0/90-fix.bat
Double click on it to run the fix.
Command prompt window will open briefly.

Restart computer.
Check on your issue and post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Babaorum

Babaorum
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 31 January 2012 - 08:50 PM

Here the log after the batch file:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 31-01-2012 at 20:45:40
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
Attention! C:\Windows\System32\drivers\nsiproxy.sys is missing.
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Farbar Service Scanner Version: 18-01-2012 01
Ran by Fred (administrator) on 31-01-2012 at 20:46:40
Windows 7 Home Premium Service Pack 1 (X64)

************************************************
================== Search: "nsiproxy.sys" ===================

C:\Windows\winsxs\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_6.1.7600.16385_none_ce571486e124e749\nsiproxy.sys
[2009-07-13 18:21] - [2012-01-30 20:23] - 0024576 ____A (Microsoft Corporation) E7F5AE18AF4168178A642A9247C63001

====== End Of Search ======

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 31 January 2012 - 08:54 PM

Possibly something keeps removing that file.
Re-try the process one more time.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Babaorum

Babaorum
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 31 January 2012 - 08:57 PM

I added a PAUSE in the batch file and the error message is : Access denied

I tried to run the batch with admin privilege... same thing!

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 31 January 2012 - 09:00 PM

What do you mean by you added some "Pause"?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Babaorum

Babaorum
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 31 January 2012 - 09:03 PM

I just added PAUSE in batch file. I wanted to see the error message from the command prompt.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 31 January 2012 - 09:04 PM

Run the batch file from safe mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Babaorum

Babaorum
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 31 January 2012 - 10:06 PM

Same thing : Access denied

Same log also!

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 31 January 2012 - 10:11 PM

OK, enable Windows 7 real administrator account: http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-windows-vista/ log into it and try from there.

Disable that account when done.

Edited by Broni, 31 January 2012 - 10:11 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Babaorum

Babaorum
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 31 January 2012 - 10:23 PM

Same thing again: access denied.

I tried also Safe Mode with admin account: access denied

Argh!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users