Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: More Firewall Issues


02 Mar 2012   #1

win 7 home prem 64 bit
 
 
More Firewall Issues

Hi,all.had posted at end of a long running thread with similar issue,but have now started it here,hope that's OK.
Am unable to start windows firewall,error code 13.
Have stand alone win 7. 64bit home premium machine,am sole user
BFE appears to be started
I would like to confirm that related drivers are normal.firewall depends on authorization driver mpsdrv.sys
In driver list this has no enble,disable,reinstall panel
There is also firewall liteweight filter wfplwf.sys
Are both these OK?cannot install any other firewall on that machine,so using tablet to post
Many thanks
Poppy

My System SpecsSystem Spec
.

08 Mar 2012   #2

MS Windows 7 Home Premium 64-bit SP1
 
 

Dear kiwipoppy,
This may have to do with "permissions" Verify Log On permissions
Verify registry permissions

Verify privilege permissions

Verify Service DependenciesReset the default security permissions

Verify that the TxR folder exists : %systemroot%\system32\config\

TxRVerify the following registry keys by comparing them to a default Windows installation:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShareAccess
If the above does not help. your current user account "may" be corrupted. Create a NEW User Account. Lof off and log in!


If this too does not resolve the prob., then disable the 3rd party AV(not MSE) and try to enable the Win.Firewall.


Regards and best wishes,
sreedhav


PS: how did you make sure that BFS is enabled?
My System SpecsSystem Spec
09 Mar 2012   #3

win 7 home prem 64 bit
 
 

Thanks for replying.am not completely new to computers but not certain how to verify permissions like that.
Am used to setting permission on files and folders,but am blank on what you mean by verifying,and can see no way to reset default dependencies,sorry
The Txr file does exist, it contains 2 .blf files,and four. Regtrans-Ms files with long numerical file names which include TMcontainer000000000000002 or similar.
The registry files do exist but I have no way of comparing them to a default win 7 setting.
Shared access(not share) is full of firewall rules,even when it was working,I could not get into set back to default,new rules seemed to be added all the time,but it never advised me of any
Activity,even though notifications enabled.
Trying to change any rule manually resulted in shutdown of whole thing.
Last time think was my fault,tried to stop AxInstSvchost having free access,can't figure how to reverse this
Checked BFE in services.msc,shows as started,trying to start firewall the gives message'windows could not start the firewall on local computer' and mentions 'service specific error code 13"
Although I am the only person with physical access to this machine,am fairly sure thatit has been hijacked,and so I am trying to get firewall started,so I can at least get back online
So what was your opinion of those drivers?Normal for win 7 setup
Thanks again
My System SpecsSystem Spec
.


09 Mar 2012   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
09 Mar 2012   #5

MS Windows 7 Home Premium 64-bit SP1
 
 

Quote   Quote: Originally Posted by kiwipoppy View Post
Thanks for replying.am not completely new to computers but not certain how to verify permissions like that.
Am used to setting permission on files and folders,but am blank on what you mean by verifying,and can see no way to reset default dependencies,sorry
The Txr file does exist, it contains 2 .blf files,and four. Regtrans-Ms files with long numerical file names which include TMcontainer000000000000002 or similar.
The registry files do exist but I have no way of comparing them to a default win 7 setting.
Shared access(not share) is full of firewall rules,even when it was working,I could not get into set back to default,new rules seemed to be added all the time,but it never advised me of any
Activity,even though notifications enabled.
Trying to change any rule manually resulted in shutdown of whole thing.
Last time think was my fault,tried to stop AxInstSvchost having free access,can't figure how to reverse this
Checked BFE in services.msc,shows as started,trying to start firewall the gives message'windows could not start the firewall on local computer' and mentions 'service specific error code 13"
Although I am the only person with physical access to this machine,am fairly sure thatit has been hijacked,and so I am trying to get firewall started,so I can at least get back online
So what was your opinion of those drivers?Normal for win 7 setup
Thanks again
Kindly reply to @jacee!
I will give you an example of checking for permissions in ,for EX. "Registry". Here's what to do: Go to Start>Run>Regedit, then in the Registry Editor select "HK_Local_Machine". Then go to Edit>Permissions, and make sure that the Administrators group has "Full control" selected. If you are permitted, then that has checked out right.
You have mentioned the probability of a "Hijack". That may/can be the root cause of all your troubles. Download MalwareBytesAntiMalware (MBAM),update and run. It will definitely catch any "Trojan Hijackers" and clean them for you. In that case the Win.Drivers are Kapoot!

Best wishes,
sreedhav
My System SpecsSystem Spec
09 Mar 2012   #6

win 7 home prem 64 bit
 
 

Thanks jacee,followed those instructions,repository was consistent
No 3rd party firewall
Event viewer will not create custom view for firewall but services manager shows"firewall terminated with service specific error.data is invali
Details show "param2. %%13
All relevant service dependencies appear to be started
My System SpecsSystem Spec
09 Mar 2012   #7

win 7 home prem 64 bit
 
 

Have been spending a lot of time making sure administrators have full access,one of the inital symptoms was "access denied" messages
Also think the windows installer is corrupted,no security program shows any infection,they run,but cannot update,and as MBAM runs get "system DLL is being modified"messages
Visits to security forums are blocked or really slow
Random strange websites have been accessed
Credit card details have been stolen
Entries in registry,and other places in foreign text
Windows updateswill not install
Repair or reinstall results in same situation,as soon as supposedly clean backup file is installed
Can put up with these issues,which no one seems able to believe,yet alone solve!
But I would like my firewall back,I am fond of it,hehe
Many thanks to sreedhav
My System SpecsSystem Spec
10 Mar 2012   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Your computer looks like it's been severly compromised!
Quote:
runs get "system DLL is being modified"messages
Visits to security forums are blocked or really slow
Random strange websites have been accessed
Credit card details have been stolen
Entries in registry,and other places in foreign text
Windows updateswill not install
Repair or reinstall results in same situation,as soon as supposedly clean backup file is installed
I believe you have a stealth MBR 'Rootkit' and need to wipe the computer and do a "clean install". Don't use the "supposedly clean back up"!! It's obviously not as "clean" as you think.
My System SpecsSystem Spec
10 Mar 2012   #9

MS Windows 7 Home Premium 64-bit SP1
 
 

Dear kiwipoppy,
I agree with @jacee! Follow this tutorial and select the CLEAN ALL DISKPART COMMAND(8 IN THE LIST) option in it, which makes a thorough job of it(scrubbing the Hard disk). It will take hours,but it's worth the wait as MBR Rootkits stick like glue to the HDD! That's why jacee said a "clean reinstall" just won't be enough!

Disk - Clean and Clean All with Diskpart Command

regards and best wishes,
sreedhav
My System SpecsSystem Spec
10 Mar 2012   #10

win 7 home prem 64 bit
 
 

Thanks to both of you,backup contains all my photos and graphics files,so not using it is not an option,no point having computer without them!
Am definitely not confident doing disk clean,can barely understand difference between,drives,volumes,disks etc,hehe
I know I have a hidden "X" partition or drive that only appears when I attempt a system repair
Cmd prompt is headed X:\windows,is that normal?
"X" has its own users and owners e.g LSASetupDomain,and cannot be altered
Diskpart(run on normal c drive) shows my setup as follows
Disk 0 online 465gb 0 B
Then disks 1 2 3 4 all no media 0B and under free 0B
Have some more questions,can I continue here,or should I start a new thread
All to do with security,and access,and using commands
Help so far much appreciated,all knowledge good,even if problems can't be fixed,never thought it would be easy!
My System SpecsSystem Spec
Reply

 More Firewall Issues




Thread Tools



Similar help and support threads for: More Firewall Issues
Thread Forum
Huge issues with Windows Installer, Backup, Firewall and services Performance & Maintenance
File sharing frustration, Can't connect to share, firewall issues. Network & Sharing
Firewall issues? System Security
Windows Personal Firewall service and Mcafee firewall not turning on System Security
Firewall issues System Security
3rd Party Firewall Causing Issues With Sharing Control Network & Sharing
AVG Firewall caused issues with homegroups/sharing Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:59 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33