Group policy grayed out, firewall off

cottonball · 17 Jan 2013

Thank you for the info, MavMin.

You are working onn your son's laptop, and I am not sure whether it is Windows 7, or what it is.
Don't know if the info that shows under your name is your computer, or your son's.

Can you please post the heading for FSS, and xxx out any personal info/name, if you like. It provides some details that are important.
Example (from mine):

Farbar Service Scanner Version: 16-01-2013
Ran by xxxxx (administrator) on 17-01-2013 at 16:30:31
Running from "C:\Users\xxxxx\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal

Just want to make sure I post the right fix for your son's system

Thanks!

MavMin · 17 Jan 2013

The FarBar was run on my son's PC so that inof is correct. I also have a Toshiba with the same specs.

cottonball · 17 Jan 2013

Since we are making some significant changes, please create new Restore Point before proceeding, per instructions following:

Windows Seven:
http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Next, download Seven.zip:
http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/

To unzip the file, right-click and select: Extract all

There are several files inside the folder...

Double click on MpsSvc.reg file, and confirm the prompt.
Double click on bfe.reg file, and confirm the prompt.
Double click on windefend.reg file, and confirm the prompt.

Restart computer.

Please run Farbar Service Scanner once again, and post the entire log.

MavMin · 17 Jan 2013

Farbar Service Scanner Version: 16-01-2013

Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

MavMin · 17 Jan 2013

All said they were added to the registry. but nothing changed. ;-(

cottonball · 17 Jan 2013

Please open the Run prompt (Windows key + R) and type: regedit
Click: OK
The Registry Editor opens...

Navigate to the following Registry key by clicking on the > to the left of each item:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on BFE and select: Permissions

Click on Add, and type: Everyone
Click: OK

Now Click on: Everyone

In Permission for Users, select Full Control in the Allow box, and click: OK

Do the same as above for the following Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc

Go back to Start > Run (Windows key + R), type cmd and click: OK

In the Open area, type:
net start mpssvc
Press: Enter

Next, type:
net start bfe
Press: Enter

Please run and post new FSS log.

cottonball · 18 Jan 2013

Here is an alternative, if the above does not work...
　
Please download: Windows Repair (All In One)
Save to the Desktop

Right-click the tweaking.com program icon on the Desktop, and select 'Run as Administrator'
Click: Next at the Setup, and follow the prompts.

At the program's console...

Go to the Step 4 tab, and, under System Restore click on: Create

Wait for the Restore Point to be created. Press: Next

Go to the Start Repairs tab, and click: Start

In the next prompt, press: Unselect all
(The items seen in the image below are checked by default, and you do not want all of them.)

Under Repair Options (on the left side) only check/select:
Register System Files
Repair WMI
Repair Windows Firewall.
Remove Policies Set by Infection

On the right side, check: Restart/Shutdown system when finished
Press: Start

　
After restarting the computer, please run: Farbar Service Scanner once again.
Check all the options.
Press: Scan

Please provide the new Farbar Service Scan report in your reply.

MavMin · 18 Jan 2013

Unfortunately, the net start commands resulted in access denied. Running Tweaking now. Thanks for everyone's help. This is very exasperating!

cottonball · 18 Jan 2013

The Repair Windows Firewall option should restore the Registry keys for the BFE and MPSSVC services, as well as the Shared Access service.

Let's hope it works.

If not, still have another approach we can try.

MavMin · 18 Jan 2013

Still the group policy error!

Farbar Service Scanner Version: 16-01-2013
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****