Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Windows Firewall + Defender Services deactivated from system, no hangs

25 Feb 2013   #1

Windows 7 Ultimate x64
Windows Firewall + Defender Services deactivated from system, no hangs

hi guys,

just last week i noticed that on my win 7 laptop, i could not switch on "network discovery" & "file and printer sharing", after further analysis, windows firewall and windows defender services have gone completely from the services list (services.msc) and that made me wonder that i got some sort of spyware/malware on my system.

after doing a bit of cleaning/fixing, i managed to restore network discovery, file sharing, firewall and defender services, ran a few scans and eventually found a trojan (actually defender found it!!) and another threat in a keygen file i found on my PC and i deleted everything, the PC however has been working perfectly, i never had any BSOD or strange hangs, redirects etc etc.

i ran the sfc /scannow and finished OK although it found a few corrupt files that i couldn't fix in any way, nothing seems to affect the pc in though.

now, since something obviously happened i changed the password of my machine but i was wondering:

- would it be best to format the machine and install win7 fresh?
- is there a list of "dangerous ports" so that i can check if there's still someone listening where they shouldn't?

thanks a lot

My System SpecsSystem Spec
25 Feb 2013   #2

Windows 7 Home Premium


Let's see what your system shows with the following short scan...

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version for your system: 64-bit (button with x64)
Click the applicable dark-blue button to download.
Save to the Desktop.

Close all windows and browsers.
Right-click the downloaded file and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished)

Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

Also, download Farbar Service Scanner

Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
My System SpecsSystem Spec
25 Feb 2013   #3

Windows 7 Ultimate x64

hi there,

i have attached the reports, please have a look and thanks a lot for the help! i haven't applied any action, but it seems i have this "Zeroaccess" infection...when you exit RogueKillerX64 he is asking to delete files, shall i go for it?


Attached Files
File Type: txt RKreport[1]_S_02252013_02d2125.txt (3.4 KB, 3 views)
File Type: txt FSS.txt (2.2 KB, 3 views)
My System SpecsSystem Spec

25 Feb 2013   #4

Windows 7 Home Premium

Please run RogueKiller once again:
Wait until Prescan finishes
(The Status box shows: PreScan Finished )

Click on: Delete

Wait until the Status box shows: Deleting Finished

Click on Report and provide the content of the new Rkreport (Mode: Remove) in your reply.
My System SpecsSystem Spec
26 Feb 2013   #5

Windows 7 Ultimate x64

hi Cottonball,

i had to run another scan to get the "delete" button to work, anyway, please have a look at the 2 files, number 4 is the report after the deletion, then i restarted and ran it again, hence another report, 5. seems clean now!

good idea to change win 7 password again now yeah?


Attached Files
File Type: txt RKreport[4]_D_02262013_02d0813.txt (3.6 KB, 3 views)
File Type: txt RKreport[5]_S_02262013_02d0818.txt (2.7 KB, 2 views)
My System SpecsSystem Spec
26 Feb 2013   #6

Windows 7 Home Premium

Let's take an additional step...

Please download Malwarebytes Anti-Rootkit:
Malwarebytes : Malwarebytes Anti-Rootkit
Save to the Desktop (easy to find)

Right-click the file and select: Extract here...

Follow ithe Usage instructions on the website from Step 3 to Step 7.
For now, please stop at Step 7.

When the program is done, two reports are created in the mbar folder:
1. system-log.txt
2. mbar-log-2013-02-18 (20-13-32).txt (corresponds to mbar-log-year-month-day (hour-minute-second).txt)

Please provide the mbar-log containing information on what was detected and removed.
My System SpecsSystem Spec
26 Feb 2013   #7

Windows 7 Ultimate x64

quite shockingly, mbar found something and then cleaned it, then restarted and no more infection...

please see attached files, one is pre infection and one after with the cleaning done..

seriously, do you think that it's safe to run the system moving forward or a good old format would be best? i am thinking we're playing cat and mouse here....

thanks a lot!!!

Attached Files
File Type: txt mbar-log-2013-02-26 (15-08-28).txt (2.2 KB, 4 views)
File Type: txt mbar-log-2013-02-26 (16-05-08).txt (1.6 KB, 3 views)
My System SpecsSystem Spec
26 Feb 2013   #8

Windows 7 Home Premium


Have read different opinions on removing, or not removing Rootkits.
There are quite a number of forums that deal with Rootkits on a daily basis, successfully! The option to reformat is always there, but, there seem to be more Users cleaning the computer (with assistance from the forums) than doing a wipe and clean install.

There are tools available to remove Rootkits that do a great job, and experts agree that more than one should be used to confirm removal.

Bottom line appears to be that it is up to you whether to clean the computer, or do a total wipe and clean install.

My goal is to clean the infection using tools that target the issue.

If you wish to proceed, let's do the following...

Please download the latest version of TDSSKiller:
Save to the Desktop. <<<---

Right-click the file and select: Run as Administrator

In the TDSSKiller console, click on: Change parameters
Check the box besides: Detect TDLFS file system
Click: OK

Press the button: Start Scan

When the scan is over, the tool outputs a list of detected objects: (Malicious or Suspicious)
  • If suspicious entries are detected, the default action is Skip. Click on: Continue
  • If malicious objects are found, they show in the Scan results.
  • Ensure Cure (default) is selected, then click: Continue > Reboot now to finish the cleaning process.
  • If Cure is not available, select: Skip
  • Please, do not select: Delete
By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system,
normally C:\).

Logs have a name like:

Please post the TDSSKiller log in your reply.

If you wish to think this over, or reformat, that is fine also! :)
My System SpecsSystem Spec
27 Feb 2013   #9

Windows 7 Ultimate x64

hi Cotton,

once again, thanks for your patience, i just scanned with tdsskiller and reports shows "no threats found" therefore no correction action was presented....attached report..

now it seems all clear, only thing left was few corrupt files that sfc /scannow found which i mentioned at the beginning (but i can live with that if there's no issue), the first one was "iassdo.dll.mui" corrupted, i ran the same on my other desktop pc (same OS) and same error came up, plus seems many users have that error.

i searched a bit and it seemed to be the language pack files C:\Windows\System32\en-US so i tried to replace that folder from the win7 dvd but without success and it seems i cannot reinstall the language pack files either since is the main language of the system.

that being said, i don't have any hangs or weird things and PC is actually fast so we could leave it like it is...


Attached Files
File Type: txt TDSSKiller. (142.1 KB, 3 views)
My System SpecsSystem Spec
27 Feb 2013   #10

Windows 7 Home Premium


On theiassdo.dll.mui issue...

Looked at a few places, and the only success stories found involved a Repair Install of Windows:
Repair Install

Don't know if you want to go that route or not.

On the malware, use the computer for a week or two, and if you experience any problems, come back and we will take it from there.

Good luck, gabrio!
My System SpecsSystem Spec

 Windows Firewall + Defender Services deactivated from system, no hangs

Thread Tools

Similar help and support threads
Thread Forum
Windows Firewall missing from Services Menu and Error 0x80070424
Hello, Two days ago there was a virus on my computer, and I called Microsoft to remove it. But ever since then, I have noticed that my McAfee Verizon Internet security Suite Firewall does not stay on. It may appear on in the home window, but when you want to go into firewall settings, it...
System Security
Huge issues with Windows Installer, Backup, Firewall and services
Hi, (This is my first post on these forums, tried Tom's Hardware countless times but have got no where) Please be patient as this is a huge post :p Around October last year I built my first PC (I'm 17) and was chuffed to finally fit the final piece of the puzzle, i.e. installing Windows. I...
Performance & Maintenance
Windows Firewall and Defender missing files
Hello :( After being a victim of a virus that shut down kaspersky and windows firewall I started to have this problem. The Virus is gone now after using Malwarebytes and Ad-Aware and installing the last version of kaspersky internet security 2012. My problem now whenever I need to start...
System Security
Are Windows Defender and Firewall good/sufficient?
I use Avast home for viruses. Is Defender a good spyware program? Is Windows Firewall sufficient to keep out intruders?
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 13:48.
Twitter Facebook Google+