Can't start Windows Firewall service.

[NathanH92]

When I try to turn it back on by using the "recommended settings" I get this:

And when I try and start the service:

I have these already running:
CNG Key Isolation (KeyIso)
Base Filtering Engine (BFE)
and can't find
Firewall Client Agent (FwcAgent)

I found on many pages I should try and run these commands in CMD:

sc config MpsSvc start= auto
sc config KeyIso start= auto
sc config BFE start= auto
sc config FwcAgent start= auto
net stop MpsSvc 
net start MpsSvc 
net stop KeyIso 
net start KeyIso 
net stop BFE 
net start BFE 
net stop FwcAgent 
net start FwcAgent
pause

When I get to

sc config FwcAgent start= auto

It says:

 

[cottonball]

NathanH92,

At some point, has the system been infected with malware?


Please do the following:


:info:
Please go to the Farbar Recovery Scan Tool Download
Select the 64-bit version.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.


Press the Scan button.


FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).


Please provide the FRST.txt in your reply. <<---

The first time the tool is run, it also makes another log: Addition.txt
Also post the: Addition.txt in your reply. <<---




:info:
Next, download Farbar Service Scanner


Save to the Desktop

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press: Scan
• FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply.

 

[NathanH92]

Thanks for the reply. I'm very confident that it hasn't ever been infected. However I believe a far more likely explanation is that I uninstalled it using Revo uninstaller or something, thinking that I wouldn't need it as I have another AntiVirus software.

Here are the FRST files:

1st: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-06-2013 R - Pastebin.com
2nd: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-06-2013 R - Pastebin.com

FSS file: Farbar Service Scanner Version: 31-05-2013 01 Ran by Nath (administrator) on 08 - Pastebin.com

Thanks.

 

[Jacee]

I see you have Kaspersky PURE 3.0 ... this has a firewall protection and it's possibly turning Windows Firewall off. You don't want to have two firewalls running.

 

[NathanH92]

I see you have Kaspersky PURE 3.0 ... this has a firewall protection and it's possibly turning Windows Firewall off. You don't want to have two firewalls running.

So what should I do? Uninstall it? Even when I shut it down so its not running, I still can't start the service or use the "Recommended settings"

 

[Jacee]

Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.spywareinfoforum.org/
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

 

[NathanH92]

Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.spywareinfoforum.org/
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Kaspersky PURE 3.0
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
Mozilla Thunderbird (17.0.6)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 32% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[Jacee]

Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files. (It will appear as if it's not doing anything, leave it alone)
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

[NathanH92]

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\taglibraries\html\keygen.vtm
c:\program files (x86)\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files (x86)\six networks\play withsix\tools\bin\ssh-keygen.exe
c:\windows\kmsemulator.exe
hosts 127.0.0.1 lm.licenses.adobe.com 
hosts  127.0.0.1 practivate.adobe.com 
hosts  127.0.0.1 ereg.adobe.com 
hosts  127.0.0.1 activate.wip3.adobe.com 
hosts  127.0.0.1 wip3.adobe.com 
hosts  127.0.0.1 3dns-3.adobe.com 
hosts  127.0.0.1 3dns-2.adobe.com 
hosts  127.0.0.1 adobe-dns.adobe.com 
hosts  127.0.0.1 adobe-dns-2.adobe.com 
hosts  127.0.0.1 adobe-dns-3.adobe.com 
hosts  127.0.0.1 ereg.wip3.adobe.com 
hosts  127.0.0.1 activate-sea.adobe.com 
hosts  127.0.0.1 wwis-dubc1-vip60.adobe.com 
hosts  127.0.0.1 activate-sjc0.adobe.com 
hosts  127.0.0.1 adobe.activate.com 
hosts  127.0.0.1 hl2rcv.adobe.com 
hosts  127.0.0.1 209.34.83.73:443 
hosts  127.0.0.1 209.34.83.73:43 
hosts  127.0.0.1 209.34.83.73 
hosts  127.0.0.1 209.34.83.67:443 
hosts  127.0.0.1 209.34.83.67:43 
hosts  127.0.0.1 209.34.83.67 
hosts  127.0.0.1 ood.opsource.net 
hosts  127.0.0.1 199.7.52.190:80 
hosts  127.0.0.1 199.7.52.190 
hosts  127.0.0.1 adobeereg.com 
hosts  127.0.0.1 ocsp.spo1.verisign.com 
hosts  127.0.0.1 199.7.54.72:80 
hosts  127.0.0.1 199.7.54.7
scanner sequence 3.ZZ.11.NDNAML
 ----- EOF -----

 

[Jacee]

c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\taglibraries\html\keygen.vtm
c:\program files (x86)\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files (x86)\six networks\play withsix\tools\bin\ssh-keygen.exe
c:\windows\kmsemulator.exe

There's your trouble

 

[Layback Bear]

Very good find Jacee.

What is keygen.exe file? - Yahoo! Answers

 

[NathanH92]

c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\taglibraries\html\keygen.vtm
c:\program files (x86)\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files (x86)\six networks\play withsix\tools\bin\ssh-keygen.exe
c:\windows\kmsemulator.exe

There's your trouble

Oh ok, so what am I supposed to do?

Uninstall/delete DreamWeaver, jDownloader, Play WithSix and kmsemulator.exe ??? Or are they viruses or something?

 

[Jacee]

It's really important, if you value your PC at all, to stay away from P2P file sharing programs,
like utorrent, Bittorrent, Azureus, Limewire, Vuze.

Theives have "planted" thousands upon thousands of infections in the "free" shared files.
Some of the recent infections can turn your machine into a doorstop.

It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs.

So called "free" (not paid for) files are loaded with "planted" malware. So, basically you have helped yourself to free malware

 

[VistaKing]

NathanH92

LOL you don't have to worry about Limewire . That P2P program is gone .

 

[cottonball]

Kaspersky Pure may be the culprit here. It does disable the Windows Firewall.

If you want to uninstall the program you paid for, and re-enable the Windows Firewall, it is up to you.
http://support.kaspersky.com/common/service.aspx?el=1464
Would check to see if you can re-install Kaspersky Pure after the Windows Firewall is functional again. However, once you re-install Kaspersky, the Windows Firewall will be disabled again!!
You will be back to where you started.

If you feel you need to pursue the issue further, there is a Repair Windows Firewall utility that you can download:
Repair Windows Firewall
Save to the Desktop
Double-click to run it.

When done, check the Windows Firewall, and see if it runs.

 

[VistaKing]

If you want you may disable the Firewall inside Kaspersky Pure 3.0

Click on the rb: inside

type Kaspersky PURE 3.0 and press [ENTER]

Inside Kaspersky PURE 3.0 in the top right corner of the main window click on the Settings .
In the top part of the Settings window go to the Protection tab and select Firewall.
In the right part of the window uncheck the Enable Firewall box.
In the Settings window click the OK button.
Close the program .

 

[Jacee]

Well, we have more than 20 files that are either cracked or keygens.

My guess would be that Kaspersky PURE 3.0 is also one of them. If you paid for this program, then follow the above instructions.

 

[hexaq]

It's really important, if you value your PC at all, to stay away from P2P file sharing programs,
like utorrent, Bittorrent, Azureus, Limewire, Vuze.

Theives have "planted" thousands upon thousands of infections in the "free" shared files.
Some of the recent infections can turn your machine into a doorstop.

It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs.

So called "free" (not paid for) files are loaded with "planted" malware. So, basically you have helped yourself to free malware

Just a distinction on the torrent/P2P programs mentioned above, using them does not automatically give you viruses and malware. However, using them to download and install 'free' versions of paid programs is asking for trouble.

The same 'free' program can come from a USB drive brought from a friend's PC, in a attachment on a email, various download sites from the internet...etc...etc.

Is the difference between the tool and the action. The P2P program is like the kitchen knife, the cook and the deranged psycho both use it, but the end result is different. Don't be the psycho.

 

[NathanH92]

Kaspersky Pure may be the culprit here. It does disable the Windows Firewall.

If you want to uninstall the program you paid for, and re-enable the Windows Firewall, it is up to you.
Service articles
Would check to see if you can re-install Kaspersky Pure after the Windows Firewall is functional again. However, once you re-install Kaspersky, the Windows Firewall will be disabled again!!
You will be back to where you started.

If you feel you need to pursue the issue further, there is a Repair Windows Firewall utility that you can download:
Repair Windows Firewall
Save to the Desktop
Double-click to run it.

When done, check the Windows Firewall, and see if it runs.

I don't think it is the issue, I backed up my PC and completely removed it ot see if it would bring it back and it didnt.

Well, we have more than 20 files that are either cracked or keygens.

My guess would be that Kaspersky PURE 3.0 is also one of them. If you paid for this program, then follow the above instructions.

Actually Kaspersky PURE 3.0 is paid for and has a serial.



I am now thinking of just backing up again and doing a fresh install, reinstalling PURE 3.0 to see if that is the issue.

My PC could probs do with a fresh install to remove all the cr*p that has been put on it over the years.

EDIT: If I were to do this, my biggest worry is re-installing Windows 7 and Office 2010 (both which have paid for product keys from my uni DreamSpark account) that they will show as invalid if I try to install again using them.

Is there a way I can like backup the verification files so I can just restore them after a new install?

 

[Jacee]

See if you can find the keys to these using Belarc Advisor. Print out the full report .... you may need it someday!
http://www.belarc.com/free_download.html
Be sure to *NOTE* the keys for re-installation.