Solved Unable to start Windows Firewall

[Zymus]

I did a clean install of Windows 7 Professional x64. I installed all the usual programs (Microsoft Security Essentials, Firefox, etc).

In under a day, I was infected with a virus (the Win 7 Antivirus 2012). I believe it was a false "Update Adobe Flash Player" window that did it.

I removed it with the help of this guide, however I believe that more damage has been done, as I am unable to start the Windows Firewall (it was on before the infection).

When I try to start it via the Control Panel, it says

Windows Firewall can't change some of your settings.
Error code 0x80070424

I used Google to find more information about this error, and the suggestions did not work. The most common set of instructions were these.

I downloaded many Malware scanners (ones provided by Microsoft, and some from third-party locations), and all of them came up negative.

I was then told to start the services manually. This involved starting the Service manager, scroll to Windows Firewall, and restart it. However, in my Service window, I didn't have a Windows Firewall service, a Base Filtering Engine service, or a Firewall Client Agent service. This didn't change anything, as I was still unable to start the Firewall.

Then, I tried starting the dependent services manually. That is, to go into the command prompt, and enter the following commands

sc config MpsSvc start= auto
sc config KeyIso start= auto
sc config BFE start= auto
sc config FwcAgent start= auto
net stop MpsSvc 
net start MpsSvc 
net stop KeyIso 
net start KeyIso 
net stop BFE 
net start BFE 
net stop FwcAgent 
net start FwcAgent
pause

This resulted in the following errors

C:\Windows\system32>sc config MpsSvc start= auto
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


C:\Windows\system32>sc config KeyIso start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Windows\system32>sc config BFE start= auto
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


C:\Windows\system32>sc config FwcAgent start= auto
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


C:\Windows\system32>net stop MpsSvc
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net start MpsSvc
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net stop KeyIso
The CNG Key Isolation service is stopping.
The CNG Key Isolation service was stopped successfully.


C:\Windows\system32>net start KeyIso
The CNG Key Isolation service is starting.
The CNG Key Isolation service was started successfully.


C:\Windows\system32>net stop BFE
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net start BFE
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net stop FwcAgent
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net start FwcAgent
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>pause
Press any key to continue . . .

I have also tried repeating all these steps in Safe Mode, and Safe Mode with a clean boot to no avail. I have also tried repairing the install, with different Windows CDs, and they all said that there was nothing wrong.

If anyone has any information on how to fix these problems, I would greatly appreciate it.

 

[Jacee]

Try the commands listed here:
Error code 0x80070422 Can't turn on firewall - Microsoft Answers

This may be a problem with Bits or if you are connected to a Domain

 

[Zymus]

Doing the steps in the link you posted resulted in the following errors

C:\Windows\system32>sc config wuauserv start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Windows\system32>sc config bits start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Windows\system32>sc config DcomLaunch start= auto
[SC] OpenService FAILED 5:

Access is denied.


C:\Windows\system32>net stop wuauserv
The Windows Update service is stopping.
The Windows Update service was stopped successfully.


C:\Windows\system32>net start wuauserv
The Windows Update service is starting.
The Windows Update service was started successfully.


C:\Windows\system32>net stop bits
The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.


C:\Windows\system32>net start bits
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.


C:\Windows\system32>net start DcomLaunch
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


C:\Windows\system32>pause
Press any key to continue . . .

I am still unable to start the Firewall, and the services still aren't showing up in the Service window.

 

[Jacee]

Did you do the 'clean' install after you were infected, or before you got infected? I'm not clear on this.

 

[Zymus]

Did you do the 'clean' install after you were infected, or before you got infected? I'm not clear on this.

By "clean" install, I mean that I wiped the hard drive, and reinstalled windows.

Originally, I had Windows 7 and Debian on one hard drive. I rarely used Debian, and my younger brother was using the computer, and so I thought that I might as well have only Windows on the hard drive. I was infected (with the Win7 Antivirus 2012 virus), and so decided that it was as good a time as any to do a clean install.

After reinstalling Windows 7, I installed the usual programs, had the Adobe Flash Updater show up twice, and after that I was infected.

So basically
Clean -> Infected -> Reinstall -> Clean -> Infected

 

[Jacee]

Download Security Check by screen317 from
http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Right click SecurityCheck.exe (to run as Administrator) and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Zymus]

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````


Also, it was suggested in another thread to download malwarebytes and run a full scan. It reported my computer was clean.

 

[Jacee]

See if the netsh advfirewall firewall command works:
How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista

 

[Zymus]

I tried doing

netsh advfirewall firewall set opmode ENABLE

And it said that opmode wasn't a valid argument.

 

[Corrine]

Hi, Zymus.

See if the instructions at Error message 0x80070424 when you use Windows Update or Microsoft Update Web sites to install updates work. Let us know how you make out.

 

[Zymus]

Hi, Zymus.

See if the instructions at Error message 0x80070424 when you use Windows Update or Microsoft Update Web sites to install updates work. Let us know how you make out.

It did bring up some updates that weren't previously shown, but I am still getting the error.

 

[Jacee]

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.

 

[Balon]

Hello there, this will help you.

Hi there, my name is Balon and I am pretty sure I have the way to fix your problem.

IT IS SUGGESTED YOU BACKUP YOUR REGISTRY BEFORE PROCEEDING

Backing Up Your Registry

1. Go Here and download ERUNT
   (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
   (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
   (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
   (the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Registry Modifications



Download both the registry files

bfe.reg

firewall.reg

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

For further assistance contact me here, I will be checking this thread every few hours, this worked for me and it should work for you too.

 

[MCSmarties]

Thank you!

@Balon: Thank you, it worked!!

I was a bit nervous following your tip, but in the end I figured I had nothing to lose as I was about ready to reinstall anyway!

I'm still not quite sure what the .reg informations you provide exactly do, but my firewall is up and running again. I've tried many suggestions before that, yours is the only one that worked for me.

I registered on this forum solely so I could post this message!

REG file contents:

bfe.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE]
"DisplayName"="@%SystemRoot%\\system32\\bfe.dll,-1001"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\bfe.dll,-1002"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,66,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="BfeServiceMain"

firewall.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
"DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
"ObjectName"="NT Authority\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
65,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
"Collection"=hex:87,00,01,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security]
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\
00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\
0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00

 

[Zymus]

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Zymus at 21:38:45 on 2011-12-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8190.6776 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdecoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe
C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Zymus\AppData\Local\Apps\2.0\YXDXMO2Q.ENR\49XGNZ6Q.K49\curs..tion_eee711038731a406_0004.0000_2ad57790d5451048\CurseClient.exe
C:\Program Files (x86)\No-IP\DUC30.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\Users\Zymus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Zymus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NO-IPD~1.LNK - C:\Program Files (x86)\No-IP\DUC30.exe
StartupFolder: C:\Users\Zymus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{9735EF2A-D813-464D-A92C-6410984170C8} : DhcpNameServer = 68.87.69.150 68.87.85.102
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zymus\AppData\Roaming\Mozilla\Firefox\Profiles\ith252ts.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 lxde_device;lxde_device;C:\Windows\system32\lxdecoms.exe -service --> C:\Windows\system32\lxdecoms.exe -service [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdeserv.exe [2007-5-29 33712]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-6 2253120]
S2 Secunia Update Agent;Secunia Update Agent;"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service --> C:\Program Files (x86)\Secunia\PSI\sua.exe [?]
S3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\system32\drivers\CAHS164.sys --> C:\Windows\system32\drivers\CAHS164.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-15 09:35:08    69000    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD1C6DCF-DEAF-4035-99DB-4B86081EC7E2}\offreg.dll
2011-12-15 09:35:07    8822856    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD1C6DCF-DEAF-4035-99DB-4B86081EC7E2}\mpengine.dll
2011-12-15 00:34:17    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2011-12-15 00:34:16    3145216    ----a-w-    C:\Windows\System32\win32k.sys
2011-12-15 00:34:15    723456    ----a-w-    C:\Windows\System32\EncDec.dll
2011-12-15 00:34:15    534528    ----a-w-    C:\Windows\SysWow64\EncDec.dll
2011-12-15 00:34:12    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2011-12-15 00:34:12    2048    ----a-w-    C:\Windows\System32\tzres.dll
2011-12-14 16:22:14    --------    d-----w-    C:\Users\Zymus\AppData\Local\{AEA3F31A-4FFA-431F-A30E-6516373E036A}
2011-12-14 16:22:04    --------    d-----w-    C:\Users\Zymus\AppData\Local\{17CB4CE2-AC78-4403-A149-73002FC4B35F}
2011-12-13 20:15:38    --------    d-----w-    C:\Users\Zymus\AppData\Roaming\Malwarebytes
2011-12-13 20:15:15    --------    d-----w-    C:\ProgramData\Malwarebytes
2011-12-13 20:15:12    25416    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2011-12-13 20:15:12    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-13 04:17:36    --------    d-----w-    C:\Users\Zymus\AppData\Local\{7CA4A4AE-C6C6-4F93-832D-31696CA6B3D4}
2011-12-13 04:17:25    --------    d-----w-    C:\Users\Zymus\AppData\Local\{28C16A3C-A9B7-4839-8825-AF8F122AC1FD}
2011-12-12 09:26:51    --------    d-----w-    C:\Windows\System32\appmgmt
2011-12-12 09:22:00    --------    d-----w-    C:\Users\Zymus\AppData\Local\Secunia PSI
2011-12-12 09:21:54    --------    d-----w-    C:\Program Files (x86)\Secunia
2011-12-12 08:48:36    --------    d-----w-    C:\Users\Zymus\AppData\Local\{73997405-0101-45AE-9A0B-F35E2534B60B}
2011-12-12 08:06:03    --------    d-----w-    C:\Users\Zymus\AppData\Local\Diagnostics
2011-12-12 04:06:14    --------    d-----w-    C:\Users\Zymus\AppData\Roaming\X-Chat 2
2011-12-12 04:05:42    --------    d-----w-    C:\Program Files (x86)\X-Chat 2
2011-12-10 20:45:54    --------    d-----w-    C:\Users\Zymus\AppData\Local\{76BFF25A-68D1-4994-856D-7BBDCB051A78}
2011-12-10 20:45:44    --------    d-----w-    C:\Users\Zymus\AppData\Local\{AC859404-D0EF-4FF3-ADCB-E25C41E272F7}
2011-12-10 20:45:44    --------    d-----w-    C:\Users\Zymus\AppData\Local\{793C00A9-93A2-41A9-9287-B6A2D683A6C9}
2011-12-10 00:29:32    --------    d-----w-    C:\Users\Zymus\AppData\Local\ElevatedDiagnostics
2011-12-10 00:21:26    --------    d-----w-    C:\Users\Zymus\AppData\Local\Vitalwerks
2011-12-10 00:21:21    --------    d-----w-    C:\Program Files (x86)\No-IP
2011-12-09 21:21:18    --------    d-----w-    C:\Users\Zymus\AppData\Local\{64C20062-6E5A-445B-B7DE-534B29089419}
2011-12-09 21:21:08    --------    d-----w-    C:\Users\Zymus\AppData\Local\{DF44B589-F919-4B70-BC90-3B919A45FB1A}
2011-12-09 00:22:39    --------    d-----w-    C:\Users\Zymus\AppData\Local\{10C1847A-5269-4894-BB3E-8BA08B51F93D}
2011-12-09 00:22:29    --------    d-----w-    C:\Users\Zymus\AppData\Local\{968D589C-9E4B-4560-AEF6-86F2EEA10BFF}
2011-12-07 22:51:14    --------    d-sh--w-    C:\Users\Zymus\AppData\Local\1d5c0c79
2011-12-07 21:49:43    --------    d-----w-    C:\Users\Zymus\AppData\Local\{9D278FD4-C0A5-4C6F-A170-CAA8CCAF53EF}
2011-12-07 21:49:33    --------    d-----w-    C:\Users\Zymus\AppData\Local\{527BF1D7-742C-463A-9771-8D5703DEADC0}
2011-12-07 09:02:59    --------    d-----w-    C:\Program Files (x86)\Android
2011-12-07 08:46:08    --------    d-----w-    C:\Program Files (x86)\Eclipse
2011-12-07 08:31:13    --------    d-----w-    C:\Users\Zymus\android-sdks
2011-12-07 08:30:30    --------    d-----w-    C:\Users\Zymus\.android
2011-12-07 08:28:42    --------    d-----w-    C:\ProgramData\Lx_cats
2011-12-07 08:25:59    983107    ----a-w-    C:\Windows\SysWow64\lxdegf.dll
2011-12-07 07:22:10    --------    d-----w-    C:\Windows\SysWow64\Wat
2011-12-07 07:22:10    --------    d-----w-    C:\Windows\System32\Wat
2011-12-07 07:14:35    8822856    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-07 07:11:58    --------    d-----w-    C:\Windows\System32\SPReview
2011-12-07 07:11:49    --------    d-----w-    C:\Windows\System32\EventProviders
2011-12-07 07:10:43    1544192    ----a-w-    C:\Windows\System32\DWrite.dll
2011-12-07 07:10:43    1139200    ----a-w-    C:\Windows\System32\FntCache.dll
2011-12-07 07:10:43    1076736    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2011-12-07 07:10:42    902656    ----a-w-    C:\Windows\System32\d2d1.dll
2011-12-07 07:10:42    739840    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2011-12-07 07:07:59    297808    ----a-w-    C:\Windows\SysWow64\mscoree.dll
2011-12-07 07:06:59    90112    ----a-w-    C:\Windows\System32\nci.dll
2011-12-07 07:05:59    9728    ----a-w-    C:\Windows\SysWow64\sscore.dll
2011-12-07 07:04:21    529408    ----a-w-    C:\Windows\System32\wbemcomn.dll
2011-12-07 07:02:02    --------    d-----w-    C:\Users\Zymus\.m2
2011-12-07 07:00:31    --------    d-----w-    C:\Windows\PCHEALTH
2011-12-07 07:00:27    --------    d-----w-    C:\Users\Zymus\AppData\Local\Eclipse
2011-12-07 06:58:54    --------    d-----w-    C:\Users\Zymus\.eclipse
2011-12-07 06:55:57    --------    d-----r-    C:\Program Files (x86)\Skype
2011-12-07 06:52:55    --------    d-----w-    C:\Users\Zymus\AppData\Local\Apps
2011-12-07 06:52:54    --------    d-----w-    C:\Users\Zymus\AppData\Local\Deployment
2011-12-07 06:49:49    --------    d-----w-    C:\e96a5da4bc0b41984c65
2011-12-07 06:49:33    15712    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\5f2aa3041ccb4ac08\MeshBetaRemover.exe
2011-12-07 06:48:24    --------    d-----w-    C:\Users\Zymus\AppData\Local\Windows Live
2011-12-07 06:48:21    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2011-12-07 06:43:58    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2011-12-07 06:40:29    --------    d-----w-    C:\Users\Zymus\AppData\Roaming\OpenOffice.org
2011-12-07 06:37:09    --------    d-----w-    C:\Program Files (x86)\OpenOffice.org 3
2011-12-07 06:36:37    472808    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2011-12-07 06:28:30    --------    d-----w-    C:\NVIDIA
2011-12-07 06:07:35    --------    d-----w-    C:\Users\Zymus\AppData\Local\Adobe
2011-12-07 06:07:06    --------    d-----w-    C:\Users\Zymus\AppData\Local\Solid State Networks
2011-12-07 06:03:41    414368    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-07 06:00:59    627600    ----a-w-    C:\Windows\System32\deployJava1.dll
2011-12-07 05:55:36    --------    d-----w-    C:\Program Files (x86)\BitTorrent
2011-12-07 05:53:54    421888    ----a-w-    C:\Windows\System32\KernelBase.dll
2011-12-07 05:47:07    976896    ----a-w-    C:\Windows\System32\inetcomm.dll
2011-12-07 05:47:07    741376    ----a-w-    C:\Windows\SysWow64\inetcomm.dll
2011-12-07 05:47:06    974336    ----a-w-    C:\Windows\System32\WFS.exe
2011-12-07 05:47:06    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2011-12-07 05:47:03    90624    ----a-w-    C:\Windows\System32\drivers\bowser.sys
2011-12-07 05:47:02    5561216    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2011-12-07 05:47:01    3967872    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2011-12-07 05:47:01    3912576    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2011-12-07 05:46:55    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2011-12-07 05:46:55    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2011-12-07 05:46:55    331776    ----a-w-    C:\Windows\System32\oleacc.dll
2011-12-07 05:46:55    233472    ----a-w-    C:\Windows\SysWow64\oleacc.dll
2011-12-07 05:37:19    917840    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9207E304-0BC2-473E-8DF1-73061BBFB194}\gapaengine.dll
2011-12-07 05:37:09    270720    ------w-    C:\Windows\System32\MpSigStub.exe
2011-12-07 05:36:04    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2011-12-07 05:35:57    --------    d-sh--w-    C:\Windows\Installer
2011-12-07 05:35:57    --------    d-----w-    C:\Program Files\Microsoft Security Client
2011-12-07 05:33:58    --------    d-----w-    C:\Program Files\NVIDIA Corporation
2011-12-07 05:31:02    --------    d-----w-    C:\Users\Zymus\AppData\Local\VirtualStore
2011-12-07 05:22:08    --------    d-----w-    C:\Windows\Panther
2011-11-25 06:23:32    203320    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2011-11-25 06:23:28    98616    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
.
==================== Find3M  ====================
.
2011-12-07 07:31:40    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2011-12-07 07:31:39    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2011-11-04 01:53:39    2309120    ----a-w-    C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47    1390080    ----a-w-    C:\Windows\System32\wininet.dll
2011-11-04 01:44:21    1493504    ----a-w-    C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42    1798144    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21    1427456    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47    1127424    ----a-w-    C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2011-10-15 08:54:52    321856    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2011-09-29 16:29:28    1923952    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 21:39:36.83 ===============

Attach:

EDIT: @Balon: As stated in the first post

I don't have a Windows Firewall service, a Base Filtering Engine service, or a Firewall Client Agent service.

Even after applying your registry changes.

EDIT: After updating and restarting a second time, the Windows Firewall, and Base Filtering Engine are now in the Services window, and the firewall is working. With that, I thank you.

 

[Balon]

reply

no problem buddy! if you need anymore help let me know or one of these nice people here im sure any of us can assist you.

 

[Tugotti]

Balon,

I have tried your fix. the windows firewall services shows up again, but i cant start the services says "Error 1068: The dependency services or group failed to start" any suggestion?

Thanks,
Tugotti

Hi there, my name is Balon and I am pretty sure I have the way to fix your problem.

IT IS SUGGESTED YOU BACKUP YOUR REGISTRY BEFORE PROCEEDING

Backing Up Your Registry

1. Go Here and download ERUNT
   (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
   (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
   (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
   (the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Registry Modifications



Download both the registry files

bfe.reg

firewall.reg

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

For further assistance contact me here, I will be checking this thread every few hours, this worked for me and it should work for you too.

 

[Balon]

Refer to post below

 

[Balon]

Balon,

I have tried your fix. the windows firewall services shows up again, but i cant start the services says "Error 1068: The dependency services or group failed to start" any suggestion?

Thanks,
Tugotti

• Click Start, Run and type Services.msc
• Right-click the Network Connections entry
• Set its Startup type to Manual
• Click Start to start the service
• Right-click Windows Management Instrumentation
• Set its Startup type to Automatic
• Click Start to start the service.

Then start the BFE service first then the Windows Firewall service. Now tell me if you are able to access your firewall?

 

[Tugotti]

Thanks Balon,
I will give it a try. I'll report back when i try it.

Tugotti

Balon,

I have tried your fix. the windows firewall services shows up again, but i cant start the services says "Error 1068: The dependency services or group failed to start" any suggestion?

Thanks,
Tugotti

• Click Start, Run and type Services.msc
• Right-click the Network Connections entry
• Set its Startup type to Manual
• Click Start to start the service
• Right-click Windows Management Instrumentation
• Set its Startup type to Automatic
• Click Start to start the service.

Then start the BFE service first then the Windows Firewall service. Now tell me if you are able to access your firewall?