Jump to content



Photo

Windows Firewall Won't Start; Missing Service

win7

  • Please log in to reply
21 replies to this topic

#1 Reacon

Reacon

    [VGW] Woohoo!

  • Joined: 12-May 08
  • Location: Katabatic
  • OS: Win 7 & Slackware

Posted 04 January 2012 - 00:32

So a day ago I discovered that Windows Firewall was completely missing from my computer when trying to install Tinywall, for reasons completely unknown to me. I remember Firewall prompting me with new programs less than a few weeks ago. Nothing really occurred to me since it's rare unless I install a new game.


I get this when I try to enable it through control panel by hitting "Use Recommended Settings".
Posted Image


I've googled around and everyone seems to suggest that I have a virus. I am 100% certain that I do not have a virus. I am very mature in the way I use the internet, and all my software is constantly up to date. Java is version 7, Firefox is 9.0.1, etc. On top of it, I scanned with MSE (which I also have running real time protection), SuperAntiSpyware, and Malwarebytes. Each of them did a full scan and came up with nothing more than a few isolated false positive trojans in my downloads folder, which I went ahead and deleted anyway since I no longer needed them.

What I am thinking is that possibly TuneUp Utilities did this on accident, but trying to enable it through TuneUp yeilded similar results.

Moreover, the weirdest part is the WIndows Firewall service is completely missing from services.msc.

I would very much like to have a firewall, but I do not want to reinstall Windows for that, as it may cause complications with my boot loader and reinstalling everything would take months of redownloading installers and such.

Can anyone tell me how I would go about reinstalling this Windows feature?


#2 wahoospa

wahoospa

    Neowinian

  • Joined: 05-July 07
  • Location: South Carolina

Posted 04 January 2012 - 00:46

I've seen that error several times recently on different machines. Usually after removing spyware/virus programs.
I think I diid the following in the command prompt one at a Time: (press enter to execute file) (Might have to run command prompt as admin(?))
regsvr32 wwapi.dll press 'enter' etc.
regsvr32 wuaueng.dll
regsvr32 wuaueng11.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuweb32.dll

Next time you might want to run "rkill'' to stop running processes before running malwarebytes.

#3 Farstrider

Farstrider

    The Clash

  • Joined: 16-March 03
  • Location: Somerset West, Cape Town, SA
  • OS: Arch Linux

Posted 04 January 2012 - 00:53

I am not sure if you've tried this yet!

You can start the following services manually:

Windows Firewall (MpsSvc)
CNG Key Isolation (KeyIso)
Base Filtering Engine (BFE)
Firewall Client Agent (FwcAgent)

To do this, follow the steps below:
Click Start, type Notepad in the Start Search box (Windows Vista) or the Search programs and files box (Windows 7), and then click Notepad in the programs list.

Highlight the following text, right click the highlighted text, and then click Copy. Go to Notepad, right click anywhere in the Notepad window, and then click Paste.


sc config MpsSvc start= auto

sc config KeyIso start= auto

sc config BFE start= auto

sc config FwcAgent start= auto

net stop MpsSvc

net start MpsSvc

net stop KeyIso

net start KeyIso

net stop BFE

net start BFE

net stop FwcAgent

net start FwcAgent



Click File, click Save As, and then type Repair.bat in the File name box.

Click the Save as type dropdown, then click All Files (*.*).

In the left window pane, click Desktop, and then click Save.

On the File menu, click Exit.

From your Desktop, right click the Repair.bat file that you saved in step 5, and then click Run as administrator. This action starts the required services.
Note If you are prompted for confirmation, click Yes.

Try to start the Windows Firewall again. If you can start Windows Firewall, delete the Repair.bat file. To delete the Repair.bat file, right-click Repair.bat, click Delete, and then click Yes.

#4 Farstrider

Farstrider

    The Clash

  • Joined: 16-March 03
  • Location: Somerset West, Cape Town, SA
  • OS: Arch Linux

Posted 04 January 2012 - 01:05

You can also try this:

download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Then: Check your log file for missing entries.
Following steps involve registry editing. Please create new restore point before proceeding!!!

Download Seven.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file.
You'll find several files inside.
As an example do the following:

Right click on bfe.reg file, click "Merge".
Allow registry merge.
Right click on mpssvc.reg file, click "Merge".
Allow registry merge.

Restart computer.

Click Start and in "Start search" type in:
regedit
Press Enter.

Registry editor will open.

Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Alow" in "Full control" row.
Click OK.

In a set of files you downloaded in previous step find start_services.bat.
Double click on it to run the fix.

Check on firewall issue and check new FSS log.

Hope that this helps!

#5 OP Reacon

Reacon

    [VGW] Woohoo!

  • Joined: 12-May 08
  • Location: Katabatic
  • OS: Win 7 & Slackware

Posted 04 January 2012 - 01:15

Thanks for the replies. I am running into hitches with each of the solutions. Yes, my command prompt is admin.

First reply:

regsvr32 wwapi.dll
[Window Title]
RegSvr32

[Content]
The module "wwapi.dll" was loaded but the entry-point DllRegisterServer was not found.

Make sure that "wwapi.dll" is a valid DLL or OCX file and then try again.

[OK]

regsvr32 wuaueng.dll > Registerred with no problems.

regsvr32 wuaueng11.dll
[Window Title]
RegSvr32

[Content]
The module "wuaueng11.dll" failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.

The specified module could not be found.


[OK]

regsvr32 wucltui.dll
[Window Title]
RegSvr32

[Content]
The module "wucltui.dll" failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.

The specified module could not be found.


[OK]

regsvr32 wups.dll > Registerred successfully.

regsvr32 wups2.dll > Registerred successfully.

regsvr32 wuweb32.dll > Registerred successfully.



Second reply:
Here's my output.
C:\Windows\system32>C:\Users\Recon\Desktop\ba.bat

C:\Windows\system32>sc config MpsSvc start= auto
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


C:\Windows\system32>sc config KeyIso start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Windows\system32>sc config BFE start= auto
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


C:\Windows\system32>sc config FwcAgent start= auto
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


C:\Windows\system32>net stop MpsSvc
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net start MpsSvc
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net stop KeyIso
The CNG Key Isolation service is stopping.
The CNG Key Isolation service was stopped successfully.


C:\Windows\system32>net start KeyIso
The CNG Key Isolation service is starting.
The CNG Key Isolation service was started successfully.


C:\Windows\system32>net stop BFE
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net start BFE
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net stop FwcAgent
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net start FwcAgent
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


Third reply:
Farbar Service Scanner
Ran by Recon (administrator) on 03-01-2012 at 18:16:05
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Auto. The default start type is 3.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Will try second suggestion in a moment.

#6 wahoospa

wahoospa

    Neowinian

  • Joined: 05-July 07
  • Location: South Carolina

Posted 04 January 2012 - 01:26

Did you go see if you could get the firewall going yet? I noticed also not all dll will re-register at times.
Your firewall is still in the machine it is just disabled.
I just repaired one for that problem yesterday.
I know that the 'regsvr32 wuaueng.dll' will cause the machine to get updates when the machine refuses.

#7 OP Reacon

Reacon

    [VGW] Woohoo!

  • Joined: 12-May 08
  • Location: Katabatic
  • OS: Win 7 & Slackware

Posted 04 January 2012 - 01:50

Farstrider confirmed for being genius. It worked!

And of course, thank you wahoospa for contributing as well :)

But one last problem. FSS seems to think System Restore is still offline, and I cannot repeat the steps that you laid out like I did with Security Center, because it says the keys are in use. I even tried doing the sdrsvc.reg in safemode, and it returned that message.

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.


Not that I've ever used System Restore, or feel like I will at any point. It would be nice to have, however.

#8 +goretsky

goretsky

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 12-March 04
  • Location: Southern California

Posted 04 January 2012 - 02:01

Hello,

Typical behavior for a system infected with the ZeroAccess (a/k/a Win32/Sireref) rootkit. Since the rootkit takes control before the operating system loads it will deflect attempts to bypass/remove it.

Here are some write-ups discussing it: ESET, McAfee, Symantec and Webroot (Prevx).

Regards,

Aryeh Goretsky

#9 Farstrider

Farstrider

    The Clash

  • Joined: 16-March 03
  • Location: Somerset West, Cape Town, SA
  • OS: Arch Linux

Posted 04 January 2012 - 02:08

I would run MBAM to make sure that everything is clean! Also do a check for any root-kits:

Also download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

System restore is normally on by default is it not? I am not a windows user so I have to admit to not knowing this (Can't remember tbh!)

Navigate to the Start -> All Programs -> Accessories -> System Tools program group.

Click on the System Restore program icon.

Click Next > on the Restore system files and settings window.

You will be able to see here if it's actually working or not don't run it obviously but you should be able to see if it's on or not! Also as far as I know that message that you got about VSS is normal!


System Restore:
=============
VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.
The ImagePath of VSS service is OK.

Going to bed now, it's almost 4.30 am here, I will check later to see what your outcome is, cheers!

#10 OP Reacon

Reacon

    [VGW] Woohoo!

  • Joined: 12-May 08
  • Location: Katabatic
  • OS: Win 7 & Slackware

Posted 04 January 2012 - 03:09

@goretsky: Thank you for the information. I checked for the files in your first link, and they were either missing, or not the same size. I do not wish to run the removal tool right now as I'm too lazy to restart my computer for a third time tonight.

@Farstrider
I did not complete the scan because I am running short on time, myself. My filesystem has lots of small files like game settings, Firefox cache files, and Windows Live Mail caches. It scanned what I think is about halfway, in half an hour. It scanned the registry as well. SPTD is a driver for Daemon Tools which I use to mount disk images.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-03 19:57:59
Windows 6.1.7601 Service Pack 1
Running: ynummlu1.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1																								 771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2																								 285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0																								 1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC																   
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0															    0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12															 0x9B 0x71 0xD3 0x77 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0															    C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0															    0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001														  
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12												    0xA1 0xD7 0x85 0xEE ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0													   0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0												     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12											   0x35 0x9B 0xFE 0x22 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1												     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12											   0x7B 0xE1 0xDC 0xD4 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)											   
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0																    0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12																 0x9B 0x71 0xD3 0x77 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0																    C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0																    0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)									  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12													    0xA1 0xD7 0x85 0xEE ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0														   0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)							     
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12												   0x35 0x9B 0xFE 0x22 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)							     
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12												   0x7B 0xE1 0xDC 0xD4 ...
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\KISS\ƒJƒXƒ^ƒ\x20acƒ\x81ƒCƒh3D\Installer.exe  1

---- EOF - GMER 1.0.15 ----



And also, System Restore seems to be functioning. I do not care to roll back my system right now, so no concrete testing. But I opened the wizard and cycled through a couple of pages.

I also ran MBAM yesterday (as stated in OP).

Thank you for your help, even though you were a little too babying :) Have a good night.

#11 HappyAndyK

HappyAndyK

    Neowinian

  • Joined: 06-December 07

Posted 07 January 2012 - 13:34

Have you tried first running the System File Checker and/or the Windows Firewall Troubleshooter from Microsoft?

#12 pyrite123

pyrite123

    Resident One Post Wonder

  • Joined: 11-March 12

Posted 11 March 2012 - 23:50

You can also try this:

download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Then: Check your log file for missing entries.
Following steps involve registry editing. Please create new restore point before proceeding!!!

Download Seven.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file.
You'll find several files inside.
As an example do the following:

Right click on bfe.reg file, click "Merge".
Allow registry merge.
Right click on mpssvc.reg file, click "Merge".
Allow registry merge.

Restart computer.

Click Start and in "Start search" type in:
regedit
Press Enter.

Registry editor will open.

Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Alow" in "Full control" row.
Click OK.

In a set of files you downloaded in previous step find start_services.bat.
Double click on it to run the fix.

Check on firewall issue and check new FSS log.

Hope that this helps!


Thank you so much! I wasn't having the same exact issue as the thread starter but with Action Center instead. I tweaked a couple of steps slightly but managed to fix everything with the stuff you provided. Thanks much!

Damn Avast just decides to start destroying system files and registry keys and crashed my system on the next restart. It was a fresh install of Avast and I literally just finished reinstalling windows 7 five minutes before Avast started attacking my system. Anti-virus programs are the true viruses. I did a system restore but it didn't repair all the files it deleted. This was just what I needed!

#13 Geepee63

Geepee63

    Resident One Post Wonder

  • Joined: 01-May 12

Posted 01 May 2012 - 00:57

You can also try this:

download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Then: Check your log file for missing entries.
Following steps involve registry editing. Please create new restore point before proceeding!!!

Download Seven.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file.
You'll find several files inside.
As an example do the following:

Right click on bfe.reg file, click "Merge".
Allow registry merge.
Right click on mpssvc.reg file, click "Merge".
Allow registry merge.

Restart computer.

Click Start and in "Start search" type in:
regedit
Press Enter.

Registry editor will open.

Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Alow" in "Full control" row.
Click OK.

In a set of files you downloaded in previous step find start_services.bat.
Double click on it to run the fix.

Check on firewall issue and check new FSS log.

Hope that this helps!

@Farstrider thanks a million you are a God send. Microsoft as usual were no help and even cut me off a chat window, great customer service. My problem and solution went exactly like Reacon, we must have had the same virus. I knew I picked one up but I didnt realise the damage it had done. Keep up the good work. If it wasnt for people like yourself helping others along, then a lot of us would be completely stuck. 5 stars!

#14 Freqman

Freqman

    Resident One Post Wonder

  • Joined: 15-May 12

Posted 15 May 2012 - 16:52

I am not sure if you've tried this yet!

You can start the following services manually:

Windows Firewall (MpsSvc)
CNG Key Isolation (KeyIso)
Base Filtering Engine (BFE)
Firewall Client Agent (FwcAgent)

To do this, follow the steps below:
Click Start, type Notepad in the Start Search box (Windows Vista) or the Search programs and files box (Windows 7), and then click Notepad in the programs list.

Highlight the following text, right click the highlighted text, and then click Copy. Go to Notepad, right click anywhere in the Notepad window, and then click Paste.





Click File, click Save As, and then type Repair.bat in the File name box.

Click the Save as type dropdown, then click All Files (*.*).

In the left window pane, click Desktop, and then click Save.

On the File menu, click Exit.

From your Desktop, right click the Repair.bat file that you saved in step 5, and then click Run as administrator. This action starts the required services.
Note If you are prompted for confirmation, click Yes.

Try to start the Windows Firewall again. If you can start Windows Firewall, delete the Repair.bat file. To delete the Repair.bat file, right-click Repair.bat, click Delete, and then click Yes.



I had to register over here just to thank you.. so thanks a lot, it fixed my problem !

And also thanks to Reacon because his tips also were very helpfull!

#15 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 15 May 2012 - 17:00

I know your issue is probably fixed. But I ran into a problem where the windows firewall service wouldn't start. It turned out a dependency service BFE couldn't start because the file bfe.dll.mui was missing from the c:\windows\system32\en-us folder. After copying that file from a windows installation inside a VM everything worked great.



Click here to login or here to register to remove this ad, it's free!