Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security will not start/firewall/network sharing due to Vista Security 2012 virus


  • Please log in to reply
9 replies to this topic

#1 daxlw

daxlw

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 20 December 2011 - 10:06 AM

I was infected with the Vista Security 2012 virus. I have since run Malware, Spybot, CCleaner, Microsoft Security Essentials, Microsoft Fix It. It has disabled my firewall and windows security and network sharing. I am unable to turn them on. I have tried to do the windows repair with my disk, that did not help, sfc/scannow has not helped. I do not have a system restore point to go back to either, it was erased. Im stuck. Help.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 AM

Posted 20 December 2011 - 11:34 PM

Welcome aboard Posted Image

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 daxlw

daxlw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 21 December 2011 - 03:02 PM

Farbar Service Scanner
Ran by DAx (administrator) on 21-12-2011 at 13:52:50
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
********************************************************

Internet Services:
=================

Connection Status:
=================
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
================
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
========================


System Restore:
==============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
==============================


File Check:
==========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 06:22] - [2011-09-20 15:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-06-01 16:40] - [2009-04-11 00:28] - 0407552 ____A (Microsoft Corporation) 5DE62C6E9108F14F6794060A9BDECAEC

C:\Windows\system32\bfe.dll
[2009-06-01 16:39] - [2009-04-11 00:28] - 0334848 ____A (Microsoft Corporation) C789AF0F724FDA5852FB9A7D3A432381

C:\Windows\system32\Drivers\mpsdrv.sys
[2008-01-20 20:25] - [2008-01-20 20:25] - 0064000 ____A (Microsoft Corporation) 22241FEBA9B2DEFA669C8CB0A8DD7D2E

C:\Windows\system32\SDRSVC.dll
[2008-01-20 20:23] - [2008-01-20 20:23] - 0104960 ____A (Microsoft Corporation) 716313D9F6B0529D03F726D5AAF6F191

C:\Windows\system32\vssvc.exe
[2009-06-01 16:40] - [2009-04-11 00:28] - 1055232 ____A (Microsoft Corporation) DB3D19F850C6EB32BDCB9BC0836ACDDB

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 AM

Posted 21 December 2011 - 08:01 PM

It looks like you have several registry keys missing.

Let's see....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bfe /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Edited by Broni, 21 December 2011 - 08:02 PM.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 daxlw

daxlw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 21 December 2011 - 11:00 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 21:58 on 21/12/2011 by DAx
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bfe]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC]
(Unable to open key - key not found)

-= EOF =-

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 AM

Posted 21 December 2011 - 11:38 PM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download following zipped file: http://www.filedropper.com/temp_11
Unzip it.
You'll find two files inside:
- MpsSvc.reg
- bfe.reg

In each case right click on the file, click "Merge".
Allow registry merge.
Restart computer and post new FSS log.

Edited by Broni, 21 December 2011 - 11:39 PM.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 daxlw

daxlw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 22 December 2011 - 09:10 PM

Farbar Service Scanner
Ran by DAx (administrator) on 22-12-2011 at 20:07:30
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
********************************************************

Internet Services:
=================

Connection Status:
=================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
================
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
========================


System Restore:
==============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
==============================


File Check:
==========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 06:22] - [2011-09-20 15:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-06-01 16:40] - [2009-04-11 00:28] - 0407552 ____A (Microsoft Corporation) 5DE62C6E9108F14F6794060A9BDECAEC

C:\Windows\system32\bfe.dll
[2009-06-01 16:39] - [2009-04-11 00:28] - 0334848 ____A (Microsoft Corporation) C789AF0F724FDA5852FB9A7D3A432381

C:\Windows\system32\Drivers\mpsdrv.sys
[2008-01-20 20:25] - [2008-01-20 20:25] - 0064000 ____A (Microsoft Corporation) 22241FEBA9B2DEFA669C8CB0A8DD7D2E

C:\Windows\system32\SDRSVC.dll
[2008-01-20 20:23] - [2008-01-20 20:23] - 0104960 ____A (Microsoft Corporation) 716313D9F6B0529D03F726D5AAF6F191

C:\Windows\system32\vssvc.exe
[2009-06-01 16:40] - [2009-04-11 00:28] - 1055232 ____A (Microsoft Corporation) DB3D19F850C6EB32BDCB9BC0836ACDDB

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 AM

Posted 22 December 2011 - 10:35 PM

We fixed two registry keys.
Now, you still have two other missing.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Click Advanced.
Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.


Download following zipped file: http://www.filedropper.com/temp_12
Unzip it.
You'll find two files inside:
- legacy_MpsSvc.reg
- legacy_bfe.reg

In each case right click on the file, click "Merge".
Allow registry merge.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart computer and post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 daxlw

daxlw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 24 December 2011 - 11:01 AM

Farbar Service Scanner
Ran by DAx (administrator) on 24-12-2011 at 10:01:16
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 06:22] - [2011-09-20 15:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-06-01 16:40] - [2009-04-11 00:28] - 0407552 ____A (Microsoft Corporation) 5DE62C6E9108F14F6794060A9BDECAEC

C:\Windows\system32\bfe.dll
[2009-06-01 16:39] - [2009-04-11 00:28] - 0334848 ____A (Microsoft Corporation) C789AF0F724FDA5852FB9A7D3A432381

C:\Windows\system32\Drivers\mpsdrv.sys
[2008-01-20 20:25] - [2008-01-20 20:25] - 0064000 ____A (Microsoft Corporation) 22241FEBA9B2DEFA669C8CB0A8DD7D2E

C:\Windows\system32\SDRSVC.dll
[2008-01-20 20:23] - [2008-01-20 20:23] - 0104960 ____A (Microsoft Corporation) 716313D9F6B0529D03F726D5AAF6F191

C:\Windows\system32\vssvc.exe
[2009-06-01 16:40] - [2009-04-11 00:28] - 1055232 ____A (Microsoft Corporation) DB3D19F850C6EB32BDCB9BC0836ACDDB

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 AM

Posted 24 December 2011 - 12:01 PM

I only found out lately that those firewall related registry keys are computer specific and they can't be replaced by copying them from another computer.
You have two choices:
- reinstall Windows
- use 3rd party firewall like Comodo free firewall: http://personalfirewall.comodo.com/free-download.html

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users