Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall wont start.


  • Please log in to reply
3 replies to this topic

#1 TheBlessed

TheBlessed

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 28 June 2012 - 01:16 PM

Hello. I've been using Windows Vista 32-Bit for long time with this pc.

After scanning with a few anti-virus programs, I've noticed that my pc is getting virus almost everytime I check with my scanner (I check seldomely)

So I've checked my firewalls, and it says it is OFF, and cannot be turned on. It gives me this error :

Posted Image

And I also tried to turn it back on from the Security Center, but it did not work as well. In addition, I've also noticed a part of my pc

Was infected and broken as well by the FSS Scan.

Here is the FSS Scan log as of now :

Farbar Service Scanner Version: 25-06-2012 01
Ran by minsu (administrator) on 28-06-2012 at 11:15:01
Running from "C:\Users\minsu\Desktop"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys
[2006-11-02 01:57] - [2006-11-02 01:57] - 0068096 ____A () 72915A93F0D0AE5334E3808B4CD71BB1

ATTENTION!=====> C:\Windows\system32\Drivers\tdx.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2010-07-04 05:10] - [2010-07-04 05:10] - 0265912 ____A (Microsoft Corporation) 0D5AD0E71FF5DDAC5DD2F443B499ABD0

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Any help and replies would be appreciated.

I hope to get this fixed.

Edited by hamluis, 28 June 2012 - 03:51 PM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:17 PM

Posted 28 June 2012 - 01:34 PM

There is a driver infected (patched by malware);
ATTENTION!=====> C:\Windows\system32\Drivers\tdx.sys IS INFECTED AND SHOULD BE REPLACED.


1. Download TDDSKiller

  • Launch it.
  • Click on change parameters-Select TDLFS file system.
  • Click on "Scan".
  • Please post the LOG report(log file should be in your C drive).

2. Download aswMBR

  • Launch it. Allow it to download latest Avast! virus definitions.
  • Click the "Scan" button to start scan. After scan finishes, click on Save log.

If you have any problems with running this programs or if you're getting a BSOD (Blue Screen or Death), please mention.

#3 TheBlessed

TheBlessed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 28 June 2012 - 07:08 PM

Hello ELFasso.

I've ran the current programs you've informed me, and after the scans, firewall began work just as fine.

However, I can't seem to have my internet function ( I'm currently on my laptop ) , and it is forever ' Identifying ' the

local area connection. As the picture shown below :

Posted Image

In addition, here is the FSS Log :

[Farbar Service Scanner Version: 25-06-2012 01
Ran by minsu (administrator) on 28-06-2012 at 17:03:21
Running from "C:\Users\minsu\Desktop"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx: "system32\drivers\tsk17F6.tmp".


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2010-07-04 05:10] - [2010-07-04 05:10] - 0265912 ____A (Microsoft Corporation) 0D5AD0E71FF5DDAC5DD2F443B499ABD0

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Thank you again for helping me through out.

Edited by TheBlessed, 28 June 2012 - 07:10 PM.


#4 TheBlessed

TheBlessed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 28 June 2012 - 07:48 PM

Close thread please. Making new topic for the internet issue.

New Thread : http://www.bleepingcomputer.com/forums/topic458695.html

Edited by TheBlessed, 28 June 2012 - 07:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users