Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista firewall exceptions not working


  • This topic is locked This topic is locked
21 replies to this topic

#1 gm1138

gm1138

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:54 AM

Posted 23 November 2013 - 06:19 AM

I'm running Vista Home Basic SP2, currently without any antivirus software or additional firewall installed.

 

I uninstalled a VMWare product, and now I can't connect to the internet while the Windows Firewall is turned on.

 

I've clicked the option to reset the firewall to recommended settings. I also deleted all the programs from the exception list and re-added them, but these programs still can't access the internet.

 

Just in case it's important, Vista came pre-installed with my laptop and I have no recovery CD. The recovery partition doesn't appear to work, so I don't think I have any way of re-installing the firewall.

 

Any help would be greatly appreciated, thanks!

 

GM


Edited by gm1138, 23 November 2013 - 06:19 AM.


BC AdBot (Login to Remove)

 


#2 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 23 November 2013 - 08:17 PM

Without the recovery or repair disk, a system file checker is not an option at this point. What does it mean when recovery partition is not working? Please post the computer model next time.


Tekken
 


#3 gm1138

gm1138
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:54 AM

Posted 24 November 2013 - 03:57 AM

Hi BC Advisor-

 

I'm on a Compaq Presario CQ-50z-100.

 

When I run sfc /scannow, it reports that problems were found and will attempt to fix them on the next reboot. The log only shows issues with some sidebar widgets, but my sidebar is turned off.

 

What does it mean when recovery partition is not working?

I can't actually boot from the recovery partition. I get a "Files Loading" progress bar and then the system reboots.

 

GM


Edited by gm1138, 24 November 2013 - 03:57 AM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 24 November 2013 - 05:26 AM

The recovery partition doesn't appear to work, so I don't think I have any way of re-installing the firewall.

Hi -

Please tell us what method you are trying to use for accessing the Recovery Partition, it should be F1 or similar.
Are you aware that all current data will be removed and it will be Factory restored ?

 

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

  • Make sure the following options are checked:

     

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services

     

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Thank You -



#5 gm1138

gm1138
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:54 AM

Posted 24 November 2013 - 11:13 PM

Thanks, Aussie Addict! Here's my FSS log with Microsoft Firewall turned ON. It appears there are several major security issues. (I had a virus a few years ago, and I thought it had been fixed. A few months ago I uninstalled my antivirus and a third-party firewall. I don't plan to leave the computer unprotected, this is a backup computer and I'm just trying to clean it up for upcoming projects.)

 

Farbar Service Scanner Version: 23-11-2013
Ran by Administrator (administrator) on 24-11-2013 at 22:44:12
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-15 06:19] - [2013-07-04 22:20] - 0914880 ____A (Microsoft Corporation) 6D0D344F643E28B31262AC2682109A3C
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 

 

**** End of log ****
 
With Microsoft Firewall off, it is slightly different:
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo.com is accessible.
 

 

Please tell us what method you are trying to use for accessing the Recovery Partition, it should be F1 or similar.
Are you aware that all current data will be removed and it will be Factory restored ?

Yes, choosing one of the F-keys (I don't recall which) allows me to select the Recovery Partition at boot. I wasn't aware of what options the RP offers, as I haven't been able to boot into it for years, probably due to the virus. Honestly I'm OK with a factory restore at this point.


Edited by gm1138, 24 November 2013 - 11:17 PM.


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 24 November 2013 - 11:28 PM

Hi -

Are you sure there is still no other Firewall or similar program blocking you ??

 

First, I would install at the least a Free antivirus while on-line like => Install M.S.E.
http://windows.microsoft.com/en-US/windows/products/security-essentials

 

Next -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

Thank You -



#7 gm1138

gm1138
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:54 AM

Posted 27 November 2013 - 10:52 PM

Thanks noknojon. Here's my checkup.txt file:
 
Results of screen317's Security Check version 0.99.77  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 WinPatrol 
 Duplicate Cleaner Free 3.0.1  
 Duplicate Cleaner 1.3   
 SlimCleaner     
 JavaFX 2.1.0    
 Java™ 6 Update 30  
 Java™ 6 Update 22  
 Java 7 Update 9  
 Java™ 6 Update 5  
 Java version out of Date! 
 Adobe Flash Player 11.4.402.287  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox 17.0.1 Firefox out of Date!  
 Google Chrome 28.0.1500.95  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 WinPatrol winpatrol.exe 
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 11 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

Are you sure there is still no other Firewall or similar program blocking you ??
I'm not certain of anything :) but looking through through my installed programs, I don't see anything that would have any reason for doing that.


#8 gm1138

gm1138
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:54 AM

Posted 27 November 2013 - 10:53 PM

I also installed Microsoft Security Essentials. The scan was clean.



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 28 November 2013 - 12:23 AM

JavaFX 2.1.0   
Java™ 6 Update 30 
Java™ 6 Update 22 
Java 7 Update 9 
Java™ 6 Update 5 
Java versions out of Date! Java Update to Version7 Update45. Do not accept (untick) any offered Add-on Toolbars or other extras, as they are not Program related. Uninstall All old versions from Programs and Features, as they are vulnerable to infections.

Mozilla Firefox 17.0.1 Firefox out of Date! File Hippo has Latest Version Firefox 26.0 Beta 8

 

Defragment your hard drive soon! (Do NOT defrag if SSD!) It is getting very clogged now - Ask if you can not Defrag and clean the Temp File Cache -

 

Google Chrome 28.0.1500.95  <= If you must use Chrome, then remove the old versions.

SlimCleaner - Duplicate Cleaner 1.3 are both not required (if you keep Duplicate Cleaner Free 3.0.1)
Personally (only), I would fully remove all Duplicate Cleaner versions.

 

 

Last -

Please read How To Temporarily Disable Your Anti-virus

Run ESETOnlineScanner

Please use Internet Explorer as the scanner uses ActiveX
If you will not use Internet Explorer, please see items 3 - 1 & 3 - 2

1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScanner in a new window.
2 .Click the eset online button.
3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

3 - 1 .Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to desktop.
3 - 2 .Double click on esetsmartinstaller_enu icon on your desktop.

Vista and Windows 7 & 8 users, Right click and select "Run as administrator"

4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:

* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer.

* Please be patient as this will take quite some time. Longer for a first time scan. Over 2 hours is not unusual.
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Thank You -



#10 gm1138

gm1138
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:54 AM

Posted 28 November 2013 - 04:06 AM

New Security Check log submitted below...

I updated Java and removed old versions.

I updated Firefox from their website (it's not 26.0 beta 8, but it says it is up to date, is that ok?)

I defragmented my HD and emptied %temp%

Google Chrome 28.0.1500.95 seems to be an old folder left behind during update, I trashed it. Chrome looks to be working fine without it.

SlimCleaner and Duplicate Cleaner are quite different programs I believe. I use DC a lot, so I'll keep both around for now.

I uninstalled Duplicate Cleaner 1.3, but it took 3.0.1 with it, so I reinstalled 3.2.1.

 

Adobe Reader claims it is up to date, but Security Check says it's out of date?

 

I see IE8 and IE9 both listed in the report. Should I uninstall IE8 in the "Uninstall or Change a program>Uninstall an update" control panel, or does IE9 rely on it?

 

I will run ESETOnline Scanner tomorrow (maybe- it's Thanksgiving holiday after all!)

 

Happy Turkey Day if you celebrate, Happy Thursday if you don't!

 

 Results of screen317's Security Check version 0.99.77  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 WinPatrol 
 Duplicate Cleaner Free 3.2.1  
 SlimCleaner     
 JavaFX 2.1.0    
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (25.0.1) 
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 WinPatrol winpatrol.exe 
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log`````````````````````` 


#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 28 November 2013 - 04:23 AM

Happy Turkey Day if you celebrate, Happy Thursday if you don't! <= Not done over here (its a Yank thing)

 

Adobe Reader XI is not supported in Vista, 10 is the standard, but you can Force it -

Here is a thread on the issue from Adobe: http://forums.adobe.com/message/4822684

 

Leave I.E. 8 & 9 as either could run in Vista (even I.E.10 now) -

 

Whenever you have time, post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only post the link)

 

Looking better, just update us when ever .........

 

Edited to add a few extra details -


Edited by noknojon, 28 November 2013 - 08:35 PM.


#12 gm1138

gm1138
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:54 AM

Posted 29 November 2013 - 12:16 PM

Run ESETOnlineScanner Please use Internet Explorer as the scanner uses ActiveX

I tried to run ESET Online Scanner in Internet Explorer, but the website said "You are trying to launch ESET Online Scanner in a different browser than Internet Explorer." I downloaded the ESET Smart Installer instead. It is running now...

 

My Speccy snapshot is here:

 
A couple things I noticed:
-Under network shares there is an Epson printer listed which I was never able to connect to and I deleted it from the Printers control panel. This entry may be causing a network error I get when I boot Vista. I'll need to remember the message next time (I've seen it so often I ignore it now.)
 
-The setting shown under Sharing and Discovery don't match the ones in Network and Sharing Center control panel.
 
-Windows Defender is shown as Disabled. When I try to turn it on, I get a warning "Windows Defender encountered an error: 0x80070424. The specified service does not exist as an installed service."


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 29 November 2013 - 05:02 PM

Printers - EPSON WF-7010 Series (Default Printer)
Printer Port: USB001:Print Processor: WinPrint
Availability: Always Priority: 1
Duplex: None
Print Quality: 360 * 360 dpi Color
Status: Unknown
 

Is this the printer that was never fully installed ? It is the only recognised printer -

You can Uninstall this from Programs and Features or (and) Printers in Control Panel.

 

 

Looking for the ESET post when it finishes ........

 

 

Thanks -



#14 gm1138

gm1138
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:54 AM

Posted 30 November 2013 - 01:48 AM

Is this the printer that was never fully installed ?
The Epson WF-7010 is my current printer. The Epson RX680 shown under Network shares is the one I couldn't connect to (through a network). 
 
However, I don't think that printer could be related to the warning I get at start up: "Could not reconnect all network drives. Click here to check the status of your network drives." Clicking just opens the control panel with no specific information displayed. I do have one network drive. Perhaps the network isn't ready yet when this message pops up? (I'm hesitant to delete the network drive to test a theory. It was incredibly difficult for me to map it in the first place and I didn't write down how I did it.) 
 
ESET says Infected Files: 0 Cleaned Files: 0

Edited by gm1138, 30 November 2013 - 01:50 AM.


#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 30 November 2013 - 02:45 AM

"Could not reconnect all network drives" <= See below -

Just as a brief question, how many computers are linked where you are ?

Microsoft Security Essentials is turned on, so Defender is not required at the moment -
Did you notice that your HDD is running a bit too "warm", so a clean-out may be your next job ..

 

Please list all problems that we can help with, and how this unit is running -

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users