Tweaking.com Support Forums
Main Forum => General Computer Support => Topic started by: Wiloroc on March 16, 2014, 06:07:12 pm
-
I have windows 7 professional service pack 1, 32 bit. Running on a Toshiba Protégé 830 laptop.
I have Microsoft security Essentials and have been using Windows Firewall since the original purchase of the machine.
After an update sent by Microsoft in the fall of last year which I had some trouble getting to load without failures. The msiexec.exe file was constantly running which caused the fan on the cpu to run constantly. If the program was left "unsuspended" in resource monitor a blue screen crash would occur if I used malwarebytes to scan it. That is issue cleared it self about two weeks ago and I have not had that as a problem since. (I have no Idea what caused it to start being a problem or end being one, in any case it no longer happens.)
Malwarebytes did not find any viruses. MS Security Essentials did not find viruses.
However during the troubleshooting I noticed that the Windows firewall was not running and would not start. In services I get the following message "Windows could not start the Windows Firewall on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service contact the service vendor and refer to the service-specific error code -2144206818." The system Event Log has the firewall listed as 7024 and reports"The Windows Firewall service terminated with service-specific error %%-2144206818."
I used the tweaking.com program today in an attempt to fix this error. It did not work. The windows Firewall Authorization Driver - reports that it is started and working. The base Filtering Engine had been stopped but is not started and working as expected - restarting each time the computer is restarted.
I am at a loss on what to do next? Ideas?
-
Hidden rootkits will target the firewall as well, did you try malwarebytes anti rootkit tool yet?
Also when you ran my repair tool did you make sure to run all the repairs?
Shane
-
Ok I just ran the ROOTKIT tool BETA version - no infections found!
And yes I ran all of the repairs listed.
Computer seems to be running a little slower now but that could be my imagination.
james
-
Ok, normally the repairs get them working again as long as their isnt a virus or rootkit there taking them back out lol.
So if the system is clean and they still are not coming back up then there may be something else wrong that in turn wont let them startup, seen that happen on a machine where th com+ got corrupted.
Can you post a screen shot of the actual error for me please? :wink:
Shane
-
Ok here is the screen shot:
-
Ok go and try to start the bits service and see what error you get. If you get a access denied error you might have corrupted com+ as well. But lets see what that says first.
If it is a corrupt com+ then you will get a error if you go to the control panel, open administrative tools and then Component Services.
When that opens expand "Component Services" on the left, then under that expand computers and then my computer.
Then under the click on Com+ Applications. Do you get a error when you click on that?
Shane
-
No error. See screen shot.
Also no error when I started COM+ service from service application. See screen shot.
And still no go on the firewall - see screen shot.
I did not see anything call "bit services" - I take it that is the COM+ service.
-
Bits is the "Background Intelligent Transfer Service" And it shows that it is running.
Also your com+ looks good so that isnt the problem.
The Windows firewall does depend on WMI. So if WMI isnt working then the firewall would fail as well.f But is it WMI or something else.
The one thing about the firewall is it depends on a lot of other things, which is a bad design lol
So far everything is checking out fine. Services are there, permissions are good, no infections.
We could test is WMI works by seeing if this tool is able to do anything
http://www.microsoft.com/en-us/download/details.aspx?id=8572
Also have you ran SFC /Scannow on the system yet? And does the event viewer show anything after you try to start the firewall?
Shane
-
Ok, the wmi program opened - one of the screen shots below shows result - did not know how what to do to test it.
I did run sfc /scannow - after that and other "fixes" the firewall started then when I checked it again it was stooped and reporting the same error you have seen.
Your questions reminded me of the logs from the tweaking.com windows repair program. So I attached what I thought would be helpful let me know what you may need other than these.
-
Holy crap you have a lot of things running in the back ground lol
Process Count: 134
The more processes running the slower the system will be and the longer boot up will be as well. You should consider cleaning up what programs you have set to run at startup :-)
And sorry, on the WMI creator I should have tool you what to do. I attached a screen shot, click the 2nd drop down list and choose Win32_Process, then in the list below click on caption and then click the button on search for properties values.
If WMI is working right then the box below should fill up with the process names on the system.
Shane
-
Hello again, I have been out of town and out of touch.
I am back again to get this issue solved, especially with the new revelation of the SSL issue with websites.
Here is screen shot of WMI check. It looks like the screen shot you provided.
Most of what is in the background came that way with the computer. I have weeded it out using glary utilities. I'll keep working it. But I am sure that is not what is blocking the firewall.
-
So far everything is checking out. I wonder if it isnt a permissions or registry problem but maybe a system file it needs has been replaced or missing.
One option is to do a repair install, this way any missing files or settings get replaced while still keeping all your programs.
Firs you need a Windows 7 disk that has SP1 on it. You can grab it here
https://sites.google.com/site/linuxlablibrary/windows-iso
Then just follow this :-)
http://www.sevenforums.com/tutorials/3413-repair-install.html
Shane
-
So that was fun - it took all night to upgrade.
However, the firewall still does not start, the computer seams to run slower, and the links in emails now don't work, all of this is backed by screen shots
-
I did a lookup on the outlook error and it seems to have something to do with IE itself.
Do you have chrome or firefox? If you do open one of them and make sure to set it as your default browser.
Also now that the repair install is done are you able to go and do all the Windows updates?
Shane
-
Yes, all of the essentials and the optionals I chose. took a bit but they downloaded and installed.
Today I got the pop up shown in the screen shot below. The code I used was the one on the bottom of the computer.
and the firewall still does not start. Same exact error code it was presenting before.
And also my chasis fan is running alot more than before, dumping a lot of heat.
-
The automated phone system should let you activate your keycode on the sticker. So just do that and that should take care of that part.
As for the firewall, what antivirus is currently installed? And does that AV have a firewall service of its own?
Shane
-
Your fan is running much more. Use Task Manager to see if there's a process that takes a lot of CPU time.
-
I use Microsoft Security Essentials
The Links between Outlook and IE are back working after the auto upgrade to IE 11.
Still no Firewall.
-
Forgot to mention the authorization by phone worked like a charm!
I think the fan was going because so many downloads- upgrades were coming through as I was working.
-
Yeah the fan will kick up more when the system gets hotter, and the more the CPU is working the more heat it makes :-)
When the cpu isnt under heavy use, Windows slows the cpu down, uses less power and thus less heat. When the CPU is under a full load it is going full speed, pulling more power and makes a lot more heat.
So from what I can tell everything else is working fine just like it should, all except the firewall. Did you try the Windows Repair after the repair install of Windows yet? Newest version of my tool is v2.6.2
Shane
-
Back again finally.
Nothing has worked yet. The latest version of tweaking did not cure the problem.
I tried the Microsoft troubleshooter. It seems to find something but then cannot communicate it with the Microsoft servers.
Any more ideas?
-
OK try this, I have seen some viruses change the permissions on the firewall service to where noting can change them back, not even the system. But there is a way to fix it.
So lets see if you are able to access anything under that service in the registry.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
See if you are able to click on and read all the sub folders under it, let me know if you get any permission denied errors. :wink:
Shane
-
Ok, Here are some screenshots of what I found. I could access everything under sharedaccess. Some had permissions that seemed funky - screen shots.
Let me know what you think
-
MpsSvr shouldnt be listed in there, try removing that and reboot and see what happens :-)
Shane
-
No change.
Went through every sub folder in "shared access" to be sure it was removed.
-
In that last screen shot you will see the regkey Depends on service, go check each of those services as well and see if their permissions are different :wink:
Shane
-
I have tried to reply three times before this with out the result of the reply going through. Do not know why.
I did what you said to do with the permissions and traced all of the "depends" on items. I have a bunch of screen shots that I have loaded too many times to do it again.
I will load a couple here now if you want to see specific ones let me know.
Still no change in the fire wall performance.
-
I wouldnt mind taking a look at this and see if I can find why it wont start, if I can find the reason then I might be able to add it to my Windows Repair :-)
Send me an email
shane at tweaking.com
and I will use teamviewer and connect and work with you on it. At this point I am really curious to what the problem is.
Shane
-
Wow, my computer is running faster than I can ever remember!
The firewall is responding as advertised and is catching up with all my programs quickly and appropriately.
GREAT JOB, SHANE!!! :smiley: :smiley: :smiley: :smiley:
-
Shane, I'm really curious as to what solved the Windows Firewall problem, here. I read all two pages and suddenly the problem was solved. What was it? Is there a lesson for us all or a singular occurrence? Just trying to learn a little something along the way.... ~ha~!
-
I think I was supposed to post all of these for Shane after he repaired my firewall:
[Shane] OK so i went through the two files and compared them on my test stations.
These reg keys are not in my reg file and are not any of my systems. I am going to see if my firewall breaks when i add these registry keys. And if so I will have my repair remove them (See below - "Whole set of keys from reg file".)
[Shane]
Yep! I applied those registry keys and my firewall is broken. I will remove 1 key at a time and see which one gets it working and get an update of the Windows repair out :-D
[Shane]
OK I deleted the first one and my firewall started right up!
This is the key that broke your firewall. The other keys don't seem to be hurting the firewall but since they are not on a normal system I might remove them as well.
*******
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\ConSecRules]
"{9C3AA536-7CE1-46E1-90FC-F9EF3A461776}"="v2.10|Action=Secure|Active=TRUE|EP2_4=172.22.2.1-172.22.2.255|EP2_4=192.168.1.1-192.168.1.254|EP2_4=172.21.1.1-172.21.1.254|LTunnel4_2=0.0.0.0|Name=Office hook up|Desc=|Auth1Set={2AA5D397-6DA6-4E80-9D5E-52D7A6F0EC04}|Crypto2Set={E5A5D32A-4BCE-4e4d-B07F-4AB1BA7E5FE2}|EmbedCtxt=|"
*********
[Wiloroc]
I removed them all! If I need them the system will tell me or add them back in.
*********
Whole set of keys from reg file
**********
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\ConSecRules]
"{9C3AA536-7CE1-46E1-90FC-F9EF3A461776}"="v2.10|Action=Secure|Active=TRUE|EP2_4=172.22.2.1-172.22.2.255|EP2_4=192.168.1.1-192.168.1.254|EP2_4=172.21.1.1-172.21.1.254|LTunnel4_2=0.0.0.0|Name=Office hook up|Desc=|Auth1Set={2AA5D397-6DA6-4E80-9D5E-52D7A6F0EC04}|Crypto2Set={E5A5D32A-4BCE-4e4d-B07F-4AB1BA7E5FE2}|EmbedCtxt=|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DefaultInboundAction"=dword:00000001
"DefaultOutboundAction"=dword:00000000
"DisableUnicastResponsesToMulticastBroadcast"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase1AuthenticationSets]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase1AuthenticationSets\Anonymous]
"Version"="2.10"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase1AuthenticationSets\Anonymous\0000]
"Method"="Anonymous"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase1AuthenticationSets\{2AA5D397-6DA6-4E80-9D5E-52D7A6F0EC04}]
"Version"="2.10"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase1AuthenticationSets\{2AA5D397-6DA6-4E80-9D5E-52D7A6F0EC04}\0000]
"CAName"="C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root"
"CertAccountMapping"="FALSE"
"ExcludeCAName"="FALSE"
"HealthCert"="FALSE"
"Method"="MachineCert"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase2AuthenticationSets]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase2AuthenticationSets\EmptySet]
"Version"="2.10"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DefaultInboundAction"=dword:00000001
"DefaultOutboundAction"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable]
"PolicyVersion"=dword:0000020a
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DefaultInboundAction"=dword:00000001
"DefaultOutboundAction"=dword:00000000
-
I applied the changes to the new version of the Windows Repair to remove those registry keys now since they are not normally on a system for the Windows firewall :-)
The one that killed his firewall was
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\ConSecRules
Shane