Encountered it this weekend: 1. Deletes all restore points 2. Disables Security Center 3. Disables Firewall 4. Disabled Security Essentials live protection 5. Unregisters security center from services so it can't be manually restarted. This was a really nasty little bugger. SpyBot S&D Dec 16th definitions took the program out, but it left quite a bit of damage in it's wake. Uninstalling and reinstalling Security essentials only fixed the scanner. I had to find a registry entry online to get the security service listed back in my services to restart it. Unfortunately I can NOT get the firewall back up and working. Microsoft's Fixit does not work. Any tips or advice would be appreciated. This is Windows Vista SP2.

I should add, that this new variant of vista security 2012 wouldn't even let me restart into safe mode till I removed it.

I should add, that this new variant of vista security 2012 wouldn't even let me restart into safe mode till I removed it.

I'm having the same problem Everything else is fixed except for the firewall. Sure hope someone has an easy solution. I'm using Windows7.

Click Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy the below eleven lines and one blank line underneath and right click in the command prompt window and choose Paste). This will start its dependent services in the correct order. Then turn it on once started. sc config DCOMLaunch start= auto sc start DCOMLaunch sc config RpcSs start= auto sc start RpcSs sc config BFE start= auto sc start BFE sc config mpsdrv start= auto sc start mpsdrv sc config mpssvc start= auto sc start MpsSvc netsh firewall set opmode enable If you get an error message you can copy it by right clicking the window, choosing Mark, selecting the text, and press enter. -- .. -- "queen'y mom" wrote in message news:592bec85-f168-4484-877e-99168442764e... > I'm having the same problem Everything else is fixed except for the > firewall. Sure hope someone has an easy solution. I'm using Windows7. >

Click Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy the below eleven lines and one blank line underneath and right click in the command prompt window and choose Paste). This will start its dependent services in the correct order. Then turn it on once started. sc config DCOMLaunch start= auto sc start DCOMLaunch sc config RpcSs start= auto sc start RpcSs sc config BFE start= auto sc start BFE sc config mpsdrv start= auto sc start mpsdrv sc config mpssvc start= auto sc start MpsSvc netsh firewall set opmode enable If you get an error message you can copy it by right clicking the window, choosing Mark, selecting the text, and press enter. -- .. -- "queen'y mom" wrote in message news:592bec85-f168-4484-877e-99168442764e... > I'm having the same problem Everything else is fixed except for the > firewall. Sure hope someone has an easy solution. I'm using Windows7. >

Hi David I already found a similar set of instructions. But this is what I got when I tried them: Microsoft Windows [Version 6.0.6002] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Windows\system32>sc config DCOMLaunch start= auto [SC] OpenService FAILED 5: Access is denied. C:\Windows\system32>sc start DCOMLuanch [SC] StartService: OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc config RpcSs start= auto [SC] OpenService FAILED 5: Access is denied. C:\Windows\system32>sc start RpcSs [SC] StartService FAILED 1056: An instance of the service is already running. C:\Windows\system32>sc config BFE start= auto [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc start BFE [SC] StartService: OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc config mpsdrv start= auto [SC] ChangeServiceConfig SUCCESS C:\Windows\system32>sc start mpsdrv SERVICE_NAME: mpsdrv TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : C:\Windows\system32>sc config mpssvc start= auto [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc start MpsSvc [SC] StartService: OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>netsh firewall set opmode enable The service has not been started. C:\Windows\system32> I found this article to reinstall the BFE service, but a good number of the registry keys for the BFE service are missing. http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html I swear if I ever get my hands on a virus writer I'm going to.... I might have to tell my cousin his system is cooked and to reinstall. I'll see if he remembers where he went to get this virus so I can pass it on to the white hats. Looks like he had a fully patched system too.

In Regedit right click the following keys and choose Permissions. What do they say. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc The other two services are working, though RpcSs shouldn't give a security warning. What does its security say. -- .. -- "Don Engineer" wrote in message news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... > Hi David > > I already found a similar set of instructions. But this is what I got > when I tried them: > > Microsoft Windows [Version 6.0.6002] > Copyright (c) 2006 Microsoft Corporation. All rights reserved. > C:\Windows\system32>sc config DCOMLaunch start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start DCOMLuanch > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config RpcSs start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start RpcSs > [SC] StartService FAILED 1056: > An instance of the service is already running. > > C:\Windows\system32>sc config BFE start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start BFE > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config mpsdrv start= auto > [SC] ChangeServiceConfig SUCCESS > C:\Windows\system32>sc start mpsdrv > SERVICE_NAME: mpsdrv > TYPE : 1 KERNEL_DRIVER > STATE : 4 RUNNING > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > WIN32_EXIT_CODE : 0 (0x0) > SERVICE_EXIT_CODE : 0 (0x0) > CHECKPOINT : 0x0 > WAIT_HINT : 0x0 > PID : 0 > FLAGS : > C:\Windows\system32>sc config mpssvc start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start MpsSvc > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>netsh firewall set opmode enable > The service has not been started. > > C:\Windows\system32> > > > > I found this article to reinstall the BFE service, but a good number of > the registry keys for the BFE service are missing. > > http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html > > I swear if I ever get my hands on a virus writer I'm going to.... > > I might have to tell my cousin his system is cooked and to reinstall. > I'll see if he remembers where he went to get this virus so I can pass it > on to the white hats. Looks like he had a fully patched system too. > > > > > >

In Regedit right click the following keys and choose Permissions. What do they say. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc The other two services are working, though RpcSs shouldn't give a security warning. What does its security say. -- .. -- "Don Engineer" wrote in message news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... > Hi David > > I already found a similar set of instructions. But this is what I got > when I tried them: > > Microsoft Windows [Version 6.0.6002] > Copyright (c) 2006 Microsoft Corporation. All rights reserved. > C:\Windows\system32>sc config DCOMLaunch start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start DCOMLuanch > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config RpcSs start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start RpcSs > [SC] StartService FAILED 1056: > An instance of the service is already running. > > C:\Windows\system32>sc config BFE start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start BFE > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config mpsdrv start= auto > [SC] ChangeServiceConfig SUCCESS > C:\Windows\system32>sc start mpsdrv > SERVICE_NAME: mpsdrv > TYPE : 1 KERNEL_DRIVER > STATE : 4 RUNNING > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > WIN32_EXIT_CODE : 0 (0x0) > SERVICE_EXIT_CODE : 0 (0x0) > CHECKPOINT : 0x0 > WAIT_HINT : 0x0 > PID : 0 > FLAGS : > C:\Windows\system32>sc config mpssvc start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start MpsSvc > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>netsh firewall set opmode enable > The service has not been started. > > C:\Windows\system32> > > > > I found this article to reinstall the BFE service, but a good number of > the registry keys for the BFE service are missing. > > http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html > > I swear if I ever get my hands on a virus writer I'm going to.... > > I might have to tell my cousin his system is cooked and to reinstall. > I'll see if he remembers where he went to get this virus so I can pass it > on to the white hats. Looks like he had a fully patched system too. > > > > > >

PS To find out the name, which the command prompt uses, from the display name, which the Services application uses, type in a command prompt wmic service get name,displayname|more -- .. -- "Don Engineer" wrote in message news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... > Hi David > > I already found a similar set of instructions. But this is what I got > when I tried them: > > Microsoft Windows [Version 6.0.6002] > Copyright (c) 2006 Microsoft Corporation. All rights reserved. > C:\Windows\system32>sc config DCOMLaunch start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start DCOMLuanch > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config RpcSs start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start RpcSs > [SC] StartService FAILED 1056: > An instance of the service is already running. > > C:\Windows\system32>sc config BFE start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start BFE > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config mpsdrv start= auto > [SC] ChangeServiceConfig SUCCESS > C:\Windows\system32>sc start mpsdrv > SERVICE_NAME: mpsdrv > TYPE : 1 KERNEL_DRIVER > STATE : 4 RUNNING > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > WIN32_EXIT_CODE : 0 (0x0) > SERVICE_EXIT_CODE : 0 (0x0) > CHECKPOINT : 0x0 > WAIT_HINT : 0x0 > PID : 0 > FLAGS : > C:\Windows\system32>sc config mpssvc start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start MpsSvc > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>netsh firewall set opmode enable > The service has not been started. > > C:\Windows\system32> > > > > I found this article to reinstall the BFE service, but a good number of > the registry keys for the BFE service are missing. > > http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html > > I swear if I ever get my hands on a virus writer I'm going to.... > > I might have to tell my cousin his system is cooked and to reinstall. > I'll see if he remembers where he went to get this virus so I can pass it > on to the white hats. Looks like he had a fully patched system too. > > > > > >

PS To find out the name, which the command prompt uses, from the display name, which the Services application uses, type in a command prompt wmic service get name,displayname|more -- .. -- "Don Engineer" wrote in message news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... > Hi David > > I already found a similar set of instructions. But this is what I got > when I tried them: > > Microsoft Windows [Version 6.0.6002] > Copyright (c) 2006 Microsoft Corporation. All rights reserved. > C:\Windows\system32>sc config DCOMLaunch start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start DCOMLuanch > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config RpcSs start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start RpcSs > [SC] StartService FAILED 1056: > An instance of the service is already running. > > C:\Windows\system32>sc config BFE start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start BFE > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config mpsdrv start= auto > [SC] ChangeServiceConfig SUCCESS > C:\Windows\system32>sc start mpsdrv > SERVICE_NAME: mpsdrv > TYPE : 1 KERNEL_DRIVER > STATE : 4 RUNNING > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > WIN32_EXIT_CODE : 0 (0x0) > SERVICE_EXIT_CODE : 0 (0x0) > CHECKPOINT : 0x0 > WAIT_HINT : 0x0 > PID : 0 > FLAGS : > C:\Windows\system32>sc config mpssvc start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start MpsSvc > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>netsh firewall set opmode enable > The service has not been started. > > C:\Windows\system32> > > > > I found this article to reinstall the BFE service, but a good number of > the registry keys for the BFE service are missing. > > http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html > > I swear if I ever get my hands on a virus writer I'm going to.... > > I might have to tell my cousin his system is cooked and to reinstall. > I'll see if he remembers where he went to get this virus so I can pass it > on to the white hats. Looks like he had a fully patched system too. > > > > > >

1. If there are any third party security program (such as Norton, McAfee or others) installed, you may contact your antivirus program support to see if they have special update or tools to complete remove it. 2. Actually, the officially recommended method is still to format and re-install the compromised computer from a known good build (i.e. operating system CD + all security patches while disconnected from the network). For more information on hacking, please see these links: Help: I Got Hacked. Now What Do I Do? http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx How A Criminal Might Infiltrate Your Network http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/default.aspx Malicious Software Removal Tool http://www.microsoft.com/security/malwareremove/default.mspx The Day After: Your First Reponse To A Security Breach http://www.microsoft.com/technet/technetmag/issues/2005/01/IncidentResponse 3. You can also contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, contact Microsoft Product Support Services. For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates. I hope this helps. Thank you for your time and cooperation! (Please note that the newsgroups are staffed weekdays by Microsoft Support professionals to answer your non-urgent, break/fix systems and applications questions. Our goal is to provide 24 hour response to all questions. If this response time does not meet your needs, please contact Customer Service and Support (CSS) for more immediate assistance. For more information on available CSS services, please click here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607.) Sabrina TechNet Community Support

I got hit by a variant called Vista Antivirus 2012 and I can't get anything going. I only seem to be putting little patches in here and there and some of the items listed don't even appear in services. Oh well, back to the grind on this tomorrow. Just wanted to vent a bit. Thank you DavidMCandy for some of the help you have given. These other guys' answers make it so confusing.

I got hit by a variant called Vista Antivirus 2012 and I can't get anything going. I only seem to be putting little patches in here and there and some of the items listed don't even appear in services. Oh well, back to the grind on this tomorrow. Just wanted to vent a bit. Thank you DavidMCandy for some of the help you have given. These other guys' answers make it so confusing.

In Regedit right click the following keys and choose Permissions. What do they say. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc The other two services are working, though RpcSs shouldn't give a security warning. What does its security say. -- .. -- "Don Engineer" wrote in message news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... > Hi David > > I already found a similar set of instructions. But this is what I got > when I tried them: > > Microsoft Windows [Version 6.0.6002] > Copyright (c) 2006 Microsoft Corporation. All rights reserved. > C:\Windows\system32>sc config DCOMLaunch start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start DCOMLuanch > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config RpcSs start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start RpcSs > [SC] StartService FAILED 1056: > An instance of the service is already running. > > C:\Windows\system32>sc config BFE start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start BFE > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config mpsdrv start= auto > [SC] ChangeServiceConfig SUCCESS > C:\Windows\system32>sc start mpsdrv > SERVICE_NAME: mpsdrv > TYPE : 1 KERNEL_DRIVER > STATE : 4 RUNNING > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > WIN32_EXIT_CODE : 0 (0x0) > SERVICE_EXIT_CODE : 0 (0x0) > CHECKPOINT : 0x0 > WAIT_HINT : 0x0 > PID : 0 > FLAGS : > C:\Windows\system32>sc config mpssvc start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start MpsSvc > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>netsh firewall set opmode enable > The service has not been started. > > C:\Windows\system32> > > > > I found this article to reinstall the BFE service, but a good number of > the registry keys for the BFE service are missing. > > http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html > > I swear if I ever get my hands on a virus writer I'm going to.... > > I might have to tell my cousin his system is cooked and to reinstall. > I'll see if he remembers where he went to get this virus so I can pass it > on to the white hats. Looks like he had a fully patched system too. > My "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc" doesn't have any values set. I seem to have acquired my virus from Facebook via a game called Puzzled Hearts. After running sc config DCOMLaunch start= auto sc start DCOMLaunch sc config RpcSs start= auto sc start RpcSs sc config BFE start= auto sc start BFE sc config mpsdrv start= auto sc start mpsdrv sc config mpssvc start= auto sc start MpsSvc netsh firewall set opmode enable The results are: C:\Windows\system32>sc config DCOMLaunch start= auto [SC] OpenService FAILED 5: Access is denied. C:\Windows\system32>sc start DCOMLaunch [SC] StartService FAILED 1056: An instance of the service is already running. C:\Windows\system32>sc config RpcSs start= auto [SC] OpenService FAILED 5: Access is denied. C:\Windows\system32>sc start RpcSs [SC] StartService FAILED 1056: An instance of the service is already running. C:\Windows\system32>sc config BFE start= auto [SC] ChangeServiceConfig SUCCESS C:\Windows\system32>sc start BFE SERVICE_NAME: BFE TYPE : 20 WIN32_SHARE_PROCESS STATE : 2 START_PENDING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x7d0 PID : 440 FLAGS : C:\Windows\system32>sc config mpsdrv start= auto [SC] ChangeServiceConfig SUCCESS C:\Windows\system32>sc start mpsdrv [SC] StartService FAILED 1056: An instance of the service is already running. C:\Windows\system32>sc config mpssvc start= auto [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc start MpsSvc [SC] StartService: OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>netsh firewall set opmode enable The service has not been started. C:\Windows\system32> I'm also getting an error of "The Group Policy Service client failed the login. Access is denied." when trying to access a different account on this computer.

In Regedit right click the following keys and choose Permissions. What do they say. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc The other two services are working, though RpcSs shouldn't give a security warning. What does its security say. -- .. -- "Don Engineer" wrote in message news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... > Hi David > > I already found a similar set of instructions. But this is what I got > when I tried them: > > Microsoft Windows [Version 6.0.6002] > Copyright (c) 2006 Microsoft Corporation. All rights reserved. > C:\Windows\system32>sc config DCOMLaunch start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start DCOMLuanch > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config RpcSs start= auto > [SC] OpenService FAILED 5: > Access is denied. > > C:\Windows\system32>sc start RpcSs > [SC] StartService FAILED 1056: > An instance of the service is already running. > > C:\Windows\system32>sc config BFE start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start BFE > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc config mpsdrv start= auto > [SC] ChangeServiceConfig SUCCESS > C:\Windows\system32>sc start mpsdrv > SERVICE_NAME: mpsdrv > TYPE : 1 KERNEL_DRIVER > STATE : 4 RUNNING > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > WIN32_EXIT_CODE : 0 (0x0) > SERVICE_EXIT_CODE : 0 (0x0) > CHECKPOINT : 0x0 > WAIT_HINT : 0x0 > PID : 0 > FLAGS : > C:\Windows\system32>sc config mpssvc start= auto > [SC] OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start MpsSvc > [SC] StartService: OpenService FAILED 1060: > The specified service does not exist as an installed service. > > C:\Windows\system32>netsh firewall set opmode enable > The service has not been started. > > C:\Windows\system32> > > > > I found this article to reinstall the BFE service, but a good number of > the registry keys for the BFE service are missing. > > http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html > > I swear if I ever get my hands on a virus writer I'm going to.... > > I might have to tell my cousin his system is cooked and to reinstall. > I'll see if he remembers where he went to get this virus so I can pass it > on to the white hats. Looks like he had a fully patched system too. > My "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc" doesn't have any values set. I seem to have acquired my virus from Facebook via a game called Puzzled Hearts. After running sc config DCOMLaunch start= auto sc start DCOMLaunch sc config RpcSs start= auto sc start RpcSs sc config BFE start= auto sc start BFE sc config mpsdrv start= auto sc start mpsdrv sc config mpssvc start= auto sc start MpsSvc netsh firewall set opmode enable The results are: C:\Windows\system32>sc config DCOMLaunch start= auto [SC] OpenService FAILED 5: Access is denied. C:\Windows\system32>sc start DCOMLaunch [SC] StartService FAILED 1056: An instance of the service is already running. C:\Windows\system32>sc config RpcSs start= auto [SC] OpenService FAILED 5: Access is denied. C:\Windows\system32>sc start RpcSs [SC] StartService FAILED 1056: An instance of the service is already running. C:\Windows\system32>sc config BFE start= auto [SC] ChangeServiceConfig SUCCESS C:\Windows\system32>sc start BFE SERVICE_NAME: BFE TYPE : 20 WIN32_SHARE_PROCESS STATE : 2 START_PENDING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x7d0 PID : 440 FLAGS : C:\Windows\system32>sc config mpsdrv start= auto [SC] ChangeServiceConfig SUCCESS C:\Windows\system32>sc start mpsdrv [SC] StartService FAILED 1056: An instance of the service is already running. C:\Windows\system32>sc config mpssvc start= auto [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc start MpsSvc [SC] StartService: OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>netsh firewall set opmode enable The service has not been started. C:\Windows\system32> I'm also getting an error of "The Group Policy Service client failed the login. Access is denied." when trying to access a different account on this computer.

Copy below lines into a text document (ie Notepad) and save as "mpssvc.reg" (including the quotes). Then double click it. This is the settings for MpsSvc (Windows Firewall). Then rerun those commands again. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc] "DisplayName"="Windows Firewall" "Group"="NetworkProvider" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\ 00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00 "Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091" "ObjectName"="NT Authority\\LocalService" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\ 65,00,00,00,00,00 "ServiceSidType"=dword:00000003 "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\ 00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\ 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\ 00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\ 00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\ 53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\ 00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\ 65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\ 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\ 6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\ 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap] "Collection"=hex:87,00,01,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security] "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\ 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\ 00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\ 0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\ 00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Enum] "0"="Root\\LEGACY_MPSSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 -- . -- "SparkyAZ" wrote in message news:ee34eaef-db69-4f8d-ab7f-fa13cd7e32cd... > In Regedit right click the following keys and choose Permissions. What do > they say. > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc > > The other two services are working, though RpcSs shouldn't give a security > warning. What does its security say. > > -- > .. > -- > "Don Engineer" wrote in message news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... > > Hi David > > > > I already found a similar set of instructions. But this is what I got > > when I tried them: > > > > Microsoft Windows [Version 6.0.6002] > > Copyright (c) 2006 Microsoft Corporation. All rights reserved. > > C:\Windows\system32>sc config DCOMLaunch start= auto > > [SC] OpenService FAILED 5: > > Access is denied. > > > > C:\Windows\system32>sc start DCOMLuanch > > [SC] StartService: OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>sc config RpcSs start= auto > > [SC] OpenService FAILED 5: > > Access is denied. > > > > C:\Windows\system32>sc start RpcSs > > [SC] StartService FAILED 1056: > > An instance of the service is already running. > > > > C:\Windows\system32>sc config BFE start= auto > > [SC] OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>sc start BFE > > [SC] StartService: OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>sc config mpsdrv start= auto > > [SC] ChangeServiceConfig SUCCESS > > C:\Windows\system32>sc start mpsdrv > > SERVICE_NAME: mpsdrv > > TYPE : 1 KERNEL_DRIVER > > STATE : 4 RUNNING > > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > > WIN32_EXIT_CODE : 0 (0x0) > > SERVICE_EXIT_CODE : 0 (0x0) > > CHECKPOINT : 0x0 > > WAIT_HINT : 0x0 > > PID : 0 > > FLAGS : > > C:\Windows\system32>sc config mpssvc start= auto > > [SC] OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>sc start MpsSvc > > [SC] StartService: OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>netsh firewall set opmode enable > > The service has not been started. > > > > C:\Windows\system32> > > > > > > > > I found this article to reinstall the BFE service, but a good number of > > the registry keys for the BFE service are missing. > > > > http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html > > > > I swear if I ever get my hands on a virus writer I'm going to.... > > > > I might have to tell my cousin his system is cooked and to reinstall. > > I'll see if he remembers where he went to get this virus so I can pass it > > on to the white hats. Looks like he had a fully patched system too. > > > > My "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc" doesn't have any values set. > > I seem to have acquired my virus from Facebook via a game called Puzzled Hearts. > > After running > > sc config DCOMLaunch start= auto > sc start DCOMLaunch > sc config RpcSs start= auto > sc start RpcSs > sc config BFE start= auto > sc start BFE > sc config mpsdrv start= auto > sc start mpsdrv > sc config mpssvc start= auto > sc start MpsSvc > netsh firewall set opmode enable > > > > The results are: > > C:\Windows\system32>sc config DCOMLaunch start= auto > [SC] OpenService FAILED 5: > > Access is denied. > > C:\Windows\system32>sc start DCOMLaunch > [SC] StartService FAILED 1056: > > An instance of the service is already running. > > C:\Windows\system32>sc config RpcSs start= auto > [SC] OpenService FAILED 5: > > Access is denied. > > C:\Windows\system32>sc start RpcSs > [SC] StartService FAILED 1056: > > An instance of the service is already running. > > C:\Windows\system32>sc config BFE start= auto > [SC] ChangeServiceConfig SUCCESS > > C:\Windows\system32>sc start BFE > > SERVICE_NAME: BFE > TYPE : 20 WIN32_SHARE_PROCESS > STATE : 2 START_PENDING > (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > WIN32_EXIT_CODE : 0 (0x0) > SERVICE_EXIT_CODE : 0 (0x0) > CHECKPOINT : 0x0 > WAIT_HINT : 0x7d0 > PID : 440 > FLAGS : > > C:\Windows\system32>sc config mpsdrv start= auto > [SC] ChangeServiceConfig SUCCESS > > C:\Windows\system32>sc start mpsdrv > [SC] StartService FAILED 1056: > > An instance of the service is already running. > > C:\Windows\system32>sc config mpssvc start= auto > [SC] OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start MpsSvc > [SC] StartService: OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > C:\Windows\system32>netsh firewall set opmode enable > The service has not been started. > > C:\Windows\system32> > > > > I'm also getting an error of "The Group Policy Service client failed the login. Access is denied." when trying to access a different account on this computer. >

Copy below lines into a text document (ie Notepad) and save as "mpssvc.reg" (including the quotes). Then double click it. This is the settings for MpsSvc (Windows Firewall). Then rerun those commands again. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc] "DisplayName"="Windows Firewall" "Group"="NetworkProvider" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\ 00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00 "Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091" "ObjectName"="NT Authority\\LocalService" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\ 65,00,00,00,00,00 "ServiceSidType"=dword:00000003 "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\ 00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\ 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\ 00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\ 00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\ 53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\ 00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\ 65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\ 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\ 6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\ 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap] "Collection"=hex:87,00,01,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security] "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\ 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\ 00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\ 0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\ 00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Enum] "0"="Root\\LEGACY_MPSSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 -- . -- "SparkyAZ" wrote in message news:ee34eaef-db69-4f8d-ab7f-fa13cd7e32cd... > In Regedit right click the following keys and choose Permissions. What do > they say. > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc > > The other two services are working, though RpcSs shouldn't give a security > warning. What does its security say. > > -- > .. > -- > "Don Engineer" wrote in message news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... > > Hi David > > > > I already found a similar set of instructions. But this is what I got > > when I tried them: > > > > Microsoft Windows [Version 6.0.6002] > > Copyright (c) 2006 Microsoft Corporation. All rights reserved. > > C:\Windows\system32>sc config DCOMLaunch start= auto > > [SC] OpenService FAILED 5: > > Access is denied. > > > > C:\Windows\system32>sc start DCOMLuanch > > [SC] StartService: OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>sc config RpcSs start= auto > > [SC] OpenService FAILED 5: > > Access is denied. > > > > C:\Windows\system32>sc start RpcSs > > [SC] StartService FAILED 1056: > > An instance of the service is already running. > > > > C:\Windows\system32>sc config BFE start= auto > > [SC] OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>sc start BFE > > [SC] StartService: OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>sc config mpsdrv start= auto > > [SC] ChangeServiceConfig SUCCESS > > C:\Windows\system32>sc start mpsdrv > > SERVICE_NAME: mpsdrv > > TYPE : 1 KERNEL_DRIVER > > STATE : 4 RUNNING > > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > > WIN32_EXIT_CODE : 0 (0x0) > > SERVICE_EXIT_CODE : 0 (0x0) > > CHECKPOINT : 0x0 > > WAIT_HINT : 0x0 > > PID : 0 > > FLAGS : > > C:\Windows\system32>sc config mpssvc start= auto > > [SC] OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>sc start MpsSvc > > [SC] StartService: OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > > > C:\Windows\system32>netsh firewall set opmode enable > > The service has not been started. > > > > C:\Windows\system32> > > > > > > > > I found this article to reinstall the BFE service, but a good number of > > the registry keys for the BFE service are missing. > > > > http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html > > > > I swear if I ever get my hands on a virus writer I'm going to.... > > > > I might have to tell my cousin his system is cooked and to reinstall. > > I'll see if he remembers where he went to get this virus so I can pass it > > on to the white hats. Looks like he had a fully patched system too. > > > > My "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc" doesn't have any values set. > > I seem to have acquired my virus from Facebook via a game called Puzzled Hearts. > > After running > > sc config DCOMLaunch start= auto > sc start DCOMLaunch > sc config RpcSs start= auto > sc start RpcSs > sc config BFE start= auto > sc start BFE > sc config mpsdrv start= auto > sc start mpsdrv > sc config mpssvc start= auto > sc start MpsSvc > netsh firewall set opmode enable > > > > The results are: > > C:\Windows\system32>sc config DCOMLaunch start= auto > [SC] OpenService FAILED 5: > > Access is denied. > > C:\Windows\system32>sc start DCOMLaunch > [SC] StartService FAILED 1056: > > An instance of the service is already running. > > C:\Windows\system32>sc config RpcSs start= auto > [SC] OpenService FAILED 5: > > Access is denied. > > C:\Windows\system32>sc start RpcSs > [SC] StartService FAILED 1056: > > An instance of the service is already running. > > C:\Windows\system32>sc config BFE start= auto > [SC] ChangeServiceConfig SUCCESS > > C:\Windows\system32>sc start BFE > > SERVICE_NAME: BFE > TYPE : 20 WIN32_SHARE_PROCESS > STATE : 2 START_PENDING > (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) > WIN32_EXIT_CODE : 0 (0x0) > SERVICE_EXIT_CODE : 0 (0x0) > CHECKPOINT : 0x0 > WAIT_HINT : 0x7d0 > PID : 440 > FLAGS : > > C:\Windows\system32>sc config mpsdrv start= auto > [SC] ChangeServiceConfig SUCCESS > > C:\Windows\system32>sc start mpsdrv > [SC] StartService FAILED 1056: > > An instance of the service is already running. > > C:\Windows\system32>sc config mpssvc start= auto > [SC] OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > C:\Windows\system32>sc start MpsSvc > [SC] StartService: OpenService FAILED 1060: > > The specified service does not exist as an installed service. > > C:\Windows\system32>netsh firewall set opmode enable > The service has not been started. > > C:\Windows\system32> > > > > I'm also getting an error of "The Group Policy Service client failed the login. Access is denied." when trying to access a different account on this computer. >

If double clicking doesn't work, find Regedit in c:\windows, right click and choose Run As Administrator, then File menu, then Import, and import the mpssvc.reg. -- .. -- "DavidMCandy" wrote in message news:2106fae7-2d91-4e0e-9ac8-d8de1abf9f2a... > Copy below lines into a text document (ie Notepad) and save as > "mpssvc.reg" (including the quotes). Then double click it. > This is the settings for MpsSvc (Windows Firewall). > > Then rerun those commands again. > Windows Registry Editor Version 5.00 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc] > "DisplayName"="Windows Firewall" > "Group"="NetworkProvider" > "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ > > 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ > > 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ > > 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\ > 00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00 > "Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091" > "ObjectName"="NT Authority\\LocalService" > "ErrorControl"=dword:00000001 > "Start"=dword:00000002 > "Type"=dword:00000020 > "DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\ > 65,00,00,00,00,00 > "ServiceSidType"=dword:00000003 > "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\ > > 00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\ > > 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\ > > 00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ > > 00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\ > > 00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\ > > 53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\ > > 00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\ > > 65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\ > > 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\ > > 6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\ > 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 > "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ > > 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters] > "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ > > 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ > 6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 > "ServiceDllUnloadOnStop"=dword:00000001 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords] > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap] > "Collection"=hex:87,00,01,00 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo] > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security] > "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\ > > 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ > > 00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ > > 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ > > 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\ > > 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\ > > 00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\ > > 0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\ > 00,00,00,05,12,00,00,00 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Enum] > "0"="Root\\LEGACY_MPSSVC\\0000" > "Count"=dword:00000001 > "NextInstance"=dword:00000001 > > > > > -- > > -- > "SparkyAZ" wrote in message news:ee34eaef-db69-4f8d-ab7f-fa13cd7e32cd... >> In Regedit right click the following keys and choose Permissions. What >> do >> they say. >> >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc >> >> The other two services are working, though RpcSs shouldn't give a >> security >> warning. What does its security say. >> >> -- >> .. >> -- >> "Don Engineer" wrote in message >> news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... >> > Hi David >> > >> > I already found a similar set of instructions. But this is what I got >> > when I tried them: >> > >> > Microsoft Windows [Version 6.0.6002] >> > Copyright (c) 2006 Microsoft Corporation. All rights reserved. >> > C:\Windows\system32>sc config DCOMLaunch start= auto >> > [SC] OpenService FAILED 5: >> > Access is denied. >> > >> > C:\Windows\system32>sc start DCOMLuanch >> > [SC] StartService: OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>sc config RpcSs start= auto >> > [SC] OpenService FAILED 5: >> > Access is denied. >> > >> > C:\Windows\system32>sc start RpcSs >> > [SC] StartService FAILED 1056: >> > An instance of the service is already running. >> > >> > C:\Windows\system32>sc config BFE start= auto >> > [SC] OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>sc start BFE >> > [SC] StartService: OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>sc config mpsdrv start= auto >> > [SC] ChangeServiceConfig SUCCESS >> > C:\Windows\system32>sc start mpsdrv >> > SERVICE_NAME: mpsdrv >> > TYPE : 1 KERNEL_DRIVER >> > STATE : 4 RUNNING >> > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) >> > WIN32_EXIT_CODE : 0 (0x0) >> > SERVICE_EXIT_CODE : 0 (0x0) >> > CHECKPOINT : 0x0 >> > WAIT_HINT : 0x0 >> > PID : 0 >> > FLAGS : >> > C:\Windows\system32>sc config mpssvc start= auto >> > [SC] OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>sc start MpsSvc >> > [SC] StartService: OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>netsh firewall set opmode enable >> > The service has not been started. >> > >> > C:\Windows\system32> >> > >> > >> > >> > I found this article to reinstall the BFE service, but a good number >> of >> > the registry keys for the BFE service are missing. >> > >> > >> http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html >> > >> > I swear if I ever get my hands on a virus writer I'm going to.... >> > >> > I might have to tell my cousin his system is cooked and to reinstall. >> > I'll see if he remembers where he went to get this virus so I can pass >> it >> > on to the white hats. Looks like he had a fully patched system too. >> > >> >> My "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc" doesn't >> have any values set. >> >> I seem to have acquired my virus from Facebook via a game called Puzzled >> Hearts. >> >> After running >> >> sc config DCOMLaunch start= auto >> sc start DCOMLaunch >> sc config RpcSs start= auto >> sc start RpcSs >> sc config BFE start= auto >> sc start BFE >> sc config mpsdrv start= auto >> sc start mpsdrv >> sc config mpssvc start= auto >> sc start MpsSvc >> netsh firewall set opmode enable >> >> >> >> The results are: >> >> C:\Windows\system32>sc config DCOMLaunch start= auto >> [SC] OpenService FAILED 5: >> >> Access is denied. >> >> C:\Windows\system32>sc start DCOMLaunch >> [SC] StartService FAILED 1056: >> >> An instance of the service is already running. >> >> C:\Windows\system32>sc config RpcSs start= auto >> [SC] OpenService FAILED 5: >> >> Access is denied. >> >> C:\Windows\system32>sc start RpcSs >> [SC] StartService FAILED 1056: >> >> An instance of the service is already running. >> >> C:\Windows\system32>sc config BFE start= auto >> [SC] ChangeServiceConfig SUCCESS >> >> C:\Windows\system32>sc start BFE >> >> SERVICE_NAME: BFE >> TYPE : 20 WIN32_SHARE_PROCESS >> STATE : 2 START_PENDING >> (NOT_STOPPABLE, NOT_PAUSABLE, >> IGNORES_SHUTDOWN) >> WIN32_EXIT_CODE : 0 (0x0) >> SERVICE_EXIT_CODE : 0 (0x0) >> CHECKPOINT : 0x0 >> WAIT_HINT : 0x7d0 >> PID : 440 >> FLAGS : >> >> C:\Windows\system32>sc config mpsdrv start= auto >> [SC] ChangeServiceConfig SUCCESS >> >> C:\Windows\system32>sc start mpsdrv >> [SC] StartService FAILED 1056: >> >> An instance of the service is already running. >> >> C:\Windows\system32>sc config mpssvc start= auto >> [SC] OpenService FAILED 1060: >> >> The specified service does not exist as an installed service. >> >> C:\Windows\system32>sc start MpsSvc >> [SC] StartService: OpenService FAILED 1060: >> >> The specified service does not exist as an installed service. >> >> C:\Windows\system32>netsh firewall set opmode enable >> The service has not been started. >> >> C:\Windows\system32> >> >> >> >> I'm also getting an error of "The Group Policy Service client failed the >> login. Access is denied." when trying to access a different account on >> this computer. >>

If double clicking doesn't work, find Regedit in c:\windows, right click and choose Run As Administrator, then File menu, then Import, and import the mpssvc.reg. -- .. -- "DavidMCandy" wrote in message news:2106fae7-2d91-4e0e-9ac8-d8de1abf9f2a... > Copy below lines into a text document (ie Notepad) and save as > "mpssvc.reg" (including the quotes). Then double click it. > This is the settings for MpsSvc (Windows Firewall). > > Then rerun those commands again. > Windows Registry Editor Version 5.00 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc] > "DisplayName"="Windows Firewall" > "Group"="NetworkProvider" > "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ > > 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ > > 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ > > 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\ > 00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00 > "Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091" > "ObjectName"="NT Authority\\LocalService" > "ErrorControl"=dword:00000001 > "Start"=dword:00000002 > "Type"=dword:00000020 > "DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\ > 65,00,00,00,00,00 > "ServiceSidType"=dword:00000003 > "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\ > > 00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\ > > 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\ > > 00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ > > 00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\ > > 00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\ > > 53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\ > > 00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\ > > 65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\ > > 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\ > > 6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\ > 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 > "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ > > 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters] > "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ > > 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ > 6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 > "ServiceDllUnloadOnStop"=dword:00000001 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords] > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap] > "Collection"=hex:87,00,01,00 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo] > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security] > "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\ > > 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ > > 00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ > > 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ > > 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\ > > 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\ > > 00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\ > > 0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\ > 00,00,00,05,12,00,00,00 > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Enum] > "0"="Root\\LEGACY_MPSSVC\\0000" > "Count"=dword:00000001 > "NextInstance"=dword:00000001 > > > > > -- > > -- > "SparkyAZ" wrote in message news:ee34eaef-db69-4f8d-ab7f-fa13cd7e32cd... >> In Regedit right click the following keys and choose Permissions. What >> do >> they say. >> >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch >> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc >> >> The other two services are working, though RpcSs shouldn't give a >> security >> warning. What does its security say. >> >> -- >> .. >> -- >> "Don Engineer" wrote in message >> news:a10f789e-2f4d-46dc-b3e0-9c06f1a30a51... >> > Hi David >> > >> > I already found a similar set of instructions. But this is what I got >> > when I tried them: >> > >> > Microsoft Windows [Version 6.0.6002] >> > Copyright (c) 2006 Microsoft Corporation. All rights reserved. >> > C:\Windows\system32>sc config DCOMLaunch start= auto >> > [SC] OpenService FAILED 5: >> > Access is denied. >> > >> > C:\Windows\system32>sc start DCOMLuanch >> > [SC] StartService: OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>sc config RpcSs start= auto >> > [SC] OpenService FAILED 5: >> > Access is denied. >> > >> > C:\Windows\system32>sc start RpcSs >> > [SC] StartService FAILED 1056: >> > An instance of the service is already running. >> > >> > C:\Windows\system32>sc config BFE start= auto >> > [SC] OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>sc start BFE >> > [SC] StartService: OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>sc config mpsdrv start= auto >> > [SC] ChangeServiceConfig SUCCESS >> > C:\Windows\system32>sc start mpsdrv >> > SERVICE_NAME: mpsdrv >> > TYPE : 1 KERNEL_DRIVER >> > STATE : 4 RUNNING >> > (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) >> > WIN32_EXIT_CODE : 0 (0x0) >> > SERVICE_EXIT_CODE : 0 (0x0) >> > CHECKPOINT : 0x0 >> > WAIT_HINT : 0x0 >> > PID : 0 >> > FLAGS : >> > C:\Windows\system32>sc config mpssvc start= auto >> > [SC] OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>sc start MpsSvc >> > [SC] StartService: OpenService FAILED 1060: >> > The specified service does not exist as an installed service. >> > >> > C:\Windows\system32>netsh firewall set opmode enable >> > The service has not been started. >> > >> > C:\Windows\system32> >> > >> > >> > >> > I found this article to reinstall the BFE service, but a good number >> of >> > the registry keys for the BFE service are missing. >> > >> > >> http://windows7forums.com/windows-7-networking/75110-base-filtering-engine-bfe-deleted.html >> > >> > I swear if I ever get my hands on a virus writer I'm going to.... >> > >> > I might have to tell my cousin his system is cooked and to reinstall. >> > I'll see if he remembers where he went to get this virus so I can pass >> it >> > on to the white hats. Looks like he had a fully patched system too. >> > >> >> My "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc" doesn't >> have any values set. >> >> I seem to have acquired my virus from Facebook via a game called Puzzled >> Hearts. >> >> After running >> >> sc config DCOMLaunch start= auto >> sc start DCOMLaunch >> sc config RpcSs start= auto >> sc start RpcSs >> sc config BFE start= auto >> sc start BFE >> sc config mpsdrv start= auto >> sc start mpsdrv >> sc config mpssvc start= auto >> sc start MpsSvc >> netsh firewall set opmode enable >> >> >> >> The results are: >> >> C:\Windows\system32>sc config DCOMLaunch start= auto >> [SC] OpenService FAILED 5: >> >> Access is denied. >> >> C:\Windows\system32>sc start DCOMLaunch >> [SC] StartService FAILED 1056: >> >> An instance of the service is already running. >> >> C:\Windows\system32>sc config RpcSs start= auto >> [SC] OpenService FAILED 5: >> >> Access is denied. >> >> C:\Windows\system32>sc start RpcSs >> [SC] StartService FAILED 1056: >> >> An instance of the service is already running. >> >> C:\Windows\system32>sc config BFE start= auto >> [SC] ChangeServiceConfig SUCCESS >> >> C:\Windows\system32>sc start BFE >> >> SERVICE_NAME: BFE >> TYPE : 20 WIN32_SHARE_PROCESS >> STATE : 2 START_PENDING >> (NOT_STOPPABLE, NOT_PAUSABLE, >> IGNORES_SHUTDOWN) >> WIN32_EXIT_CODE : 0 (0x0) >> SERVICE_EXIT_CODE : 0 (0x0) >> CHECKPOINT : 0x0 >> WAIT_HINT : 0x7d0 >> PID : 440 >> FLAGS : >> >> C:\Windows\system32>sc config mpsdrv start= auto >> [SC] ChangeServiceConfig SUCCESS >> >> C:\Windows\system32>sc start mpsdrv >> [SC] StartService FAILED 1056: >> >> An instance of the service is already running. >> >> C:\Windows\system32>sc config mpssvc start= auto >> [SC] OpenService FAILED 1060: >> >> The specified service does not exist as an installed service. >> >> C:\Windows\system32>sc start MpsSvc >> [SC] StartService: OpenService FAILED 1060: >> >> The specified service does not exist as an installed service. >> >> C:\Windows\system32>netsh firewall set opmode enable >> The service has not been started. >> >> C:\Windows\system32> >> >> >> >> I'm also getting an error of "The Group Policy Service client failed the >> login. Access is denied." when trying to access a different account on >> this computer. >>