Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win7 Antivirus 2012-- I suspect remnants

Started by JeremyK , Dec 18 2011 12:32 PM

  • Please log in to reply

#16
RKinner
Posted 22 December 2011 - 07:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Can't see how you could get the no service prompt when your registry now has the service. Perhaps we need to reboot first.

Then Copy the next line:

net start bfe > %userprofile%\Desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

This should create a file junk.txt on your desktop. Copy and paste it into a reply
  • 0

Advertisements

#17
JeremyK
Posted 22 December 2011 - 08:04 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The cmd prompt created a blank text document. I got an error. See attached picture.

Attached Thumbnails

  • Junktxt error.JPG

  • 0

#18
RKinner
Posted 22 December 2011 - 11:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Did you remember to Right click and Run As Admin?


Right click on (My) Computer and select Manage then Services and Applications then Services. Do you see Base Filtering Engine in the right pane? If so Right click on it and make sure the Startup Type is set to Automatic then Apply and then Start. Do you get an error.

If you don't see it then:

Start, Run, regedit, OK.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on BFE and select Permissions.

Click on Creator Owner. Look in the bottom pane. Special Permissions should be checked.
Click on System. Look in the bottom pane. Full Control and Read should both be checked.
Click on Administrators... Full Control and Read should both be checked.
Click on Users Read should be checked.

IF one is not right, click on Full Control and Apply.

If it won't let you change it then click on Advanced then on Owner. Administrators should be the owner if not, Change Owner to Administrators and Apply.

OK

Now see if you can start Base Filter Engine in the Services window.
  • 0

#19
JeremyK
Posted 23 December 2011 - 07:01 AM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Went back and repeated the last step and made sure I ran as admin. Same error as before. When I carried out your most recent steps here is the error I received... essentially the same one it would appear (attached).

I should add that your first step led to no error. BFE was present and set to automatic with no trouble. Further, I did not follow the steps for if I do not see BFE as it was present. Should I?

Attached Thumbnails

  • BFE Error.JPG

Edited by JeremyK, 23 December 2011 - 07:04 AM.

  • 0

#20
RKinner
Posted 23 December 2011 - 10:56 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Yes. We have some sort of permissions problem. If not with the registry then with the file.

Start, Run, regedit, OK.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on BFE and select Permissions.

Click on Creator Owner. Look in the bottom pane. Special Permissions should be checked.
Click on System. Look in the bottom pane. Full Control and Read should both be checked.
Click on Administrators... Full Control and Read should both be checked.
Click on Users Read should be checked.

IF one is not right, click on Full Control and Apply.

If it won't let you change it then click on Advanced then on Owner. Administrators should be the owner if not, Change Owner to Administrators and Apply.

OK

Now see if you can start Base Filter Engine in the Services window. If you still get the same error then

Find C:\windows\system32\bfe.dll right click on it and select Properties.
Then Security. Click on each entry in the Group or Users name box and verify that each has a minimum of Read and Execute checked. Trusted Installer will have all options checked. There should be System, Administrators, Users and TrustedInstaller in the list. Do they?

If all seem correct then:


Copy the text in the code box:
@ECHO OFF

SETLOCAL ENABLEDELAYEDEXPANSION

SET UD=%USERPROFILE%\DESKTOP

ECHO. GETTING SERVICE NAMES

SC QUERY > %UD%\SERVICENAMES.TXT

FIND "SERVICE_NAME:" %UD%\SERVICENAMES.TXT > %UD%\SERVICENAMES1.TXT

FOR /F "TOKENS=2 DELIMS=:" %%a IN (%UD%\SERVICENAMES1.TXT) DO @echo %%a %%b >> %ud%\SERVICENAMES2.txt

FOR /F "TOKENS=1" %%A IN (%UD%\SERVICENAMES2.TXT) DO @echo %%A >> %UD%\SERVICENAMES3.TXT

TYPE %UD%\SERVICENAMES3.TXT | FINDSTR /V \USERS > %UD%\SCNAME.TXT

DEL /Q %UD%\SERVICENAMES.TXT

DEL /Q %UD%\SERVICENAMES1.TXT

DEL /Q %UD%\SERVICENAMES2.TXT

DEL /Q %UD%\SERVICENAMES3.TXT

ECHO. SERVICE NAMES FOUND, CHECKING FOR SDDLS

:SCLOOP

FOR /F %%G IN (%UD%\SCNAME.TXT) DO (

SET CHECKSERV=%%G

ECHO !CHECKSERV! >> %UD%\SERVICEINFO.TXT

SC SDSHOW !CHECKSERV! >> %UD%\SERVICEINFO.TXT

)

GOTO :EXIT

:SNF

ECHO. LOCAL SYSTEM SDDL STRING FOR !CHECKSERV! SERVICE NOT FOUND, CORRECTING:

ECHO !CHECKSERV! >> %UD%\STRINGNOTFOUND.TXT

ECHO.

GOTO :EOF

:SF

ECHO. LOCAL SYSTEM SDDL STRING FOR !CHECKSERV! SERVICE FOUND, NO ACTION REQUIRED

ECHO !CHECKSERV! >> %UD%\STRINGFOUND.TXT

GOTO :EOF

:EXIT

CLS

ECHO.

ECHO.

ECHO. COMPLETED SEARCHING.   PLEASE REVIEW THE STRINGFOUND

ECHO. AND STRINGNOTFOUND DOCUMENTS FOR WHICH

ECHO. THE SECURITY DESCRIPTOR (SDDL) PRESENT.

ECHO.

ECHO.

PAUSE

DEL /Q %UD%\SCNAME.TXT

Start, Run, notepad, OK

Edit, Paste and the text should appear.

File, Save As, to your desktop. "fix.bat" OK (Make sure you include the quotes around the file name or it won't work.)

Close notepad. Right click on fix.bat and Run As Administrator. Hit Enter when done.

This will create a file on your desktop called SERVICEINFO.txt. Please Attach the file.
  • 0

#21
JeremyK
Posted 23 December 2011 - 01:31 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Followed your instructions. Everything was in order in registry and in the .dll. However, I still got the error when attempting to run BFE. Here is the outpurt from the .bat file:

AeLookupSvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
AMD
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

AMD
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

Appinfo

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
AudioEndpointBuilder

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Audiosrv

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
CryptSvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
CscService

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
CTAudSvcService

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
DcomLaunch

D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPWPDTLORCWDWO;;;SY)(A;;CCLCSWRPWPDTLORCWDWO;;;BA)(A;;CCLCLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
Dhcp

D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;S-1-2-1)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Dnscache

D:(A;CI;CCLCSWRPLOCRRC;;;BU)(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;CI;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWLOCRRC;;;IU)(A;CI;CCLCSWLORC;;;NS)(A;CI;CCLCSWLORC;;;LS)(A;CI;CCLCSWDTLORC;;;NO)(A;CI;CCLCSWDTLOCRRC;;;S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
DPS

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRRC;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
EFS

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPLOCRRC;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LCRP;;;AU)S:(AU;SAFA;DCSDWDWO;;;WD)
ES
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

eventlog

D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;SA;DCRPWPDTCRSDWDWO;;;WD)(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
EventSystem

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
FontCache

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;IU)(A;;RP;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
FontCache3.0.0.0

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
gpsvc

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;SAFA;DCSDWDWO;;;WD)
hidserv

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
LanmanServer

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
LanmanWorkstation

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Lavasoft
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

lmhosts

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
MMCSS

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
MsMpSvc

D:(A;;CCLCSWRPLOCRRC;;;BU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Netman

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
netprofm

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
NisSrv

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
NlaSvc

D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWRPLORC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPRC;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)
nsi

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
osppsvc

D:(A;;CCLCSWRPLO;;;NS)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
PcaSvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
PlugPlay

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
PnkBstrA

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
PnkBstrB

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Power

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
ProfSvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
RasMan

D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
RpcEptMapper

D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPWPDTLORCWDWO;;;SY)(A;;CCLCSWRPWPDTLORCWDWO;;;BA)(A;;CCLCRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
RpcSs

D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPWPDTLORCWDWO;;;SY)(A;;CCLCSWRPWPDTLORCWDWO;;;BA)(A;;CCLCLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
SamSs

D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLO;;;IU)(A;;CCLCSWLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Schedule

D:(A;;CCLCSWLORC;;;AU)(A;;CCLCSWRPDTLOCRRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLORC;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
seclogon

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPDTLOCRRC;;;IU)(A;;CCLCSWDTLOCRRC;;;SU)(A;;CCLCSWRPDTLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
SENS

D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
ShellHWDetection

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Spooler

D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
SSDPSRV

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPLORC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;LS)(A;;CCLCSWRPWPDTLOCRRC;;;NS)
SstpSvc

D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
StiSvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
SysMain

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
TabletInputService

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;WD)
TapiSrv

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Themes

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
TrkWks

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
upnphost

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPLORC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;LS)(A;;CCLCSWRPWPDTLOCRRC;;;NS)
UxSms

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
vpnagent

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
WDDMService

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
WDFME

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
WdiServiceHost

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWWPDTLOCRRC;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPWPDTLOCRRC;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
WDSC

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
WinHttpAutoProxySvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;LCRP;;;IU)(A;;LCRP;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Winmgmt

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
wlidsvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
WMPNetworkSvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
wscsvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
WSearch

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
wuauserv

D:(A;;CCLCSWRPLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
wudfsvc

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;IU)(A;;CCLCSWLORC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
  • 0

#22
RKinner
Posted 23 December 2011 - 02:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download SubInACL from here: http://www.microsoft...ang=en&id=23510

Please allow it to install in its default location.

Download the attached reset2.zip file and save it to your desktop:

Right click on it and Extract all.
Right click on reset2.cmd and Run As Administrator

This should take about an hour to finish.

When it finishes, reboot and then try

sc query bfe
  • 0

#23
JeremyK
Posted 23 December 2011 - 03:13 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I think we fixed something. During all these fixes my printer stopped working. After running the last set of fixes and rebooting the printer kicked on again. Perhaps it was just a coincidence though. Either way, here is a screen shot from the last string put into the cmd prompt.

Attached Thumbnails

  • BFE query.JPG

  • 0

#24
RKinner
Posted 23 December 2011 - 03:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Glad to hear it.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

Let's see if everything is happy now:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#25
JeremyK
Posted 23 December 2011 - 03:28 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Application log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/12/2011 3:27:38 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



System Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/12/2011 3:26:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/12/2011 9:21:40 PM
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 23/12/2011 9:21:29 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Base Filtering Engine service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 23/12/2011 9:21:29 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 23/12/2011 9:21:26 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

Log: 'System' Date/Time: 23/12/2011 9:21:26 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

Log: 'System' Date/Time: 23/12/2011 9:21:26 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

Log: 'System' Date/Time: 23/12/2011 9:21:26 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Base Filtering Engine service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 23/12/2011 9:20:25 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1554.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Log: 'System' Date/Time: 23/12/2011 9:20:25 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1554.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Log: 'System' Date/Time: 23/12/2011 9:20:23 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/12/2011 9:20:30 PM
Type: Warning Category: 0
Event: 16393 Source: Microsoft-Windows-Bits-Client
BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x800706D9.
  • 0

Advertisements

#26
RKinner
Posted 23 December 2011 - 03:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Still not there.

What does

net  start  bfe

say? Still Access Denied?
  • 0

#27
JeremyK
Posted 23 December 2011 - 03:57 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Alas-- yes. Same error message.
  • 0

#28
RKinner
Posted 23 December 2011 - 04:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


net  localgroup  administrators  localservice  /add
net  localgroup  administrators  networkservice  /add

net  start  bfe

Still the same?
  • 0

#29
JeremyK
Posted 23 December 2011 - 04:12 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Yep-- same error...
  • 0

#30
JeremyK
Posted 23 December 2011 - 07:51 PM

JeremyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hey Ron,

Just a heads up. I'm heading to Texas tomorrow morning for the holidays. I'll be there until Thursday. I'll check this post immediately before heading to the airport, though.

Please don't close this thread as I am very interested in seeing it through to the end-- I just will be out of town for a bit.

Thanks for all your help so far.

J
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP