Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BFE virtual account missing


  • Please log in to reply
23 replies to this topic

#1 tammy123

tammy123

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 07 June 2014 - 10:31 PM

Hi,

I've been working on this problem for ages and hate to say it's beaten me!

I'm running Windows 7 professional and my firewall and BFE services stopped working.  I researched this and ran malware, services fixes and everything else recommended.  On the upside my computer is running a lot faster and my Windows Updates now work but the BFE service is still not working.

I've merged a new BFE registry key, added "everyone" to the BFE key permissions and now I'm trying to add the NT Services\BFE account to the HKLM\System\CurrentControlSet\services\BFE\Parameters\Policy\Persistent key but I'm having no luck.  

When I try to add it I get the "Name not found" box - "The following object is not from a domain listed in the Select Location dialog box and is therefore not valid:  NT Services\BFE."

I'm wondering now if this account is missing but I can't find out how to determine if this is the case and if so how to recreate it.

If anyone is able to point me in the right direction I'll be immensely grateful!!

Cheers,

 

 

  



BC AdBot (Login to Remove)

 


m

#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 07 June 2014 - 11:12 PM

G'day Tammy , and :welcome: to BC.

 

You appear to have already dabbled in the registry.

 

I would counsel you to have a system BACKUP before you proceed any further.

 

 

Also    Please backup your registry using ERUNT

 

Go HERE , follow the instructions to run the tool.....leave the check marks 'as is' in Start Repairs tab....

 

Let us know how it goes.

 

 

 


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#3 tammy123

tammy123
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 June 2014 - 04:43 AM

Thanks for your help - I really appreciate it!
 

No success unfortunately.  I've run the repair all in one, tried to start the BFE service and got the 1083 error.  I've run Farbar Service Scan and this is the log

 

Farbar Service Scanner Version: 21-05-2014
Ran by Tammy (administrator) on 08-06-2014 at 18:55:18
Running from "E:\Userdata\Software\Troubleshooting"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
I originally started off trying to download Visual Studio 2010 runtime so I could build a Word 2007 addin I've created. When I try to build it a get an error saying that the "VerifyClickOnceSigningSettings" task failed.  I researched this and found that I needed to have Visual Studio 2010 runtime loaded.  I wasn't able to download it and have found myself here.


#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 08 June 2014 - 05:15 AM

ok....so if you click on start......type into the search programs and files box.......Services.msc....press enter...........look down the list and find base filtering engine.....right click on it and choose Properties....set Startup type as Automatic........apply, ok...

What happens  ?

 

 

Info here.

http://www.sevenforums.com/tutorials/2495-services-start-disable.html

 

 


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#5 tammy123

tammy123
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 June 2014 - 05:55 AM

The startup type is already automatic.  For the purpose of the exercise I change it to manual and then back to automatic and tried starting it but still get the 1083 error ...



#6 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 08 June 2014 - 06:07 AM

ok....Please.... be sure to make a Erunt backup of your registry BEFORE attempting this.

Also set a restore point.

 

http://www.bleepingcomputer.com/download/erunt/

 

To create a restore point
  1. Open System by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818, right-clicking Computer, and then clicking Properties.

  2. In the left pane, click System protection. 18abb370-ac1e-4b6b-b663-e028a75bf05b_48. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  3. Click the System Protection tab, and then click Create.

  4. In the System Protection dialog box, type a description, and then click Create

 

 

1. Open Services.msc
2. Open the properties of the service that wont start
3. Make a note of the last entry at the end of 'Path to executable' i.e. C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
4. In the registry navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
5. In the right pane open the string that matches the Path to executable entry, then add the exact service name
6. Close regedit and reboot. Now check if the service has started.
7. Repeat for all services with this issue.


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#7 tammy123

tammy123
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 June 2014 - 06:58 AM

Ok - the entry at the end of the path was -K LocalServiceNoNetwork.  I navigated to  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost and right clicked on the LocalServiceNoNetwork string and BFE was already there.  The entries listed were:

DPS

PLA
BFE
mpssvc
WwanSvc


#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,588 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 08 June 2014 - 07:04 AM

ok...I tried.

 

This is getting way beyond my pay grade.....in other words I am out of my depth.

 

Hopefully a better qualified person will chime in.

 

Just a last thought....did you try a system restore..?


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#9 tammy123

tammy123
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 June 2014 - 07:23 AM

No problem - thanks heaps for trying :)

 

I've done a few system restores as I've completely stuffed my laptop a couple of times trying to fix it!   I've had the problem for quite a while without realising it so it was still in the earlier system restores ....



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,618 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:54 AM

Posted 08 June 2014 - 07:48 AM

Hi, please try the following tool, this should restore BFE.

 

Please download http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe 
Double click on the downloaded file. It should only take a few seconds to run. 
When complete, it will say .. "Done! Please check if BFE service is running now"

 

Restart the computer and let me know if the BFE service is running now.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 tammy123

tammy123
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 June 2014 - 08:37 AM

Hi Elise,  

 

I ran the restorebfe.exe and rebooted and it had deleted the service.  I ran it without rebooting and it had created a new service named BFE rather than Base Filtering Engine.  If I tried to start it it showed an error 2 message - couldn't find file.  



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,618 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:54 AM

Posted 08 June 2014 - 08:54 AM

Can you please restart once more and then rerun FSS and post the new log?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 tammy123

tammy123
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 June 2014 - 07:42 PM

Hi Elise,

 

Here's the new log ...

 

Farbar Service Scanner Version: 21-05-2014
Ran by Tammy (administrator) on 09-06-2014 at 10:37:27
Running from "E:\Userdata\Software\Troubleshooting"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,618 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:54 AM

Posted 09 June 2014 - 01:21 AM

Please run also the following, this will show us a bit more internet related settings as well as event viewer errors which might prove helpful.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Willy22

Willy22

  • Members
  • 942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:07:54 AM

Posted 09 June 2014 - 02:20 AM

BFE in Win 7 depends on 3 other Services.

- RPC End Point Mapper (svchost.exe -k rpcss)

- Remote Procedure Call (svchost.exe -k rpcss)

- DCOM Server Process Launcher (svchost.exe -k Dcomlaunch)

Source: A program called "Turbo Service Manager 1.5".

 

Run Farbar Service Scanner again with these Service names

 

You can check out if the appropriate "Svchost.exe" programs are running with Tweaking's "Svchost Look up" tool.

 

You said you ran "Windows Repair All In one". But did you run it with all boxes ticked, including "Reset File Permissions" ?


Edited by Willy22, 09 June 2014 - 10:32 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users