New
#91
Please also run the following command and post the results.
NET START BFE
DIR C:\Windows\System32 /AH /S
resulted in 349 files and 387 Dir (so the file number is a bit different)
net start bfe
C:\>net start bfe
The Base Filtering Engine service is starting.
The Base Filtering Engine service could not be started.
A system error has occurred.
System error 5 has occurred.
Access is denied.
And i am definitely in an Administrator Command Prompt.
Noel, I am attaching the DIRH.log even tho the file number was different from before, just in case I crash and you still want to see it. Thank you for your help. This started only when i stopped programs and services from starting in the startup menu.
I believe I have had an AV on this system, McAfee. I deleted it recently and I should have MSE on here, but I notice when it tries to update it gets errors. I also had malwarebytes but the trial ended and i dont know where to get the free one.
If MSE was installed on top of McAfee, then it won't have installed properly.
Have you managed to run the MCPR tool to get rid of the dregs of McAfee?
If so, then uninstall and reinstall MSE - after running the scanners that Archie recommended.
I'm still looking through the log file, but there's a few things that stand out already - more later.
Please run teh following commands in an Elevated Command prompt, and post the results.
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
SC QC BFE
SC QUERYEX BFE
SC SDSHOW BFE
SC QPRIVS BFE
SC QSIDTYPE BFE
Last edited by NoelDP; 19 Dec 2012 at 13:21. Reason: ADD QUTOES!
Continue following other member's advice, don't let my post distract you from your present course of action.
Here's some information on Malwarebytes for you: If the previous Malwarebytes is still installed - go to Control Panel -> Programs & Features and remove that version from your system first
Malwarebytes free - answer NO to trial offer, install free version
Bill
.
Last edited by Slartybart; 20 Dec 2012 at 12:14.
i have had 3 more crashes, one i believe is when i was in safe mode. I am currently in safe mode with networking. took three boots to get here.
the dump i believe that was from when in safe mode has 33977-01 in its name.
re: MSE yes, installed when i thought mcafee was gone, but mcafee was not. i will try the reinstall of MSE.
re: MCPR i was able to run from online and it cleaned all mcaffe stuff out, i believe. (i could not run from my harddrive as there was a problem with unzipping to temp file)
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\lynn>cd\
C:\>reg query "hklm\software\microsoft\windows NT\CurrentVersion\ProfileList"
HKEY_LOCAL_MACHINE\software\microsoft\windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData
HKEY_LOCAL_MACHINE\software\microsoft\windows NT\CurrentVersion\ProfileList\S-1-
5-18
HKEY_LOCAL_MACHINE\software\microsoft\windows NT\CurrentVersion\ProfileList\S-1-
5-19
HKEY_LOCAL_MACHINE\software\microsoft\windows NT\CurrentVersion\ProfileList\S-1-
5-20
HKEY_LOCAL_MACHINE\software\microsoft\windows NT\CurrentVersion\ProfileList\S-1-
5-21-3593623888-3634906746-1474146685-1000
C:\>sc qc bfe
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: bfe
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNoNe
twork
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Base Filtering Engine
DEPENDENCIES : RpcSs
SERVICE_START_NAME : NT AUTHORITY\LocalService
C:\>sc queryex bfe
SERVICE_NAME: bfe
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 5 (0x5)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\>sc sdshow bfe
DA;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)SAU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\>sc qprivs bfe
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: bfe
PRIVILEGES : SeAuditPrivilege
C:\>sc qsidtype bfe
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: bfe
SERVICE_SID_TYPE: RESTRICTED
C:\>
Code:WHEA_UNCORRECTABLE_ERROR (124) A fatal hardware error has occurred. Parameter 1 identifies the type of error source that reported the error. Parameter 2 holds the address of the WHEA_ERROR_RECORD structure that describes the error conditon. Arguments: Arg1: 0000000000000004, PCI Express Error Arg2: fffffa8007aa78d8, Address of the WHEA_ERROR_RECORD structure. Arg3: 0000000000000000 Arg4: 0000000000000000
It's the same consistent crash, and keep following Noel's advice.Code:=============================================================================== Section 0 : PCI Express ------------------------------------------------------------------------------- Descriptor @ fffffa8007aa7958 Section @ fffffa8007aa79e8 Offset : 272 Length : 208 Flags : 0x00000001 Primary Severity : Recoverable Port Type : Root Port Version : 1.1 Command/Status: 0x4010/0x0504 Device Id : VenId:DevId : 8086:340c Class code : 030400 Function No : 0x00 Device No : 0x05 Segment : 0x0000 Primary Bus : 0x00 Second. Bus : 0x00 Slot : 0x0000 Dev. Serial # : 0000000000000000 Express Capability Information @ fffffa8007aa7a1c Device Caps : 00008021 Role-Based Error Reporting: 1 Device Ctl : 0107 ur FE NF CE Dev Status : 0003 ur fe NF CE Root Ctl : 0008 fs nfs cs AER Information @ fffffa8007aa7a58 Uncorrectable Error Status : 00000020 ur ecrc mtlp rof uc ca cto fcp ptlp SD dlp und Uncorrectable Error Mask : 00000000 ur ecrc mtlp rof uc ca cto fcp ptlp sd dlp und Uncorrectable Error Severity : 00062010 ur ecrc MTLP ROF uc ca cto FCP ptlp sd DLP und Correctable Error Status : 00000000 adv rtto rnro dllp tlp re Correctable Error Mask : 00000000 adv rtto rnro dllp tlp re Caps & Control : 00000005 ecrcchken ecrcchkcap ecrcgenen ecrcgencap FEP Header Log : 00000000 00000000 00000000 00000000 Root Error Command : 00000000 fen nfen cen Root Error Status : 00000000 MSG# 00 fer nfer fuf mur ur mcr cer Correctable Error Source ID : 00,00,00 Correctable Error Source ID : 00,00,00