Solved Base Filtering Engine could not be started. Error 5: Acess is denied

[rusl07cl08]

Every time I start the service from Services, I always get this error:

Windows could not start the Base Filtering Engine service on Local computer.
Error 5: Access is denied.

I tried this code: Reg Query "HKLM\SYSTEM\CurrentControlSet\Services\BFE"> 0 & notepad 0
and this is the outcome:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
    DisplayName    REG_SZ    Base Filtering Engine
    Group    REG_SZ    NetworkProvider
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Description    REG_SZ    @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    RpcSs
    ServiceSidType    REG_DWORD    0x3
    RequiredPrivileges    REG_MULTI_SZ    SeAuditPrivilege
    FailureActions    REG_BINARY    805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters

I already uninstalled McAfee before and used McAfee removal tool (MCPR.exe). By the way, my anvtivirus is ESET Smart Security 5.
What can I do? Thanks for any advice.

 

[Kaktussoft]

How to restore Base Filtering Engine manually?

 

[Mayank Parmar]

Run Trojan Remover (http://www.simplysup.co.uk/download/dl/trjsetup691.exe), it will check for infections and also it will replace any missing or corrupt service. for every detection it will give you a pop-up with the details of detected object and will ask you to select an action for the detected object (action selected by default is recommended).

 

[rusl07cl08]

How to restore Base Filtering Engine manually?

SOLVED! Thank you so much for the help. Also to @Mayank Parmar

 

[Kaktussoft]

You simply recreated HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters ?
Any idea why it was missing???? Can be due to virus or virus removal.

 

[rusl07cl08]

You simply recreated HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters ?
Any idea why it was missing???? Can be due to virus or virus removal.

Yeah I did it manually. I think its because of rootkit, as I have run rkill. What do you advice?

 

[Kaktussoft]

You simply recreated HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters ?
Any idea why it was missing???? Can be due to virus or virus removal.

Yeah I did it manually. I think its because of rootkit, as I have run rkill. What do you advice?

Why didn't you tell that in previous posts!?
I didn't make rkill and don't know what it did fix. http://www.sevenforums.com/tutorials/783-elevated-command-prompt.html

sfc/scannow

To test the integrity of exe and dll files. Post results.
Eventlog is also a good starting point to detect problems.

 

[rusl07cl08]

You simply recreated HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters ?
Any idea why it was missing???? Can be due to virus or virus removal.

Yeah I did it manually. I think its because of rootkit, as I have run rkill. What do you advice?

Why didn't you tell that in previous posts!?
I didn't make rkill and don't know what it did fix. http://www.sevenforums.com/tutorials/783-elevated-command-prompt.html

sfc/scannow

To test the integrity of exe and dll files. Post results.
Eventlog is also a good starting point to detect problems.

Oh I'm sorry. This is the result of sfc/ scannow: Windows Resource Protection did not find any integrity violations.
Sorry for the delay of the result because operation fails many times until it successfully done. Thanks!

Oh, btw, I have run Trojan Remover (http://www.simplysup.co.uk/download/dl/trjsetup691.exe) as Mayank Parmar advised.

 

[Mayank Parmar]

Any detection in trojan remover?

 

[NoelDP]

Please follow the Windows Update Posting Instructions and post the requested data
If the file is too large (8MB compressed), remove the older CBSPersist cab files until the final file is below the limit - you can always post them separately after zipping them. (the forum doesn't allow the upload of bare CAB files, for a number of reasons)
Also...

Open Event Viewer
click on the Windows logs entry in the left pane to expand it.
Now click on the Application entry - wait while it loads.
Click on 'File' in the menu bar and select Save...
Save the file as Appevt.evtx
Repeat for the System log
then zip both, and upload them.