Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect too

I am ready to do a fresh reinstall of Windows 7 (which I really don't want to do)... I've spent most of the past week trying to eliminate 1) Win 7 Security 2012 malware, 2) Google pages were being redirected, 3) all desktop icons were missing, and 4) Windows Firewall won't run. I used Malwarebytes, SuperAntiSpyware, TDSSKiller, and a registry repair (before coming to Major Geeks).

I first got the Win 7 Security 2012 issue. I thought I fixed it with Malwarebytes and TDSSKiller... but then my Google pages would redirect. I "fixed" that but then my desktop icons were gone. I manually changed some registry entries and they reappeared. Now... I noticed Windows Firewall isn't working (and Base Filtering Engine isn't loaded). I tried using several System Restore points but it couldn't find some necessary file (not sure which one) so it didn't run.

I came here (thanks Jim and Tim for helping me set up my account!) and read all the stickys. I then ran all the programs... although I had problems with ComboFix. It said to disable Antivir Desktop. I had disabled the AV program, but I couldn't disable Antivir Desktop in Services... I would uncheck it, but it would reappear when I hit Apply. I then DELETED Antivir, started ComboFix and got the same "please disable Antivir Desktop" message. Having no choice I let ComboFix run like that. Probably not a good sign.

Thank you in advance for *any* help you can give me!

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Hi and welcome to Major Geeks, mistermike40!

This is actually not a big deal. If you uninstalled Avira and ComboFix is still detecting it, that just means Avira's entries are still stuck in the Security Center cache (doesn't mean it's actually active). We'll remove those entries in the upcoming steps.

MGtools.exe should have been run from the root of C:

From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 20

Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]DirLook::[/COLOR]
C:\Program Files (x86)\ZC2.10
[COLOR="DarkRed"]File::[/COLOR]
C:\Users\Carter\AppData\Local\s8bw23s0qw3ywc
C:\Users\Carter\AppData\Roaming\Microsoft\Windows\Templates\s8bw23s0qw3ywc
C:\ProgramData\s8bw23s0qw3ywc
C:\Users\Carter\Desktop\3p63eq42.exe
C:\Users\Carter\Desktop\qktyfgytic.tmp
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Users\Carter\AppData\Roaming\Microsoft\Windows\Templates\7y6774w28t81a
C:\Users\Carter\AppData\Roaming\Microsoft\Windows\Templates\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
[COLOR="DarkRed"]Folder::[/COLOR]
c:\users\Carter\AppData\Roaming\WS1ivD3on4m5W7E
c:\users\Carter\AppData\Roaming\nTZZqqjYC
c:\users\Carter\AppData\Roaming\p44aaQHH6sK7fL9
c:\users\Carter\AppData\Roaming\BmHHH5sQJ7dEKgZ
c:\users\Carter\AppData\Roaming\gonnnF4amH5sW7E
c:\users\Carter\AppData\Roaming\dhhYYCwwkUrlOtx
c:\users\Carter\AppData\Roaming\kwwjjUCCelIrzNy
c:\users\Carter\AppData\Roaming\pwwwjjUVe
C:\Windows\assembly\temp\U
[COLOR="DarkRed"]RegLock::[/COLOR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[COLOR="DarkRed"]SecCenter::[/COLOR]
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.txt on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.

This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

I want you to read and follow these instructions: TDSSKiller - How to run


Please download MBRCheck by clicking here and save it to your desktop.

• Double-click on the file to run it. (Vista/7 right-click and select Run as Administrator)
• A window will open on your desktop.
• If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter.
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
• Attach that file to your next message. (How to attach)

Now install the current version of Sun Java from: Sun Java Runtime Environment

Please download Windows Repair by Tweaking.com to your desktop.

• See the download links under this icon:
• Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
• Now open this folder and double-click Repair_Windows.exe.
• Click the Start Repairs tab on the far right.
• Click Custom Mode so there is a bullet in it.
• Click the Start button (bottom right)
  Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
• Click Unselect All
• Put a checkmark in the following items:
  • Register System Files
  • Remove Policies Set By Infections
  • Repair Windows Firewall
  Note: Leave everything else unchecked
• Now click the Start button (bottom right)

Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Thanks again for your help! Here are the files...

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Code:

22:10:57.0070 3256	Scan started
22:10:57.0070 3256	Mode: Manual; 

Can you rescan with TDSSKiller using the directions in the link provided: TDSSKiller - How to run

These latest logs look good. What malware problems (if any) are you still experiencing?

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Here's the TDSS log. I haven't tried to do anything yet... should I reboot and see if I'm still experiencing the same problems?

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

This latest TDSSKiller log is clean too.

Yes please do.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

I tried but I'm still having issues. Windows Firewall won't start (it says it can't change some of your settings)... I think this might be due to Base Filtering Engine being stopped. Plus - I tried to reinstall Avira Antivir and it there is a conflict with Javacool SpywareBlaster... which I don't see anywhere

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Can you explain what you mean here?

Javacool Spywareblaster will be seen as "SpywareBlaster 4.5" in Programs and Features. However, it is a recommended program and should not interfere at all with any Antivirus. Are you trying to say that Avira is complaining about SpywareBlaster?

Code:

BFE                                      FALSE    OK  

What happens if you open command prompt window and type in the following command and then pressing ENTER:

• net start bfe

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Yes, it appears Avira has issues with SpywareBlaster (which it never did in the past, and all SpywareBlaster protection is disabled).

Running net start bfe gave me: The Base Filtering Engine could not be started. System error 5 has occurred. Access is denied.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Can you try the below:

• Open a Command Prompt as Administrator. To do this, type CMD in Start Search from the Start Menu. Right click on the result and choose "Run as Administrator".
• Run now the following command lines:
  • netsh advfirewall reset
  • net start mpsdrv
  • net start bfe
  • net start mpssvc
  • regsvr32 firewallapi.dll
• Confirm any boxes that comes up by clicking OK. The result on the last entry should say that it succeeded.
• Reboot the system.

SpywareBlaster was updated to v4.5 sometime last week. Not sure why it would be conflicting now though. Doesn't look like any drastic changes to me.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Thanks for your patience, I really appreciate the help!

I did what you said:

- netsh advfirewall reset: an error occured

- net start mpsdrv: success

- net start bfe: didn't start, system error 5

- net start mpssvc: name is invalid (I triple-checked my spelling)

- regsvr32 firewallapi.dll: after this is said it succeeded


However, after rebooting... still no Firewall (same error message as before). And looking at msconfig services: BFE stopped; IKE and AuthIP IPsec... stopped.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Open up the Windows Repair program again.
This time, only select "Set Windows Services to Default Startup". Leave everything else unchecked.
Then click the "Start" button.

Then complete the following:

Download SystemLook from one of the links below and save it to your desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

• Double-click SystemLook.exe to run it.
• Copy and Paste the content of the following code box into the main text-field:

Code:

:service
bfe
:filefind
bfe.dll

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan and a file entitled SystemLook.txt will be created on your desktop.
• Attach that file to your next message. (How to attach)

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Here's the SystemLook log...

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Open an elevated command prompt window and type the following commands. Let me know the output of each.

• regsvr32 bfe.dll
• net start rpcss

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

- regsvr32 bfe.dll: the module "bfe.dll" was loaded but the entry-point DllRegisterServer was not found

Make sure that "bfe.dll" is a valid DLL or OCX file and try again


- net start rpcss: the requested service has already been started

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]FCopy::[/COLOR]
C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7600.16385_none_29196190443bdeb0\BFE.DLL | C:\Windows\System32\BFE.DLL

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.txt on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.

This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

Afterwards, retry the regsvr32 bfe.dll command.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

ComboFix said it located and fixed an infected system file. After rebooting, regsvr32 bfe.dll gave the same message: the module "bfe.dll" was loaded but the entry-point DllRegisterServer was not found. Make sure that "bfe.dll" is a valid DLL or OCX file and try again

When I was looking for solutions on the internet, I came across someone suggesting that one of the BFE.dll registry entries shouldn't have a password. Mine did... about 10 characters (hidden)... I tried to delete them but I couldn't. Not sure if this helps

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Here's the log...

after regsvr32 bfe.dll: the module "bfe.dll" was loaded but the entry-point DllRegisterServer was not found

Make sure that "bfe.dll" is a valid DLL or OCX file and try again

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Other than the firewall not turning on, how is the system running? I will have to do some more research on this but can you try this in meantime:

Download Complete Internet Repair by Rizonesoft
Unzip the contents to into a folder on your desktop.

• Run CIntRep_x64.exe by right-mouse clicking and selecting "Run as Administrator".
• Place check-marks in the following:
  • Repair SSL / HTTPS / Cryptography
  • Reset Windows Firewall Configuration
• Then press the Go! button

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Hi, thanks again for your help. I ran the C.I.R. file but - after the reboot - still no Windows Firewall, and Base Filtering Engine/IKE and AuthIP are both stopped. Plus Avira won't load because of SpywareBlaster (that might be a separate and relatively insignificant issue).

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Just so you know we are looking further into this bfe.dll and service as quite a few people recently are experiencing the same problems. Thank you for your continued patience.

I will post back when I have further information that may resolve this.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Thanks, I do appreciate it. In the meantime is it ok if I uninstall SpywareBlaster, reinstall Avira, then reinstall SpywareBlaster (assuming it lets me)? Right now I am afraid to use the Internet... no firewall, virus or spyware/malware protection!

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Yes this is fine.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Thanks again.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Please complete the below:

Download MiniRegTool by Farbar

Unzip the files onto your desktop and run MiniRegTool.exe
Copy and paste the content of the code box in the edit box:

Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Check the Export Keys radio button and click Go.
When finished, Notepad will open with a log entitled "Result.txt".
Attach this log to your next message. (How to attach)

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Avira and SpywareBlaster are now both running fine. Still no firewall however. I was looking for a root cause and one possibility is the secdrv.sys file was corrupted. It gave me an idea... could a repair install (I have the OEM Win 7 disc) fix this - or whatever else is still messed up? or could it make things even worse?

Thanks again.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Here's the results...

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Ok so there are some differences. I'm not sure if this will turn the service back on but it is worth a try.

========WARNING========
The below is specifically for mistermike40's computer
Do NOT run the below if you are not mistermike40
Doing so may damage your PC!
========WARNING========

Attached is bfe.zip

Inside is:

• bfe.reg

Extract bfe.reg to your desktop.
Double-click bfe.reg and allow it to merge into the registry. If you get a "successfully merged into registry" type of message, reboot your PC and see if you can turn on BFE, or if it is already turned on.

You can run these commands from the command prompt.

• net start bfe
• sc qc bfe

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

I ran the registry edit, it was successful. Rebooted - noted that bfe was not running - then tried "net start bfe": got the system error 5 message - access denied. tried "sc qc bfe": it said success, but the bfe is still not running and I cannot start windows firewall

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Please download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



Now attach the below log:

• C:\MGlogs.zip

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Also complete the below:

Download SystemLook from one of the links below and save it to your desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

• Double-click SystemLook.exe to run it.
• Copy and Paste the content of the following code box into the main text-field:

Code:

:reg
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\secfile

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan and a file entitled SystemLook.txt will be created on your desktop.
• Attach that file to your next message. (How to attach)

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

After you have completed the above, I would also like you to try the below:

Download and run MicrosoftFixit.WindowsFirewall.Run.exe

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Here are the two attachments. When I first ran MGTools I got an error message from Avira: "Host file was stopped". Not sure what that meant, but I rebooted, turned off Avira and ran MGTools (and SysLook) without incident.

I'll run the other program you listed in a minute.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

I ran the program. It said it detected some problems and was able to apply the fixes. However, our verification shows that the problem still exists.

Windows Firewall service not started Status: not fixed

It directed me to a "fix-it" page specific for my problem, but nothing helpful was there

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Any other details provided other than the above?

I see the PC Tools Antivirus is installed, is this functioning? Remember you should only have 1 Antivirus installed. I would keep Avira and then uninstall PC Tools.

Also complete the below

Copy the bold text below to Notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "All files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Ok so we know that mpssvc (Windows Firewall) is missing. I need to gather more information on what else is missing. Maybe we can restore them later. Please complete the below:

Running SystemLook

• Double-click SystemLook.exe to run it.
• Copy and Paste the content of the following code box into the main text-field:

Code:

[COLOR="DarkRed"]:reg[/COLOR]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSDRV /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpsdrv /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcEptMapper /s
[COLOR="DarkRed"]:service[/COLOR]
bfe
mpsdrv
MpsSvc
PolicyAgent
RpcEptMapper
[COLOR="DarkRed"]:filefind[/COLOR]
mpsdrv.sys
FirewallAPI.dll
oleres.dll

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan and a file entitled SystemLook.txt will be created on your desktop.
• Attach that file to your next message. (How to attach)

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Unlike Windows 2000/XP, there isn't a repair installation feature in Windows Vista/7. Startup Repair is a seperate feature of Windows Vista/7.

However we may try a System File Check (sfc) later on.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

PC Tools was not running. I removed it from my computer... though it gave me two error messages in the process (it does seem like its gone now)

Fixme.reg ran successfully.

Attached is the SystemLook summary.

Thanks for the info on repair installation for Win 7... it was just a thought!

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

========WARNING========
The below is specifically for mistermike40's computer
Do NOT run the below if you are not mistermike40
Doing so may damage your PC!
========WARNING========

Attached is firewallfix.zip

Inside is:

• firewallfix.reg
• fixme+restart.bat

Extract both files to the desktop.

First double-click firewallfix.reg and allow it to merge into the registry. You should receive a successful message.

Now reboot your PC.

Once you have rebooted...

Test your firewall, If it still is not working, run the fixme+restart.bat file by double-clicking it.
Your PC will reboot again. Once you are back in Windows, test your firewall again.

If it still does not work, attach the fixme_results.txt file the .bat file created.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

I ran firewallfix.reg and got the error message: "Cannot import firewallfix.reg: not all data was successfully written to registry. Some keys are open by the system or other processes"

I didn't try the fixme+restart file (since the regedit file didn't load correctly). Should I try it?

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

No, you made the right choice sorry I should have been more clear about this. I have a feeling these keys may be locked or will be need to be loaded while the system is offline.

Hang tight while I prepare another fix.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Open MiniRegTool by Farbar again and use the below content:

Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services

Check the Unlock Keys radio button and press Go button.

If you get a successful message on the unlock completion, then retry merging firewallfix.reg into the registry.
If you do NOT get a successful when clicking the Unlock Keys button, let me know.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Keys unlocked, but the firewall reg fix didn't work (same error as before). After reboot, I have no internet connectivity... I'm sending this from another computer.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Sorry that we have set ourselves back a bit. I will try to correct this for you but first I need to see what happened.

First run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

Please download Farbar Service Scanner and run it on the computer with the issue.

Check "Include All Files" option.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please attach FSS.txt to your next message. (How to attach)

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Here are the two logs.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Code:

Checking LEGACY_Dhcp: Attention! Unable to open LEGACY_Dhcp\0000 registry key. The key does not exist.

I am honestly not sure why the reg patch I gave you potentially deleted DHCP legacy key.
Let's take a look at what is currently there and in the meantime I will figure out how else we can re-add the entry without using a registry patch.

Open MiniRegTool again and use the following:

Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHCP

Then click the Export keys radio button.
A log (Result.txt) will appear.
Attach this log to your next message. (How to attach)

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Here's the log file (it looks empty)

I should mention that last night I tried a system restore again (hoping to restore the Internet). It was from 12/9 and it didn't appear to work.

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Edit: Different idea

Download SystemLook from one of the links below and save it to your desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

• Double-click SystemLook.exe to run it.
• Copy and Paste the content of the following code box into the main text-field:

Code:

[COLOR="DarkRed"]:dir[/COLOR]
C:\WINDOWS\ERDNT /s

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan and a file entitled SystemLook.txt will be created on your desktop.
• Attach that file to your next message. (How to attach)

 

Re: Windows Firewall and BFE.dll won't load-Had Win 7 Security 2012 w/Google redirect

Hi... yesterday (before I saw your latest direction) I decided I couldn't go with no Internet, no firewall etc any longer. I backed up my files and was prepared to do a clean install of Windows 7. First, I thought I would try the repair install detailed on this Windows website:

http://www.sevenforums.com/tutorials/3413-repair-install.html

It took over five hours to complete, but everything seems to be working fine now. BFE is running, Windows Firewall is on, Internet works fine, no apparant registry errors.

I appreciate all the help you gave me in getting rid of whatever malware was on my machine. Could I ask one more favor... will you please direct me into what scans I should do to make sure my computer is malware-free, and could you look at the logs? Should I run the progams I did initially (SAS, MB, ComboFix, MGTools)? Should I run something that scans the registry?

Thanks again for all of your help!