Avast install stopped, BFE service is not running

I have a computer that apparently hasn’t had anti-virus protection for some time. I uninstalled McAfee and downloaded Avast since I have it running well on other computers.
When Avast starts to install, it is stopped and displays the message that the BFE service no running.
I then found out that the BFE was not even listed in the Control Panel, Services section.
I searched the issue and read multiple forums trying to resolve the issue.
I ran Windows Defender Offline, Registry Recycler, and a couple of other scans and discovered multiple problems including: "Trojan:Win32/sirefef!cfg. I think that I have that removed, but am not sure…
I now have BFE listed back in services, but still get the same error. When I click on BFE and click “start services”, I get “Error 87: the parameter is incorrect”.
I have Windows 7 as an operating system.
Please advise how to correct this issue.

Thanks,

Brent

see instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

Did you use the McAfee removal tool?
If not:
http://www.ache.nl/index.php?location=mal-01#m

Below is the result of the scan. I didn’t try the McAfee removal tool. I will try that as well.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/28/2014
Scan Time: 3:55:39 PM
Logfile: malwarebytes scan.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.28.06
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Acer

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340555
Time Elapsed: 14 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe, 2460, Delete-on-Reboot, [a51ca86f0b7124126f5328ceb1517888]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input, Delete-on-Reboot, [a51ca86f0b7124126f5328ceb1517888],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring, Delete-on-Reboot, [a51ca86f0b7124126f5328ceb1517888],
Trojan.Siredef.C, C:$RECYCLE.BIN\S-1-5-18$ab07f9df6e20b306ac6e6c4250c5879a\U, Quarantined, [e8d91ef9dd9f4aecd4220ff17d837c84],
Trojan.Siredef.C, C:$RECYCLE.BIN\S-1-5-21-2125806907-1427921203-4156746488-1000$ab07f9df6e20b306ac6e6c4250c5879a\U, Quarantined, [06bb20f7a6d6df5717dfd22e827e7888],
Trojan.Siredef.C, C:$RECYCLE.BIN\S-1-5-18$ab07f9df6e20b306ac6e6c4250c5879a\L, Quarantined, [01c0789f55278fa76a8eb44ca55b659b],
Trojan.Siredef.C, C:$RECYCLE.BIN\S-1-5-21-2125806907-1427921203-4156746488-1000$ab07f9df6e20b306ac6e6c4250c5879a\L, Quarantined, [774a859281fb1521c33515eb43bd8a76],
Trojan.Siredef.C, C:$RECYCLE.BIN\S-1-5-18$ab07f9df6e20b306ac6e6c4250c5879a, Quarantined, [b011ec2b82fa59dd8b6ed32dd62a2ed2],
Trojan.Siredef.C, C:$RECYCLE.BIN\S-1-5-21-2125806907-1427921203-4156746488-1000$ab07f9df6e20b306ac6e6c4250c5879a, Quarantined, [477a1304691355e1dc1ded139a660af6],

Files: 1
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe, Delete-on-Reboot, [a51ca86f0b7124126f5328ceb1517888],

Physical Sectors: 0
(No malicious items detected)

(end)

you need to attach the two Farbar logs … if not you will have 20 posts with copy and paste

Here are the 2 Farbar docs

Before you can install Avast you will need to remove McAfee, first uninstall it from the control panel. Once you have done that run the removal tool http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Then prior to installing Avast run this fix

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2125806907-1427921203-4156746488-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2125806907-1427921203-4156746488-1000\$ab07f9df6e20b306ac6e6c4250c5879a\n. ATTENTION! ====> ZeroAccess? SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File CustomCLSID: HKU\S-1-5-21-2125806907-1427921203-4156746488-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin () C:\$Recycle.Bin\S-1-5-21-2125806907-1427921203-4156746488-1000\$ab07f9df6e20b306ac6e6c4250c5879a EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

I have ran the McAfee removal tool and need to restart to complete it.
Can I go ahead and stop the aswMBR scan to complete the task above or should I let it continue?

Stop AswMBR for now please I have sufficient data

Fixing is in progress on Farbar. I won’t be able to post the log until tomorrow morning. I will continue with the rest of your directions then. Thanks for all your help so far!

Here is the fixlog doc.
I will continue with the next fix.

Here is the doc for the AdwCleaner.

Does Avast install now ? If not

Download and run farbar service scanner

https://dl.dropboxusercontent.com/u/73555776/fssscan.JPG

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Avast still won’t install. Below is the result of the latest scan:

Farbar Service Scanner Version: 21-07-2014
Ran by Acer (administrator) on 29-10-2014 at 13:23:52
Running from “C:\Users\Acer\Desktop”
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal


Internet Services:

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe: “???”.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Action Center:

Windows Update:

Windows Autoupdate Disabled Policy:

Windows Defender:

Other Services:

File Check:

C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Download bfe.reg from this location https://dl.dropboxusercontent.com/u/73555776/BFE.reg to your desktop
Double click the bfe.reg and allow to merge
Reboot the computer and try Avast again

I opened up that link and it looks like a notepad document with a bunch of lines of code.
I wasn’t about to double click on anything.

wasn’t able to double click on anything

It is a file to make changes to the registry.
Don’t open it, save it on your drive then double click it.

The file contains all the correct paths and commands for the BFE service in your computer

As long as you saved it as bfe.reg then double clicking will merge it into your registry

If you do not trust my reg file there are some automated tools that will do the same

I see, sorry I misunderstood what you were requesting.
Anyway, I did that and now Avast is finally downloading!
Thank you so much for all of your help Essexboy and Eddy! I really appreciate it!

If I have any other issues, I will post them.

Thanks again!