Background Service and Shields are not starting automatically - different user

I have been using Avast Free for several years now without problem, until very recently.
I decided to pay and upgrade to the Pro version 2015
Whenever I start my laptop none of the shields nor the Avast Background Service start automatically. The rest of Avast starts and seems to function fine, but these specific components do not. Now every time I start up my laptop I need manually start the Shields and background service.

After looking through some older threads I have tried using the “repair” option in the Avast uninstaller to no effect (including reboot). I have also tried completely uninstalling (including reboot) and then subsequently reinstalling Avast, also to no effect.

After a quick search I’ve found the relevant uninstall tool (https://www.avast.com/en-us/uninstall-utility) and will try using it to remove avast. I completed this in safe mode. restarted, restarted again, installed and I have the same issue.

So Basically I’m back where I started. The uninstaller did not appear to have any discernible effect on the behavior of Avast.

Also, no definition or software updates work properly.

I am running Windows 8.1 64 bit.

  • Which Avast…? (Free/Pro/IS/Premier)
  • Which version…?
  • Other security related software installed…?
  • Which AV(s) did you use before Avast…?

Avast Pro
Avast 2015
Nothing else
Avast Free

  1. Download Avast Pro Antivirus: http://files.avast.com/iavs9x/avast_pro_antivirus_setup.exe
  2. Follow instructions: http://www.avast.com/uninstall-utility (Run this tool for all prior installed Avast versions…!!)
  3. Reinstall Avast with the downloaded installer from point 1.
  4. Reboot.

Little correction:
Windows defender is also installed.

Thanks Eddy.
@OP: You’ve to disable WD on W8 and above…!!

So, unfortunately this is what I have tried in the past. I have done this step by step and ended up at the same point. Please see pictures.

Please do as Asyn said in reply #3
avast will create a log file of the installation.
attach it to your next post.

Please find the log attached.

Reboot 2 or 3 times and let us know if everything is working or not.

4 reboots later - still no change sorry.

see here https://forum.avast.com/index.php?topic=53253.0
scroll down to Farbar Recovery Scan Tool … run as instructed and attach the two diagnostic logs

essexboy will then have a look when he is online later today…

As requested

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
Looks like a rootkit.
Please run aswmbr
http://public.avast.com/~gmerek/aswMBR.htm

Log didn’t indicate that it found anything.

Have you at any stage had AVG on the system ? As the errors are 1053

Download and run farbar service scanner

https://dl.dropboxusercontent.com/u/73555776/fssscan.JPG

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Attached FSS.txt
AVG was never installed.

Farbar Service Scanner Version: 21-07-2014
Ran by USERNAME (administrator) on 05-01-2015 at 16:23:05
Running from “D:\Users\USERNAME\Google Drive”
Microsoft Windows 8.1 Pro with Media Center (X64)
Boot Mode: Normal


Internet Services:

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Action Center:

Windows Update:

wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

Windows Defender:

WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: “”%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
“DisableAntiSpyware”=DWORD:1

Other Services:

File Check:

C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

OK all services are good, so lets now check the veracity of the files. This can be caused by the wrong version system file being present

Open an elevated command prompt
Type Command in the search box
Right click Command Prompt when it appears and select run as administrator
In the black box that opens type in the following command :

sfc /scannow

Then press enter
On completion reboot and let me know if the problem is still present

It finds errors but can’t fix all.
Problem persists.

chkdsk /f /r also did not help.

http://support.microsoft.com/kb/929833

Did you ran sfc like that?