These particular FakeAVs aim to break the Windows 7 Firewall as well as attempting to scam you for your financial information -- and they are very successful.
Earlier this week at work, I had the pleasure of working on a PC with this infection. I had known before hand that the Firewall would have been compromised; and it was.
First I tried just opening the Windows Firewall settings in Control Panel.
Opened an elevated Command Prompt window and tried starting the services manually. At this point I was just taking notes...
The same is true for Base Filtering Engine (BFE) service which is required for the firewall to work.
Windows Firewall Authorization Driver (mpsdrv) service appears to be in tact, the only thing we need to change is so that it starts automatically when Windows is booted.
Now typically we could import registry patches of these services from a clean Windows 7 computer, but there are permission issues on the following keys:
Some of the above keys may not even exist.
Once I created "Everyone" user account to have full permission to change these keys using regedit.exe, I was able to successfully import the clean registry patches from a clean Windows 7 computer.
Upon reboot I was able to turn on the Windows 7 Firewall again as shown below by the screenshot.
As you can see, malware is always improving and is capable of breaking parts of Windows that should always be secure.