Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVAST Removal


  • Please log in to reply

#1
dufferz

dufferz

    Member

  • Member
  • PipPip
  • 26 posts

I was asked to move this thread here http://www.geekstogo...andom-restarts/

Not sure if this is the way to do it. 

But here I am seeking help on removing AVAST to start. 

 

Thanks,

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,484 posts

Hello dufferz,

Lets run a scan so we can see the Avast files and figure what to do with them..

Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
dufferz

dufferz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Okay here they are.  But I have to leave on a road trip.  So I will not be able to get back to this until Friday Morning.

 

Thanks for your help

 

 

 

 

Attached File  FRST.txt   157.99KB   18 downloads

Attached File  Addition.txt   46.44KB   19 downloads


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,484 posts

Hello dufferz,

 

You are welcome

 

Drive safe..

 

zep


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,484 posts

Lets try an remove Avast manually using the control panel again...

To do that

Uninstall from the Control Panel (for programs)
1 In the search box on the taskbar, type Control Panel and select it from the results.
2 Select Programs > Programs and Features.
3 Press and hold (or right-click) on the program you want to remove Avast Free Antivirus and select Uninstall or Uninstall/Change. Then follow the directions on the screen.

Tell me what happens. Does it start to do anything indicative of uninstalling?

 

If it does not work above or something goes wrong do below: I know you have done this its just hard to believe it's not removing any files at all.   -->  (AVAST Software) C:\Users\zep51\Desktop\avastclear.exe <--- I don't see any indication of avastclear either. Kind of odd. re download it and run it once again.

 

Download an run avastclear to the desktop. Link below.
https://www.avast.co...install-utility

 

We need to run avastclear in safemode. Boot windows 10 to the Safemode.

To do that:
https://www.digitalc...mode-windows-10

 

Once in Safemode Open (execute) the uninstall utility  avastclear ..

 

After all that is done reboot the computer and post 2 new frst log reports.

Addition.txt
Frst.txt


  • 0

#6
dufferz

dufferz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

A little history.  I followed your instructions using msconfig option to boot to safemode.   I have tried this several times over the past two weeks.   Also just a few days ago I set Bios to 15 second delay on boot and found it has two operating systems listed. Picture below.   So it appears on my first attempt to uninstall AVAST months ago I must have ran AVASTClear in normal mode and it evidently created the second operating system.   I have tried booting to it to see if it would continue the clearing process, but no luck.   Here are the file. 

 

20200520_214523.jpg

Attached File  FRST.txt   151.73KB   16 downloads

Attached File  Addition.txt   45.17KB   14 downloads

 


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,484 posts

Hello dufferz,

 

I'll get back to you a bit later today, off to work now.

 

Thanks

Joe


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,484 posts

Hello again dufferz,

 

Avast software appears to be gone, there is one file left  (C:\ProgramData\Avast Software) we will remove that and I suspect that is Avastclear stuff, the addition log shows Avast as being installed but can't be correct.

 

There are a few lines in the log that we can take care of house keeping so to say..

 

Next

 

[*]Highlight the contents of the below code box and press Ctrl + C on your keyboard:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start::
CloseProcesses:
CreateRestorePoint:
2020-05-17 08:45 - 2020-05-20 21:45 - 000000000 ____D C:\ProgramData\Avast Software
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U3 aswbdisk; no ImagePath
S1 ESProtectionDriver; \??\C:\WINDOWS\system32\drivers\mbae64.sys [X]
S3 MBAMProtection; \??\C:\WINDOWS\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
EmptyTemp:
End::
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

  • 0

#9
dufferz

dufferz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Ran Fix. It required a restart, on restart the AVAST Clear uninstall os was still there. 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by Tomz (21-05-2020 15:58:02) Run:1
Running from C:\Users\Tomz\Desktop
Loaded Profiles: Tomz
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
2020-05-17 08:45 - 2020-05-20 21:45 - 000000000 ____D C:\ProgramData\Avast Software
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U3 aswbdisk; no ImagePath
S1 ESProtectionDriver; \??\C:\WINDOWS\system32\drivers\mbae64.sys [X]
S3 MBAMProtection; \??\C:\WINDOWS\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
EmptyTemp:
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\ProgramData\Avast Software => moved successfully
"AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\System\CurrentControlSet\Services\amsdk => removed successfully
amsdk => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\ESProtectionDriver => removed successfully
ESProtectionDriver => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMProtection => removed successfully
MBAMProtection => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMWebProtection => removed successfully
MBAMWebProtection => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18983370 B
Java, Flash, Steam htmlcache => 1228 B
Windows/system/drivers => 51802383 B
Edge => 4848400 B
Chrome => 31305253 B
Firefox => 61512164 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 9216 B
Users => 9216 B
ProgramData => 9216 B
Public => 9216 B
systemprofile => 1111626 B
systemprofile32 => 1111626 B
LocalService => 1280424 B
NetworkService => 1291294 B
Tomz => 134887316 B
Doug => 216079795 B
Samatha => 216126851 B
 
RecycleBin => 2895623 B
EmptyTemp: => 719.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:00:07 ====

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,484 posts

Post 2 more logs when you get a chance

Frst.txt

Addition.txt

 

You can right click on any desktop logs and delete them now so there's no confusion in posting current logs.

 

Things look good so far...

 

Thanks

Joe


  • 0

Advertisements


#11
dufferz

dufferz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Attached File  FRST.txt   152.79KB   8 downloads

Attached File  Addition.txt   44.02KB   9 downloads

 

Done


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,484 posts

Looks good !

 

There's one more file left, lets get rid of and we are done.

 

Next
[*]Highlight the contents of the below code box and press Ctrl + C on your keyboard:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start::
CloseProcesses:
CreateRestorePoint:
2020-05-17 09:07 - 2018-01-08 17:16 - 000000000 ____D C:\Users\Doug\AppData\Roaming\AVAST Software
EmptyTemp:
End::
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

 

 

No  need to post any log reports.

Please delete Frst from the desktop and any log files.


  • 0

#13
dufferz

dufferz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thanks, I guess I don't need to worry about the AVAST Clear OS that is still showing up. 


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,484 posts

I'm sorry I missed that,

 

Unbelievable Avastclear has a bug too..

 

 

 

a little known bug which happens sometimes with avastclear.

What the OP is saying is, when he/she boots the PC up, there is a dialog to choose the operating system or Avastclear. He gets the choice of Windows 10 or Avastclear which shouldn't happen since he's already ran Avastclear. This bug happens sometimes.

 

In order to fix this:

You need to open up "System Configuration" > type "msconfig" from Run or Cortana option. Then go the "Boot" tab.

Avast Clear Uninstall Utility or similar will be listed, click it and select the delete option.

Then click "Apply" and "Ok" and the issue will be resolved.

You may be requested to reboot so ensure you do if required.


  • 0

#15
dufferz

dufferz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

msconfig.jpg

 

When I delete the avastclear under Boot all it appears to do is change the General tab to Selective startup.

If I change it to Normal startup. The AVAST Clear boot os reappears. 

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP