• 0
Sign in to follow this  
alfie01

Can't completely remove ad-aware

Question

Hi I recently uninstalled ad-aware and thought I had removed all of the files from my laptop, yet I am unable to turn on Windows Defender as it says other software is installed. Can anyone help as at the moment I have no virus protection on my laptop as I cannot turn on Windows Defender.

Share this post


Link to post
Share on other sites

11 answers to this question

Recommended Posts

  • 0

Hi alfie01,

 

Please, let us see what parts of Ad-Aware that are still installed by using the FRST program.

Download Farbar Recovery Scan Tool (FRST) and save it on the desktop:

For 64 bits Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe

For 32 bits Windows: http://download.bleepingcomputer.com/farbar/FRST.exe

 

Start the FRST program.

 

Read the disclaimer and click Yes to accept it.

Click Scan button.

When done, FRST will create two log files, called FRST.txt and Addition.txt, on the desktop.

 

Please, attach them to your reply (press More Reply Options button to see how to attach files).

Share this post


Link to post
Share on other sites
  • 0

Thank you for the logs, but unfortunately they aren't complete, they are missing the last sections. Please, try again.

 

But I can see that you still have "Ad-Aware Browsing Protection" installed, please uninstall it.

 

Java 7 Update 55

This is an old version with known vulnerabilities that can be exploited by a web page to infect the computer. You should update or uninstall it.

  • Like 1

Share this post


Link to post
Share on other sites
  • 0

Thanks!

1. Potentially Unwanted Programs/Settings
SearchScopes: HKLM - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www.istartsurf.com
That search page/engine is usually not wanted.


You can read reviews of that home page on https://www.mywot.com/en/scorecard/iminent.com

GoldenCoupon is adware. Can you uninstall it?

2014-09-18 19:11 - 2014-08-22 20:18 - 00000000 ____D () C:\ProgramData\WinSpeed
2014-09-16 18:56 - 2014-07-30 20:06 - 00000000 ____D () C:\ProgramData\sYPipxUfQ
2014-09-14 13:56 - 2014-09-06 16:11 - 00000000 ____D () C:\ProgramData\SeaVerrPro
2014-09-14 13:55 - 2014-08-22 20:22 - 00000000 ____D () C:\ProgramData\Browser
2014-09-09 17:14 - 2014-08-22 21:00 - 00000000 ____D () C:\ProgramData\WEbsaver
Those folder are probably created by adware.

Do you want us to help you removing the mentioned objects?

2. McAfee and MBAM Removal
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
Have McAfee antivirus program ever been installed, e.g. when the computer was delivered?
Please run the McAfee removal tool that is called "MCPR": http://service.mcafee.com/FAQDocument.aspx?id=TS101331 Section Solution 2.

There are left-overs from the uninstallation of Malwarebytes Anti-Malware, too. Please run "Malwarebytes Clean Uninstall Tool": https://helpdesk.malwarebytes.org/hc/en-us/articles/201861636-How-do-I-uninstall-Malwarebytes-Anti-Malware-

3. Ad-Aware Removal
Please, uninstall "Ad-Aware Browsing Protection".

Please, move FRST from Downloads folder to the desktop.

Please, start Notepad.
Copy all text that is in the box:

2014-09-08 22:42 - 2014-09-08 22:42 - 00000000 ____D () C:\Users\Ewan\AppData\Roaming\LavasoftStatistics
2014-09-08 22:39 - 2014-10-05 23:10 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-09-08 22:39 - 2014-09-08 22:39 - 00000000 ____D () C:\Users\Ewan\AppData\Roaming\SecureSearch

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your answer.

Share this post


Link to post
Share on other sites
  • 0

All Lavasoft and Ad-Aware files should be gone now, but please search in the computer for files and folders called Lavasoft or Ad-Aware. Write the paths in your reply if you find anything.

 

Can you activate Defender now after removal of McAfee and MBAM?

 

Please scan with FRST again and attach the new FRST.txt and I'll give you instructions for how to remove the adware files and search pages.

Share this post


Link to post
Share on other sites
  • 0

1. "Ad-Aware Browsing Protection"

According to Addition.txt "Ad-Aware Browsing Protection" is still installed.

 

2. Defender Message

Does Defender report that it can't run due to Ad-Aware or what does it say?

 

3. Event Viewer

In the "Event Viewer" Defender reports errors and I don't think they have anything to do with Ad-Aware:

 

Date: 2014-10-06 15:56:21.322

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

 

Date: 2014-10-06 15:56:18.057

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Have you done anything that maybe changed a Defender file?

 

 

4. Removal of Ad-Aware and adware

Please, start Notepad.

Copy the following lines:

 

SearchScopes: HKLM - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www.istartsurf.com/web/?type=ds&ts=1406747083&from=smt&uid=HGSTXHTS541075A9E680_JD12021W05V7KK05V7KKX&q={searchTerms}

SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-09-08&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}

SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-09-08&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}

SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www.istartsurf.com/web/?type=ds&ts=1406747083&from=smt&uid=HGSTXHTS541075A9E680_JD12021W05V7KK05V7KKX&q={searchTerms}

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

 

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]

2014-09-18 19:11 - 2014-08-22 20:18 - 00000000 ____D () C:\ProgramData\WinSpeed

2014-09-16 18:56 - 2014-07-30 20:06 - 00000000 ____D () C:\ProgramData\sYPipxUfQ

2014-09-14 13:56 - 2014-09-06 16:11 - 00000000 ____D () C:\ProgramData\SeaVerrPro

2014-09-14 13:55 - 2014-08-22 20:22 - 00000000 ____D () C:\ProgramData\Browser

2014-09-09 17:14 - 2014-08-22 21:00 - 00000000 ____D () C:\ProgramData\WEbsaver

 

STOP the copying here

 

and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Start FRST that is on the desktop, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

Edited by CeciliaB
Added missing info
  • Like 1

Share this post


Link to post
Share on other sites
  • 0

Thanks, Peter :)

I wonder where those lines went.

 

I have edited my previous post.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this