Avast uninstall leftovers

I am trying to do some troubleshooting on a notebook by removing a few programs that may have conflicts such as firewalls and Avast. However when I uninstall Avast using both the normal uninstall process via control panel and the Avast uninstall program hosted on the Avast webpage both have left a service and folders behind. The service in question is AvastVBox Com Service. The only Vbox files I can find are in system32 and syswow64 under a folder called Vbox. The files are digitally signed by Avast in both folders. I think these files and the service are left overs from a version of avast before the 2015 edition due a date of Nov 2014 with no modification since this date.

Any idea how I can remove these properly?

Use the uninstaller named REVO

Delete all the files/folders
Reboot
Run CCleaner or the Glary Utilities to clean up temp files and the registry.
Keep running the registry cleaner till nothing left is found.

The cleaner didn’t work as the registry files had an ownership conflict which prevent it from being deleted. Also the avastcleaner.exe produced an irql is not equal BSOD. It cleaned out whatever was left but BSOD during the login screen loading. I had to go through the registry and set permission to delete registry entries which I found on another techsupport site. I had the same issue on my desktop but avastcleaner.exe caused a bsod IRQL not equal, all I caught before the automatic restart. After the restart my windows was not authentic but a restarted fixed whatever that issue was. I am not sure if the removal process was completed or not.

I have the crash dump but can not upload it with the attachments.

The service in the OP is gone as are the registry files and normal folders. Just not sure what is up with the bsod with the cleaner program

Normal (best) procedure is:

  • Remove avast through control panel.
  • Reboot (if needed/wanted)
  • Run the removal tool in safe mode
  • Reboot
  • Remove leftover files/folders manually
  • Reboot
  • Run CCleaner till nothing more is found

“ownership conflict”, “set permissions in the registry”
That sounds to me like avast was still running.
Seems to me the avast self defense was at least.

“IRQL not equal” is almost always a driver problem.
Note that there are more drivers than just for the hardware.

Do you mean you got the message: “Windows is not Genuine” ?

What was the reason you tried to uninstall avast ?
Did it gave errors ?
Did you suspected malware ?
Or…

What OS/SP ?
What exact version of avast did you had ? (If you can remember it)
Any other security (related) software installed ? (or did you have)
Any other problem(s) (errors) with the system ?

Let’s see if we can find out more about what happened…

I did all of that except for removing leftover folders/files and using CCleaner. I removed the folders and registry keys manually as I avoid registry cleaners like the plague. Too many issues if the program removes keys I need or if I miss clicking a key. Beside the cleaners suggested didn’t remove the leftovers and just caused problems with the OS. I restored to an image to fix whatever registry “fixes” were applied and just did it myself after reading a few guides and backing up my registry.

"ownership conflict", "set permissions in the registry" That sounds to me like avast was still running. Seems to me the avast self defense was at least.

My thought as well. I disabled everything I could in settings, troubleshooting and the 3 shields. As far as I could figure nothing should have been running beside the automatic startup of Avast. It still wouldn’t let me do anything to the registry files which kept the service listed. I could only disable the service but not remove it. I uninstalled Avast on the notebook and desktop to resolve the ownership conflict but it didn’t work. I removed everything by hand using windows standard method of ownership and permissions of every folder and key related to vbox which let me delete the keys. At this point the original OP issue is resolved. Just that the Bsod was a concern.

"IRQL not equal" is almost always a driver problem. Note that there are more drivers than just for the hardware.

I looked it up and most sites said as much. However that information is pretty general so I was not sure if it applied in all cases. It does seem software related as the only reason for the bsod is due to the avastcleaner required restart and whatever it did between the restart and loading windows.

Do you mean you got the message: "Windows is not Genuine" ?

Yes, right after the Bsod restart I loaded and logged into Windows fine but had a version build with a “not genuine notice” in the lower right hand corner of the desktop screen. This stopped after a restart. I also ran the validation service via the MS website in case.

What was the reason you tried to uninstall avast ?

I had a leftover Vbox service from Avast 2014. The program update between 2014 and 2015 did not remove everything. So I thought uninstalling via control panel and the avastcleaner.exe would remove the service and folders. It didn’t hence the OP.

Did it gave errors ?

No errors in the control panel and avastcleaner.exe. Both completed, asked for a reboot. I followed the steps to run in safe, ran avastcleaner and followed the restart prompt. Right at the login screen with the windows loading sound playing the Bsod happened, sound was stuck as well. I have the crash dump for the bsod. There is nothing in my eventlogs about either the normal and avast uninstall having errors.

Did you suspected malware ?

Nope, it was just a service that had no use, had issues with disabling and removing. I was concerned as problems with AVs can create issues for the OS and other software. I ran a full scan with Avast but there were no threats detected.

What OS/SP ? What exact version of avast did you had ? (If you can remember it) Any other security (related) software installed ? (or did you have) Any other problem(s) (errors) with the system ?

Windows 7 Premium, up to date.

Avast version 2015.10.2.2218. Virus definitions 150626-0. It was up to date as much as the automatic update settings on default allowed. It usually updates everyday and one startup.

I have Comodo Firewall with HIPS, Sandbox and Viruscope disabled, pretty much only the firewall is set to work. The Comodo antivirus was not installed at all as I verified a few hours ago. Avast and Comodo have been working fine in combination for years on both systems. I have Malwarebytes but it is not set to load, has no protection running or any services running at all. I only have it as a secondary scanner which I only use rarely. It only starts if I manually load the program. It services are set to manual. It’s msconfig settings are disabled.

I have had no desktop system problems as far as I can tell. Just a few software problems but isolated to the programs rather than a major issue. Most software issues are related to modded games crashing and Battle.net app. This was the first bsod in years for my desktop. The last issue I had with the desktop was last August but was due to a bad PSU which was replaced. My notebook did have bsods recently so I was trying to eliminate whatever problems between software I could as the bsod was linked with the OS inability to find files or at least that is what the bsod information I Googled claimed. I thought a leftover out of date service trying to run could be the cause. The notebooks bsods were very random taking days to weeks at a time.

I’m confused now…

I did all of that except for removing leftover folders/files and using CCleaner. I removed the folders and registry keys manually
Correct me if I am wrong, but it seems to me that you did remove (or at least tried) to remove the leftovers manually.

Don’t worry about CCleaner, it will let you create a backup of the registry before deleting anything.
You will always have the option to restore the registry if something goes wrong.
In all the years (10+) I’ve only seen CCleaner delete a key once when it shouldn’t.

Beside the cleaners suggested didn't remove the leftovers
Ofcourse they didn't. They are not designed to do so. They remove temporarily files, cookies and such.
My thought as well. I disabled everything I could in settings, troubleshooting and the 3 shields.
That means you didn't even remove removed avast through control panel. If you had done it, you would not have been able to access the settings anymore.

I ran the CCleaner as suggested but it removed other files from the registry causing issues with windows. For example the reliability monitor stopped working completely. I did a restore to June 6th which restored Avast and the Vbox leftovers. I did the same process of removal again except I manually looked for the files in the registry after reading a guides covering the registry and it’s backups rather than the CCleaner program.

Don't worry about CCleaner, it will let you create a backup of the registry before deleting anything. You will always have the option to restore the registry if something goes wrong.

I tried to restore the registry with it but it only save a backup of the last recent scan or overwrote the other saves

In all the years (10+) I've only seen CCleaner delete a key once when it shouldn't.

I had issues with such scanners years ago and still have issues now. Beside other techsupport over the years have warned me about such programs.

Ofcourse they didn't. They are not designed to do so. They remove temporarily files, cookies and such.

Then why suggest it as per “Run CCleaner or the Glary Utilities to clean up temp files and the registry.” You are contradicting your previous instructions. You recommended just for such a task.

That means you didn't even remove removed avast through control panel. If you had done it, you would not have been able to access the settings anymore.

I had disabled all the settings in Avast just to disable the leftover service as it was set to automatic start. I uninstalled Avast to try to remove the service completely but this failed