Slow hard drive and remants of antivirus. Bitdefender.

My hard drive remains busy on start up. It may take 45 minutes or more to cool down and allow me to start work. It may also act up intermittently and freeze out my laptop, particularly my browsers. All of them including FF, Chrome and Palemoon.

I believed it was malware. Found out that I had remnants of Bitdefender antivirus remaining on my hard drive. Details are here on the malware forum and all the steps I have already done: http://forums.majorgeeks.com/showthread.php?p=1917362&posted=1#post1917362

These are the remnants of BitDefender still remaining on hard drive:

[HKEY_CURRENT_USER\S-1-5-21-1429905150-4230708046-3960260400-1000\Software\Bitdefender]
[HKEY_CURRENT_USER\Software\WinRAR SFX]
"C%%Program Files (x86)%Common Files%Bitdefender%setupinformation"="C:\Program Files (x86)\Common Files\Bitdefender\setupinformation"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Bitdefender\Bitdefender\antispam32\obk.exe"="Bitdefender Safepay"
[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{bdbdbd00-6057-11e0-a7f3-ce9adfd72001}\Elements\12000004]
"Element"="Bitdefender Rescue Mode - Windows 7 Professional SP 1 (x64)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bitdefender.pmbxcr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bitdefender.pmbxcr]
@="C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcrnmh.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\mSrv̠]
@="C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcrnmh.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\"
[HKEY_USERS\.DEFAULT\Software\SetID]
"myaccount"="https://my.bitdefender.com/bd2014/?lang=%s&kit=%s"
[HKEY_USERS\.DEFAULT\Software\SetID]
"MyBitdefender"="1"
[HKEY_USERS\S-1-5-21-1429905150-4230708046-3960260400-1000\S-1-5-21-1429905150-4230708046-3960260400-1000\Software\Bitdefender]
[HKEY_USERS\S-1-5-21-1429905150-4230708046-3960260400-1000\Software\WinRAR SFX]
"C%%Program Files (x86)%Common Files%Bitdefender%setupinformation"="C:\Program Files (x86)\Common Files\Bitdefender\setupinformation"
[HKEY_USERS\S-1-5-21-1429905150-4230708046-3960260400-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Bitdefender\Bitdefender\antispam32\obk.exe"="Bitdefender Safepay"
[HKEY_USERS\S-1-5-21-1429905150-4230708046-3960260400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Bitdefender\Bitdefender\antispam32\obk.exe"="Bitdefender Safepay"
[HKEY_USERS\S-1-5-18\Software\SetID]
"myaccount"="https://my.bitdefender.com/bd2014/?lang=%s&kit=%s"
[HKEY_USERS\S-1-5-18\Software\SetID]
"MyBitdefender"="1"

So how do I remove these remnants?

Are they causing the slowdown of my drive or is it something else?

Thanks.

PS: I have not mentioned the smaller issues I have so as not to confuse the matter. These have to do with Shockwave Flash or browser issues.

 

It's by no means certain that these BD remnants are your problem, but if you have also since installed another AV program then conflict between the two is certainly a possibility.

I would download and run Autoruns and search for and disable any BD entries. After a restart you should be able delete the BD program files and program data.

You haven't provided us with any information at all as to your Windows version. This is basic when trouble shooting.

 

No other antivirus installed.

The version is windows 7, 64 bit.

 

I ran autoruns. I have attached the txt file I saved of the 'everything' tab. Can you help me identify which of these processes I should terminate and how.


Joe, How safe is it to use Ccleaner to fix the registry problems. What are the steps involved?
I am a novice with computers and really am afraid of doing anything wrong. Thanks.

 

@JoeRay - in the other thread #16 the OP says he has run the uninstall tool but if so then clearly it hasn't done the job. Certainly worth trying it again, in Safe Mode I suggest.

The fact he/she can't remove the BD files indicates some are in use, which is why I suggested Autoruns. However the Autoruns log contains no BD entries and that suggests to me that whatever the the cause of the startup problem may be it probably isn't BD.

@Raphee - did this startup problem only occur after uninstalling BD? If so then see if you have a system restore point available that pre-dates uninstalling BD. If there were problems already then we can definitely forget BD and need to look elsewhere for the cause. That is going to mean analysing your Event Viewer.

 

Thanks Joe and Earthling.

I only used the cleaner tool of Ccleaner as per instructions in the malware thread. I'll run the registry cleaner now, and post the log, if it generates one. I am pretty afraid of mucking around with the registry given my obvious lack of knowledge.

Earthling, unfortunately there is no system restore point prior to the uninstall.

Regarding the slow drive: here is where I get confused. I suspect it was the antivirus uninstall that created it. But that's because its the only significant event I can remember in the past few days. I didn't immediately attend to the problem, since I was too busy finishing a project. It might as well be something else like you guys indicated.

Would the two of you like me to run through Ccleaner. Or would you rather have me check something else first?

Thanks.

 

I would run the BD uninstall tool again first, in safe mode. Reboot and then run the CCleaner registry cleaner, accepting to backup the changes. See if that has any effect. You might also want to run SystemLook again at this point as it would be good to rule out BD by knowing it has been completely removed.

 

Hi earthling. Ok I ran uninstall tool in safe mode. Used Ccleaner registry, and have attached the system look log.

I also checked C:/programdata/bitdefender and c:/programfiles/bitdefender.
The bitdefender folders are now gone. Previously I couldn't access these to delete them.

I'll use the laptop for a day and report back. If you want me to also do something else, please inform me. Thanks for everything so far.

 

Assuming you can confirm JoeRay's points it just proves that neither the uninstall tool nor CCleaner do a 100% job. It's not surprising, I find all sorts of leftovers in the registry despite using the recommended tools. Anyway those entries are harmless and you could, if you wish, manually delete them or just leave them there.

 

I did a system restart after running bitdefender uninstall tool.
I did not do a system restart after using CCleaner> Registery. I ran it a number of times until it showed ZERO issues.
After that I immediately ran the System Look tool, and sent you the log. I did not do a system restart between using CCleaner and System Look.

 

I have now done a restart and am attaching System Look log obtained after the restart.

The laptop is already performing better. The hard drive does remain busy, but it isn't hindering my access to other programs.

 

Frankly I have never done it before. I might give it a try.

I'll wait another day if the laptop doesn't give me any problems, then that's good. If it does, I'll let you guys know.

Thanks Earthling and Joe for everything so far. You've been a great help.

 

Redundant disconnected registry entries have no effect at all on system performance and take up only a microscopic amount of disk space, so there is absolutely nothing to be gained from deleting them unless, like me, you are a bit OCD about these things

 

Hey guys, this may not really apply here, but after I do any uninstall, I always run Everything Search Engine to remove any left over files that the uninstaller missed.

http://www.majorgeeks.com/files/details/everything.html

 

Am I missing something about Everything Nick? You need to know part of a filename for Everything to find it so I don't understand how it can help with cleaning up. Also, it doesn't find reg entries which are the problem here.

 

Earthling, when I uninstalled BD, I ran Everything to remove leftovers, just by typing in Bitdefender. Then I typed Gonzales to remove the remainder. I have also learned that most leftover reg entries usually are harmless. My post was just a suggestion in case there maybe a few files that were contributing to the problem. Sorry I jumped in, I was just trying to lend a hand.

 

I've used the laptop for a day or so after my last message. Unfortunately the hard drive is still slow, especially after I start. There has been some improvement once I got rid of Bitdefender. However, it is still taking some 20 to 30 minutes before I can work on my laptop in normal fashion.

I havent used Everything as suggested by Nick.

So what would you guys recommend I do?

 

A few important ideas/suggestions. Have you checked to see if auto-defragmentation is running by default on your system? When I purchased my lenovo laptop it came bundled with a whole bunch of trialware and unnecessary applications. Gradually I removed most of it via add/remove programs from control panel. Make sure you know what you are removing though, and if uncertain leave it alone. But you really dont need auto-defrag and it will seriously slow down your computer. Also it will not hurt to get your computer checked for redundant and corrupt files, redundant and corrupt registry entries, etc. And one last suggestion, the more services running on automatic update, the slower your computer and internet connection will be. I prefer to manually update software when I have time. Old version normally dont make much of a difference with newer versions.

 

Joe,
I have attached the installed programs text file from Ccleaner> tools.
I cannot see Hitman Pro in my installed programs. Where else do I need to look to ensure it isn't there. There is a MGtools.exe file on my C drive. I believe this MG file was downloaded for a separate procedure some months ago. I also think there are some associated files of MG tools that did not get removed. I have attached a picture. Is this a cause for Hitman Pro running.

Malware Bytes and Anti Spyware are both free versions.

I have now uninstalled K-lite Codec.

Do you see anything else in my installed programs list that I should uninstall?

Nikos.
Auto defrag is not set on auto. I am currently using Auslogics Defrag. Is it any good?

I will be checking which services run updates automatically. I believe Acrobat is on auto; and I suspect that for the browsers also. I will disable those that I find.

I have a Dell laptop. This is pretty old. I never did remove the bloatware from Dell. But it didn't give me too many problems.

So what next?

 

Please see the attachment of Ccleaner>Tools >list of installed programs.

 

Joe and Dr. Moriarty,
Yes I followed the cleanup steps by Kes. The MG Tools folder and some of the other tools were uninstalled. What I have left is a MGtools.exe file on C drive. I also have a previous download of Hitman Pro exe file in a folder on desktop.

I have tried sending a screen shot of the C drive as .png /.jpg /.bmp attachment, but the file size turns out larger than allowed limit.

I am attaching CCleaner > Tools >Startup >Windows text file.

Thanks for info on Flash player. I currently use Palemoon and not IE.

 

Joe, which programs do I essentially need to keep. The rest I'll disable.

 

Bloatware unnecessarily consumes system resources; processor power, hard disk space, RAM, internet bandwith(especially if on auto-update). I realise todays computers are much more capable than those of the past but for me its a matter of principle. I would rather not wait longer for the system to start up, longer for malware checks to complete, and my download speed degraded.

I think its a good idea to NOT run auto-defrag. Simply keep track of your HDD fragmentation with the built-in windows utility and when the computer advises you to defrag, FIRST do a disk check for errors on the next boot, and then when that finishes you can defrag.

I am old school. Prefer manual everything. I even drive old cars. LOL!

 

Why not uninstall them with the program specific uninstallers? Thats the best choice. Second best option is to use add/remove programs from the control panel. Only as a last resort its a good idea to disable since all program entries remain on your computer consuming system resources. Heck you can even get a dedicated uninstaller program that will remove anything and everything.

I just removed 48 GB of data on my computer. Remaining binaries and dlls, remaining registry entries, remaining drivers, etc. Most software programs are never completly removed eventhough we think they are. After a while the data builds up and the HDD crashes. Ghost files!

 

Giving very, very bad advice? The thread was all over the place and hardely anyone knew what the problem was. The OP said his computer took 45 minutes for his hard disk to stop running and his computer frooze. Me with my 15 years of superficial computer experience assummed it was too much trialware installed and perhaps auto-defrag. Ever since I disabled auto-defrag my hard disk runs for short intervals and then stops. Beforehand it would run for hours at a time. I am not on here to lie about stuff, but you have been rude to me since the thread I started about driver maxpro almost assuming I am an idiot or something. I will stop giving my two cents if confuses people. rolleyes

 

Joe, I have used autoruns. I could not make much sense of it, even though I tried following instructions on bleeping computer.
Here is a text file of Autoruns > everything.

I have also attached the Autonruns >logon text file.

I know I have to uncheck the boxes. The question is which ones do I check and which ones I don't. Also I have doubts whether the 'Everything' tab is the correct one for my purpose?

Zune by the way is the software for windows phone. I don't need it to launch at start up.

 

You might want to run a check on your hard drive to ensure that it's running at full speed: http://winhlp.com/node/10#cyipm < Section 5 only for all drives to begin with.

I prefer working with an Autoruns.ARN, it's the native output and is much easier to read when opened directly with Autoruns. The following method runs a number of checks and lists only the unsigned Windows entries plus all non-Windows entries and allows direct checking of any Virustotal 'positives'.

Run Autoruns as Administrator, once it starts, hit Esc to stop the scanning, from the File > Options menu, select only the following:
Hide Empty Locations
Hide Windows Entries
From the File > Options > Scan Options menu:
Verify Code Signature
Check VirusTotal.com
Submit Unknown Images.

Click the Refresh icon or press F5 for the scan to restart and any uploading to VirusTotal to begin. Allow time for any VirusTotal results to be returned, check the VirusTotal column, right side of the main panel, for progress, each entry should contain a x/xx (eg. 0/57, number of positives/number of scanners used).

Once data checks are complete, File > Save As > Autoruns.ARN (the default file type), zip that saved file (Send to > Compressed folder from the mouse right-click menu) and then the Autoruns.zip can be uploaded and attached to a reply for checking.

For more info and uses of Autoruns, see here: http://www.howtogeek.com/school/sysinternals-pro/lesson6/all/

 

Yeah it was my bad for not reading the thread in its entirety.

He said he has plenty of it installed but it does not bother him.

He uses a standalone program for defragmentation. I am not sure if auto-defrag is good or bad, although I side with bad due to all the read and write instructions of reformatting the disk, because that is what defrag is all about getting bits of data and putting them together so they are easier to read. If the system keeps doing that constantly it wears down the HDD making it break down faster and the computer is over-worked meaning less resources for other purposes. I know most experts disagree with me, but I have burned down 2 HDD in past cause of too many defrags and too many ghost files pilling up. I have been using a UPS so I doubt HDD burn down after 2 years because of bad voltage.

I don't believe my opinions are wrong. Perhaps off-topic in relation to how the thread evolved over time, but still general knowledge that I have learned from practical experience.

I think this is the only site where experts discourage users from updating their drivers as often as possible. I come from a gaming background and manufacturers and gamers ALWAYS tell people to keep their drivers updated.

Sure they may discourage auto driver update programs becaue occassionally they provide 1 or 2 bad drivers out of 20 to 30 needed per pc, but that is not "trash" as you stated. DriverMax Pro currently has 14,534,550 downloads from cnet alone. And the software has accumulated a 4.5 star average out of 5 stars. In any case yes it has been a little frustrating for me to remove artista virtual driver but I am thinking of doing a monitered install and then monitered uninstall.
http://download.cnet.com/DriverMax/3000-18513_4-10572602.html

 

Satrow, before receiving your message I had already followed Joe's advise to use Autoruns>Tools>Logon and unchecked all start up boxes barring one. I also uninstalled Folder Lock, since I wasn't using it.
The results this morning when I started up the laptop are better than before. I am still not 100% certain everything is perfect, and intend to wait another day or two before giving you the result.

Now to your advice. Since I've unchecked the startup programs via Autoruns, do you still want me to go through the above? I am pretty sure you want me to check the HD speed, and I'll proceed with that. My question is more to do with Autoruns and Total Virus. Though I suspect it shouldn't make a difference, but better safe than sorry.

 

I am unable to follow the advice given to check the DMA mode as described in the link, simply because I cannot locate the Settings mentioned for IDE ATAPI as given in the article.

I followed the following steps and am sending the pictures I took, so you might be able to take this a step further.

Control Panel > Device manager > IDE ATA/ ATAPI controllers

Here are the attachments of Advanced Settings Tab in Channel 0, Channel 1, and Channel 4. These mention DMA.

My system is Windows 7 64 bit.

 

DMA looks fine, 2 drives installed, both running at DMA 5.

When it comes to Autoruns, there's a lot more than just the Logon tab to check.

 

Thanks Joe and Satrow. I am attaching the autorun.arn file
You guys have been absolutely great.

 

Autoruns output looks pretty good.

Think carefully about what software you actually need installed and how many auto running updaters you need, if you only need a particular piece of software 2/3 times a year, uninstall it and download a fresh version only when you really need it if you can't find a safer alternative.

Do you really need Java, ARM and CyberGhost/HSS? The first 2 are a magnet for malware exploits, especially when Java plugins are active in browsers and are rarely needed at all for most people, the latter I've seen implicated in BSODs a number of times.

The fewer updaters you have, the faster the machine will become fully responsive - consider removing them all and dedicating half an hour or so each week to manually checking for updates.

 

I'd only like to keep the minimum important auto updates. Would that mean only Windows updates/Microsoft Office? As a rule I've been allowing updates to softwares thinking they would lead to bug improvements. Guess I was wrong.

I only need Java because sometimes browsers/websites ask for Java Installations. I normally visit social sites or news sites. If there is a warning about a website through the browser/antivirus I never open it. So I am careful to that extent.
Cyberghost I'd like to keep as a VPN. Of course you might want to recommend something else. Free only.

What program do you recommend for checking updates? Can you send a link to the procedure so I do not bungle things up?

One last thing: last week I downloaded WPS Office (free) from KingSoft. Possibly it has mucked up my MS Office settings and I end up opening the configuration/installer each time I open a word document. Would you recommend something now or advise me to open a new thread?

Thanks Satrow and Joe. I am happy to report that today also at startup my laptop performed much better, and I was able to start work normally. MajorGeek is the best resource for us non techies. I have no doubt about it.
I shall be going through the advise above. Please feel free to tell me more, so I maintain my laptop better.

 

Joe, just saw your message. Okay I'll be uninstalling Java Runtime.

Even a couple of days ago, I tried opening up various programs and disabling the autoupdater. I believe the makers of the software have such different formats that people like me get lost in just locating the right button and eventually give up or uninstall the software. My question is; should I use a software to disable the auto updaters?

 

I've uninstalled Java using Revo. (btw, I could not find Java in Autoruns >Logon )

As to Adobe updater, I went into service.msc by searching for it. I found the Adobe Updater. It is currently sent to 'Automatic.' The other option it gives me is to either 'Stop' or 'Restart' the service. There is no option for 'Disable.' That has made me doubt whether I'm in the correct area. I'm sending you an image to confirm this.

 

Done. Thanks.

So do I move on to the BlackVipers advice NOW. Or is there something else? Let me know. Thanks Joe, your assistance has been invaluable, and super fast.