Jump to content

Recommended Posts

Hi,

The setting to Star immediately or on demand is set for each application.

I see a number of errors associated with Bitdefender in your Addition.txt log.

That is why I asked that your remove it see  my post in No. 24.

Restart the computer when done.

Do not reinstall it just yet.

Run the Farbar program and post fresh logs.

I need to see if the new logs will show that Windows defender and your Firewall are enabled.

 

 

Share this post


Link to post
Share on other sites

I can't seem to get rid of Bitdefender. I used their Uninstaller and ran Farbar again and the logs continue to claim that bitdefender is my AV. I see that others have encountered this issue with no clear answer on what course of action to take. Please advise!! I can continue to try to resolve this removal issue on my own but I'd rather wait for direction from you. 

Logs attached. 

Thank you. 

1578870861182_Addition.txt 1578870858714_FRST.txt

Share this post


Link to post
Share on other sites

Hi,

Download and run this tool.

Please download the free version of Revo Uninstaller Portable from here and save the compressed file to your computer's Desktop.

  • Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name);
  • Within that folder, right-click the file RevoUPort and select Run as administrator to open the tool;
  • Click Yes to accept the UAC security warning that may appear;
  • Click OK to accept the License Agreement and Copyright;
  • Select 'The Program to Remove' and click Uninstall. Follow the instructions to complete the removal process;
  • In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers;
  • Click on Select All and then on Delete and then Yes to delete the selected items;
    Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders);
  • Click the Finish button and restart the computer to complete the removal process.


<<<>>>

Let me know what problem persists.


 

.

Share this post


Link to post
Share on other sites

I cannot find any traces of Bitdefender. I ran the junk file scan as well and there are no entries for Bitdefender. 

Should I reinstall Bitdefender and then Uninstall using the bitdefender special Uninstaller and/or Revo? 

See screen shots. 

IMG_20200113_204839.jpg

IMG_20200113_205442.jpg

Share this post


Link to post
Share on other sites

Or perhaps use something like CCleaner or a registry cleaner of some sort (Little Reg Cleaner from Sourceforge)? 

Share this post


Link to post
Share on other sites

Hi,

Lets see what we can find in the Registry.
I can then give you a fix to remove it.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
Bitdefender
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Share this post


Link to post
Share on other sites
 
Farbar Recovery Scan Tool (x64) Version: 15-01-2020
Ran by skizz (16-01-2020 21:16:39)
Running from C:\FRST FarBar
Boot Mode: Normal

================== Search Registry: "Bitdefender" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D19631EE-4E47-4BA9-BA2E-C5FF909E2C61}\1.0\0\win32]
""="C:\Program Files\Bitdefender Agent\DiscoveryComp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D19631EE-4E47-4BA9-BA2E-C5FF909E2C61}\1.0\HELPDIR]
""="C:\Program Files\Bitdefender Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AMSI\Options]
"DisplayName"="Bitdefender AMSI Provider"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch]
"Bitdefender.AntivirusFree"="2"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"Bitdefender.AntivirusFree"="30"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\Bitdefender Antivirus Free\kitinstaller\bpinstaller.exe"="1"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"Bitdefender.AntivirusFree"="3"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Bitdefender.AntivirusFree]
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Bitdefender.AntivirusFree]
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Antivirus Free\supporttool.exe"="0x5341435001000000000000000700000028000000B0DA13001097140001000000000000000000000A73220000631F6E6F0EDED4010000000000000000"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Antivirus Free\bdagent.exe"="0x5341435001000000000000000700000028000000184518001BD4180001000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003E000000000000000100000001000000"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Agent\installer\installer.exe"="0x534143500100000000000000070000002800000060EB0C006CAB0D0003000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000012170000000000000200000002000000"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Antivirus Free\kitinstaller\bpinstaller.exe"="0x5341435001000000000000000700000028000000F8D31500D38E160003000000000000000000000A00210000631F6E6F0EDED4010000000000000000"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"P:\11. Downloads\Bitdefender_2019_Uninstall_Tool.exe"="0x53414350010000000000000007000000280000002018AC004CA6AC0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000FD3E0000000000000100000001000000"

====== End of Search ======
 
 
 

 

Share this post


Link to post
Share on other sites

Copy all the text IN THECODE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D19631EE-4E47-4BA9-BA2E-C5FF909E2C61}\1.0\0\win32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D19631EE-4E47-4BA9-BA2E-C5FF909E2C61}\1.0\HELPDIR]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AMSI\Options]
"DisplayName"=-
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch]
"Bitdefender.AntivirusFree"=-
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"Bitdefender.AntivirusFree"=-
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\Bitdefender Antivirus Free\kitinstaller\bpinstaller.exe"=-
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"Bitdefender.AntivirusFree"=-
[-HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Bitdefender.AntivirusFree]
[-HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Bitdefender.AntivirusFree]
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Antivirus Free\supporttool.exe"=-
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Antivirus Free\bdagent.exe"=-
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Agent\installer\installer.exe"=-
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Antivirus Free\kitinstaller\bpinstaller.exe"=-
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"P:\11. Downloads\Bitdefender_2019_Uninstall_Tool.exe"=-

Restart the computer when completed.

You can delete the fixme.reg file when done.

===

If you need Bitdefender install it.


 

Share this post


Link to post
Share on other sites

Will this only correct the Bitdefender Uninstall? 

What about the disabled Windows Firewall? And the bitcoin miner? Will those be fixed? 

Thank you for your help. 

Share this post


Link to post
Share on other sites

Failed. Please see below and attached. This was after registry update and reboot. 

 

 

Farbar Recovery Scan Tool (x64) Version: 15-01-2020
Ran by skizz (17-01-2020 22:27:26)
Running from C:\FRST FarBar
Boot Mode: Normal

================== Search Registry: "Bitdefender" ===========

[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\Bitdefender Antivirus Free\kitinstaller\bpinstaller.exe"="1"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Antivirus Free\supporttool.exe"="0x5341435001000000000000000700000028000000B0DA13001097140001000000000000000000000A73220000631F6E6F0EDED4010000000000000000"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Antivirus Free\bdagent.exe"="0x5341435001000000000000000700000028000000184518001BD4180001000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003E000000000000000100000001000000"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Agent\installer\installer.exe"="0x534143500100000000000000070000002800000060EB0C006CAB0D0003000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000012170000000000000200000002000000"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Bitdefender Antivirus Free\kitinstaller\bpinstaller.exe"="0x5341435001000000000000000700000028000000F8D31500D38E160003000000000000000000000A00210000631F6E6F0EDED4010000000000000000"
[HKEY_USERS\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"P:\11. Downloads\Bitdefender_2019_Uninstall_Tool.exe"="0x53414350010000000000000007000000280000002018AC004CA6AC0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000FD3E0000000000000100000001000000"

====== End of Search ======

1579329063820_FRST.txt 1579329064731_Addition.txt

Share this post


Link to post
Share on other sites

Please execute the fix in post no. 34.

Restart the computer when done.

Any remaining issues?

Share this post


Link to post
Share on other sites

I backed up my registry (export) and then I executed the fix you shared in #34 (fixme.reg). I received a report that the registry was updated successfully. I then rebooted.

 

I ran Farbar and also did a registry search and it appears that no changes were made. I shared the logs in my previous post. I will try again but I'm afraid that I will have the same results. 

 

Please advise. I will report back with outcome of a 2nd attempt to update the registry. Thank you. 

Share this post


Link to post
Share on other sites

I just want to restate that I already performed the fix you shared in #34. This was unsuccessful (as you will see in the logs). 

Share this post


Link to post
Share on other sites

I don't understand what changes you introduced in the fix from post #34. What were you hoping to achieve with the registry updates? Was I intended to take any other actions after those reg changes were made? 

Should I attempt to Uninstall Bitdefender again? Or attempt to Install again? 

Share this post


Link to post
Share on other sites

I tried the solution again with the same results. I am still unable to start Windows Firewall. I also see that bitdefender is listed as my current antivirus, even though it has been uninstalled.

Please advise. 

Share this post


Link to post
Share on other sites

Hi,

Hi,

Was Chrome Synced with other devices and did you reset it as suggested in post no. 10?

If not please do it now.
===

Lets remove all entries found in your logs.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start
	CreateRestorePoint:
CloseProcesses:
	(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
Task: {7D62088E-324C-4D84-99D0-A0A03D56116B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
S3 AtcHost; C:\Program Files\Bitdefender Antivirus Free\atchost.exe [1475272 2019-10-25] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-05-28] (Bitdefender SRL -> Bitdefender)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [238376 2019-11-27] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [288312 2019-12-20] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [238376 2019-11-27] (Bitdefender SRL -> Bitdefender)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1693368 2019-10-25] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [739024 2019-11-27] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309144 2019-11-27] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [564136 2019-11-27] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [188384 2019-04-25] (Bitdefender SRL -> BitDefender LLC)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [637112 2019-10-25] (Bitdefender SRL -> Bitdefender)
	Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.12.41 - Bitdefender)
	C:\Program Files\Bitdefender Agent
C:\Program Files\Bitdefender Antivirus Free
C:\WINDOWS\System32\DRIVERS\atc.sys
C:\WINDOWS\system32\DRIVERS\bddci.sys
C:\WINDOWS\System32\drivers\bdelam.sys
C:\WINDOWS\System32\DRIVERS\edrsensor.sys
C:\WINDOWS\System32\DRIVERS\gemma.sys
C:\WINDOWS\System32\drivers\gzflt.sys
C:\WINDOWS\System32\drivers\trufos.sys
	Reboot:
End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Restart the computer one more time.

Do not reinstall the application at this time.

How is the computer running  now.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.