Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


What's up ?

  • This topic is locked This topic is locked
2 replies to this topic

#1 datwin-bordo


  • Banned
  • 60 posts
  • Local time:06:09 PM

Posted 10 August 2017 - 05:30 AM

Hi all,


i'm Jonathan, 28 years, i have two multi-accounts on Bleeping Computer,


1) please help me to uninstall sweetPage and IObit Malware Fighter, and iObit Smart Defrag,


2) get up stand up, and i until today on my emig-tea account here assisted on thèses 4 topics for my sd cards/usb keys/two computers/zalman zm-ve350/network drives:






3) cyberlink releases the brand new freeware photodirector 9 essentials on september/october 2017 same time with w10 redstone 3/fall creators update, the admins of cyberlink's support announce that on this topic on cyberlink's forum:


[PiX the admin of CyberLink's support]

CyberLink usually releases new versions of PhotoDirector, PowerDirector ColorDirector & AudioDirector in September/October of each year.

in september/october 2017, if i install this new cyberlink photodirector 9 essentials on curious 3rd party site, and his installer of photodirector 9 installs Advanced SystemProtector and babylon Toolbar and AwesomeHP because pre-checked, and then makes 33 alerts of my Ad-Aware Total Security, i go to BleepingComputer forums here to fix/disinfect this


4) and i have big bug on installed the brand new Wondershare Video Converter Ultimate, i go to reinstall that now


5) wondershare and iskysoft are legitimous brands, i go to keep filmora and imedia Converter Deluxe,

i decided to upload wondershare/iskysoft helper compact to virustotal (ok) now

wondershare virustotal: https://www.virustotal.com/fr/file/8733bd2c7827f171f14b61e49a374df0573b9cf7040a4cde3b28428d80604a6d/analysis/

iSkysoft virustotal: https://www.virustotal.com/fr/file/e10b29395d80f59acc0202889e3acd85c10c2390c5a6f61528edd3f2f399d064/analysis/


6) on my Windows 7 Acer Aspire One laptop i have instantly bsod at every normal boot mode, makes go to stay me on safe mode


7) i want also to uninstall Pinnacle Studio and PC SpeedUp, and others RegCleanpro/Corel affiliâtes softwares


8) i makes thèses lasts days installs on download folder "pc optimizer pro" and then on this "pc optimizer pro" folder installed anvisoft applications, is bad theory and intuitions for me


9) question:

when releases a Windows version of Firefox focus ?


10) i ran yesterday on compaq destop pc SpyHunter by Enigma Software Group and MBAM on all drives zalman zm-ve350, wintobootic/Windows 2go sandisk reversible drive, fold-it customusb multiboot sardu drive, desktop pc (C:/), portableapps carbide datashur (& his eset drive security folder), memtest86/frama asso/frama salix/Ubuntu mate live usb keys, all pluggedon this compaq pc, and now at bottom of this post the frst, mbam, adwcleaner, remediate vbs, tweaking com and etc... logs attached; thanks;

frst via cjoint http://www.cjoint.com/c/GHkkvhbUJFH

addition cjoint http://www.cjoint.com/c/GHkkwidetYH

shortcut cjoint http://www.cjoint.com/c/GHkkxjIrGtH

Windows repair cjoint http://www.cjoint.com/c/GHkktqsdVCH

rem vbs cjoint http://www.cjoint.com/c/GHkkypdFV2H

fixlog: http://www.cjoint.com/c/GHkkzEEYG3H

mbam complete custom scan august 9th & 10th, 2017: http://www.cjoint.com/c/GHkkBAe0zJH





Mod Edit:  Pasted FRST data into post - Hamluis.

Résultats de correction de Farbar Recovery Scan Tool (x86) Version: 06-08-2017
Exécuté par widen-finalis (07-08-2017 20:11:43) Run:1
Exécuté depuis C:\Users\widen-finalis\Desktop
Profils chargés: widen-finalis (Profils disponibles: widen-finalis & Acronis Agent User)
Mode d'amorçage: Safe Mode (with Networking)


fixlist contenu:


HKLM\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\RunOnce: [mb-runtask] => [X]
GroupPolicy: Restriction <==== ATTENTION
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll => Pas de fichier
CHR HKLM-x32\...\Chrome\Extension: [cfmjkokphadmhbenfjjecfbhbbonbjcb] - hxxps://clients2.google.com/service/update2/crx
S2  AnviStartupTime; C:\Program Files\PC Optimizer Pro\Anvisoft\StartupBooster\StartupTimeSrv.exe [X]
S2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [X]
S2 AnviStartupTime; C:\Program Files\PC Optimizer Pro\Anvisoft\StartupBooster\StartupTimeSrv.exe [X]
S3 Diskeeper; "C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe" [X]
CustomCLSID: HKU\S-1-5-21-4265624635-2019933758-61733912-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1FDC8DC4-9468-D082-921D-ADEE85889A47} => Pas de fichier
CustomCLSID: HKU\S-1-5-21-4265624635-2019933758-61733912-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-4265624635-2019933758-61733912-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55434119-9468-D082-4FD1-32A485889A47} => Pas de fichier
ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
ContextMenuHandlers1: [DaemonShellExtImage] -> {40966797-8FFE-46C8-9EF8-7003F33CCF0F} =>  -> Pas de fichier
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll -> Pas de fichier
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> Pas de fichier
ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers2: [Auslogics Disk Defrag Professional Shell Context Menu 4.x] -> {CC89327D-D094-40B2-82CB-F989EE26FC51} =>  -> Pas de fichier
ContextMenuHandlers2: [DaemonShellExtDrive] -> {A5415364-784A-41A5-B47A-D452909CA8FF} =>  -> Pas de fichier
ContextMenuHandlers3: [Auslogics Disk Defrag Professional Shell Context Menu 4.x] -> {CC89327D-D094-40B2-82CB-F989EE26FC51} =>  -> Pas de fichier
ContextMenuHandlers3: [RSShellEx] -> {669E97EA-B566-410F-A33A-0EC20F234823} => C:\Program Files (x86)\Remo File Eraser 2.0\64\rsh64.dll -> Pas de fichier
ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers4: [Auslogics Disk Defrag Professional Shell Context Menu 4.x] -> {CC89327D-D094-40B2-82CB-F989EE26FC51} =>  -> Pas de fichier
ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll -> Pas de fichier
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> Pas de fichier
ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll -> Pas de fichier
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> Pas de fichier
ContextMenuHandlers1_S-1-5-21-4265624635-2019933758-61733912-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers2_S-1-5-21-4265624635-2019933758-61733912-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers4_S-1-5-21-4265624635-2019933758-61733912-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers5_S-1-5-21-4265624635-2019933758-61733912-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
Task: {243C50DA-C0E0-47C1-B696-C3A29E4AB754} - \Auslogics\Disk Defrag Prof\Task {00000001-768F-4407-9F50-E9EADEE5F9F0} for jean- -> Pas de fichier <==== ATTENTION
Task: {80F8F6F7-AB06-4D42-8554-BCC6D3C5F35F} - \WiseCleaner\WJSSkipUAC -> Pas de fichier <==== ATTENTION
Task: {BF73AD02-7A9F-475E-95B0-7BF159E5BE86} - \Auslogics\Disk Defrag Prof\Task {00000001-B25E-476C-8612-71F182EB3FDE} for jean- -> Pas de fichier <==== ATTENTION
Task: {C4D5A7E0-11BD-4324-896C-753FAB0CA1DC} - \WiseCleaner\WMOSkipUAC -> Pas de fichier <==== ATTENTION
Task: {CE71B2D1-617A-47FC-B7F0-B9BE42E4ED22} - \Auslogics\Disk Defrag Prof\Task {00000001-BFBA-49BB-85C7-F7779F2C619C} for jean- -> Pas de fichier <==== ATTENTION


Error: Un point de restauration ne peut être créé qu'en mode normal.
Processus fermé avec succès.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => valeur non trouvé(e).
HKLM-x32\...\RunOnce: [] => [X] => Erreur: Pas de correction automatique trouvée pour cet élément.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => clé supprimé(es) avec succès

Attached Files

Edited by hamluis, 10 August 2017 - 05:51 AM.

BC AdBot (Login to Remove)


#2 datwin-bordo

  • Topic Starter

  • Banned
  • 60 posts
  • Local time:06:09 PM

Posted 10 August 2017 - 06:30 AM

12) on acer w7 laptop,  "eassos system restore image" partition (D:/) disk i have personnal data like videos, portable apps and docs like ebooks/pdf, that's not makes alterations of system image i make with eassos ?;

for that, i ran quickdiag script and usbfix, and now the logs:

quickscripts: http://www.cjoint.com/c/GHkln3YivPH

usbfix: http://www.cjoint.com/c/GHklmZfcf2H


13) and now the frst logs of august 10th of w7 laptop, and quickscripts and usbfix logs for D:/ eassos partition, and Xubuntu/multibootables Samsung nano 128/sandisk 16 gb reversible usb disks and all sd cards, at bottom of this reply here (by exception i use here cjoint.com to post here large logs):

impossible to upload: 4 Kb max. on replies directly here


replaced here by cjoint:

frst http://www.cjoint.com/c/GHklxXsefYH

addition http://www.cjoint.com/c/GHklyP6erxH

shortcut: http://www.cjoint.com/c/GHklzILijlH

roguekiller: http://www.cjoint.com/c/GHklAsbn4EH

screen capture of this topic's reply with uploads errors: -> : http://www.cjoint.com/c/GHklBgBzJ2H


14) you can read cjoint links on bleepingcomputer, is allowed


15) nxpowerlite (neuxpower) compress size of office, pdf, zip, JPG files but not txt, i have not intention to install nxpower because i try only upload txt here in bleeping computer (the logs is txt)



#3 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,320 posts
  • Gender:Female
  • Location:Romania
  • Local time:08:09 PM

Posted 10 August 2017 - 12:28 PM


This forum is used to assist you with malware removal (one topic per computer), its not an "all you can fix" solution for all possible computer problems you may have. So my question is: do you think your computer (the one you posted the log for) is infected and if so why? What malware symptoms do you have. 


As for all those programs you want to uninstall. While some of these may end up on your computer as part of free installers, have you tried to just remove them using Programs and Features.


Finally, if you post any topics that address the same computer, this topic will be closed and you will get no further chance of help at BleepingComputer. 


Please stop running tools and fixes on your own and stick to this topic only. If that is not possible I suggest you either find a way to fix the problems yourself or pay a repair shop to resolve them for you. 


In addition to providing the answers to my questions above, please run also a new FRST scan (with addition.txt checked) on the computer you suspect has malware problems and post both frst.txt and addition.txt here.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users