CloseProcesses: CreateRestorePoint: ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX32.dll -> No File SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKU\S-1-5-21-4135327567-4282227739-3352556458-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae64.sys [X] 2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\Users\Hong Meiling\AppData\Roaming\IObit 2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\Users\Hong Meiling\AppData\LocalLow\IObit 2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\ProgramData\ProductData 2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter 2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\Program Files (x86)\IObit 2017-06-05 22:51 - 2017-03-17 12:31 - 00026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys 2017-06-05 22:50 - 2017-06-05 22:51 - 00000000 ____D C:\ProgramData\IObit 2017-06-05 22:50 - 2017-06-05 22:50 - 40741560 _____ (IObit ) C:\Users\Hong Meiling\Downloads\IObit-Malware-Fighter-Setup.exe 2016-02-18 18:52 - 2016-02-18 18:52 - 0000056 _____ () C:\Users\Hong Meiling\AppData\Local\Temp\325dce9ee48047a71d143c2b78f950b8.dll 2016-02-18 18:52 - 2016-02-18 18:52 - 0000512 _____ () C:\Users\Hong Meiling\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll 2013-08-04 23:15 - 2013-08-04 23:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\Hong Meiling\AppData\Local\Temp\bdfilters.dll 2014-02-02 22:32 - 2014-02-02 22:32 - 1500184 _____ (Bandisoft) C:\Users\Hong Meiling\AppData\Local\Temp\BDMPEG1SETUP.EXE 2016-03-25 09:41 - 2016-03-25 15:40 - 0041984 _____ () C:\Users\Hong Meiling\AppData\Local\Temp\ddxx_MesHoooooook.dll 2015-11-05 07:29 - 2015-11-05 07:29 - 25104376 _____ (ArenaNet) C:\Users\Hong Meiling\AppData\Local\Temp\Gw2.exe 2015-09-21 21:49 - 2015-09-21 21:53 - 0253952 _____ (TechArts Inc.) C:\Users\Hong Meiling\AppData\Local\Temp\inst.exe 2017-02-04 20:17 - 2017-02-04 20:17 - 0739904 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-04-20 06:49 - 2017-04-20 06:49 - 0739904 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u131-windows-au.exe 2015-07-18 07:20 - 2015-07-18 07:20 - 0563808 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u51-windows-au.exe 2015-08-29 13:00 - 2015-09-04 21:41 - 0585824 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u60-windows-au.exe 2015-12-04 22:50 - 2015-12-04 22:50 - 0585824 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u66-windows-au.exe 2016-01-28 07:14 - 2016-01-28 07:14 - 0644704 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u71-windows-au.exe 2015-07-26 12:07 - 2015-07-26 12:07 - 0948120 _____ (Nexon) C:\Users\Hong Meiling\AppData\Local\Temp\NGMDll.dll 2015-07-26 12:07 - 2015-07-26 12:07 - 0294912 _____ (Nexon) C:\Users\Hong Meiling\AppData\Local\Temp\NGMResource.dll 2015-06-26 21:19 - 2017-02-23 01:17 - 0754168 _____ (NVIDIA Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\nvSCPAPI.dll 2015-08-31 18:38 - 2015-08-25 07:08 - 1370144 _____ (NVIDIA Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\nvSCPAPI64.dll 2016-05-19 00:06 - 2016-05-09 16:26 - 0426040 _____ (NVIDIA Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\nvSCPAPISvr.exe 2015-08-16 00:05 - 2017-02-23 01:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\nvStInst.exe 2015-10-27 17:47 - 2016-05-09 20:26 - 45198968 _____ (Skype Technologies S.A.) C:\Users\Hong Meiling\AppData\Local\Temp\SkypeSetup.exe 2015-07-26 12:07 - 2015-07-26 12:07 - 0258352 _____ (Microsoft Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\unicows.dll 2015-11-18 21:10 - 2015-11-18 21:10 - 0065280 _____ () C:\Users\Hong Meiling\AppData\Local\Temp\utils.dll 2017-03-03 02:53 - 2017-03-15 18:08 - 14456872 _____ (Microsoft Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\vc_redist.x86.exe 2015-12-04 22:53 - 2015-12-04 22:53 - 0833504 _____ (Yahoo! Inc.) C:\Users\Hong Meiling\AppData\Local\Temp\ytb.exe CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" Emptytemp: